Bug 1011768 - Entitlement cert doesnt contain value for "Brand type" and fail to create branded_name file when the cert version set to 1
Entitlement cert doesnt contain value for "Brand type" and fail to create br...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager (Show other bugs)
7.1
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: candlepin-bugs
John Sefler
:
Depends On:
Blocks: rhsm-rhel70
  Show dependency treegraph
 
Reported: 2013-09-25 02:12 EDT by Rehana
Modified: 2013-10-11 10:07 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-11 10:07:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rehana 2013-09-25 02:12:12 EDT
Description of problem:
Observed that for the client with cert version less than V3 was not getting Brand type value in the entitlement cert and also the file "branded_name" didnt get created on the client

Version-Release number of selected component (if applicable):
subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.8.28-1
subscription-manager: 1.10.2-1.git.20.340ef28.el7
python-rhsm: 1.10.2-1.git.4.3048ab5.el7


How reproducible:
3/3

Steps to Reproduce:
1.Set the "system.certificate_version" to 1 ex: echo '{"system.certificate_version":"1"}' > /etc/rhsm/facts/certversion.facts
2.Do a facts update
3.now auto-attach subscription 
4.[root@localhost pki]# subscription-manager attach --auto
Installed Product Current Status:
Product Name: Awesome OS Server Bits
Status:       Subscribed

[root@localhost pki]# cd entitlement/
[root@localhost entitlement]# rct cc 3617287459656864889.pem |more

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: 3617287459656864889.pem
	Version: 1.0
	Serial: 3617287459656864889
	Start Date: 2013-09-25 00:00:00+00:00
	End Date: 2014-09-25 00:00:00+00:00
	Pool ID: Not Available

Subject:
	CN: 8ac6a36241539ee4014153b0f24a152e

Issuer:
	C: US
	CN: 10.70.35.226
	L: Raleigh

Product:
	ID: 37060
	Name: Awesome OS Server Bits
	Version: 6.1
	Arch: ALL
	Tags: 
	Brand Type:   ----->> no value

Order:
	Name: Awesome OS with unlimited virtual guests
	Number: order-8675309
	SKU: awesomeos-virt-unlimited
	Contract: 1
5. Verify the branded_name file
[root@localhost entitlement]# cat /var/lib/rhsm/branded_name 
cat: /var/lib/rhsm/branded_name: No such file or directory


Actual results:
Observed that the entitlement cert did nt had the brand type value, and the branded_name file didnt get created

Expected results:
Should contain the value for brand type and branded_name file should be created regardless of the certificate version

Additional info:
rhsm.log (branding log)
2013-09-25 11:26:47,792 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:47,794 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:47,795 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:47,795 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:47,802 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:47,802 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/certificates/serials
2013-09-25 11:26:48,020 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:48,021 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:48,021 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:48,022 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:48,022 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:48,023 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/certificates?serials=3617287459656864889
2013-09-25 11:26:48,182 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:48,209 [DEBUG]  @entbranding.py:47 - BrandInstaller ent_certs:  [3617287459656864889L]
2013-09-25 11:26:48,210 [DEBUG]  @certdirectory.py:204 - Installed product IDs: ['37060']
2013-09-25 11:26:48,210 [DEBUG]  @rhelentbranding.py:124 - 0 entitlement certs with brand info found
2013-09-25 11:26:48,210 [INFO]  @certlib.py:244 - certs updated:
Total updates: 1
Found (local) serial# []
Expected (UEP) serial# [3617287459656864889]
Added (new)
  [sn:3617287459656864889 (Awesome OS Server Bits,) @ /etc/pki/entitlement/3617287459656864889.pem]
Deleted (rogue):
  <NONE>
2013-09-25 11:26:48,238 [DEBUG]  @certdirectory.py:204 - Installed product IDs: ['37060']
2013-09-25 11:26:48,238 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:48,240 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/compliance
2013-09-25 11:26:48,383 [DEBUG]  @connection.py:460 - Response status: 200

Retested the above scenario with cert version 3.2, observed that the brand type value  was present in the entitlement file, and the branded_name file was created
Comment 1 Bryan Kearney 2013-10-11 10:07:24 EDT
Branding is a cert v3 feature. RHEL7 should only be using certv3. I am fine with this as is.

Note You need to log in before you can comment on or make changes to this bug.