Bug 1030473 - Add support for reading entitlements from a Red Hat v3 content/entitlement certificate
Add support for reading entitlements from a Red Hat v3 content/entitlement ce...
Status: CLOSED ERRATA
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA (Show other bugs)
2.1.2
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2.1.3
Assigned To: John Matthews
mkovacik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-14 09:12 EST by John Matthews
Modified: 2013-12-17 15:11 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
This update adds the ability for RHUA to read a Red Hat v3 entitlement certificate. Red Hat is moving to a 'v3' version of encoding entitlement data in a certificate because the 'v3' format allows more entitlement data to be stored. Customers are now able to input a Red Hat v1 or v3 entitlement certificate into RHUA and the entitlements will be read correctly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-17 15:11:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Matthews 2013-11-14 09:12:10 EST
Description of problem:

We want to allow rhui-manager to read in a Red Hat v1 or v3 content certificate.
Note: At this point we are not looking to update the RHUI generated certificates to the Red Hat v3 format, we are only focused on allowing rhui-manager to consume a v3 certificate.  rhui-manager will not be generated v3 certificates, therefore the pulp repo_auth code will not be modified to support v3 certificates.


Steps to Reproduce:
1. Create a Red Hat v3 certificate by using subscription-manager
2. subscription-manager register --username=USERNAME --password=PASSWORD  --type=RHUI
3. subscription-manager list --available
   Find the pool ID
4. subscription-manager subscribe --pool 8a85f9843baf5f8d013c01634aea1a67
5. Grab the cert info from: /etc/pki/entitlement
6. Use that generated cert with "rhui-manager cert upload --cert"


Actual results:
 Prior to change, cert would fail to parse

Expected results:
 Cert will parse successfully.
 rhui-manager will discover all the entitlements.
 rhui-manager will successfully synchronize repositories, i.e. sync will passed into pulp as the --feed cert and will pull down content from the CDN.

 rhui-manager will continue to generate v1 certificates to CDS/clients.
 No regressions are seen, i.e. clients will be able to use their v1 certificates to download content from the CDS.

Additional info:
Comment 2 John Matthews 2013-11-18 10:35:02 EST
RHEL-6.4-RHUI-2.1.3-20131118.1-Server-x86_64-DVD1.iso
Comment 3 Vitaly Kuznetsov 2013-11-19 08:51:30 EST
Verified.

One addition should be made to test sequence from Description: subscription-manager places cert and key files separate. To use the cert with RHUI these two files should be concatenated together.

[root@rhua ~]# subscription-manager register --username=qa@redhat.com --type=RHUI
Password: 
The system has been registered with id: b1300fd1-3d72-4d1d-a429-8bb4454ba22b 
[root@rhua ~]# subscription-manager list --available
+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+
Subscription Name:    	Red Hat Enterprise Linux for Cloud Providers, Partner Enablement, Premium
SKU:                  	MCT2042
Pool Id:              	8a85f9833cf49557013cff5f45dc309b
Quantity:             	985
Service Level:        	Premium
Service Type:         	L1-L3
Multi-Entitlement:    	No
Ends:                 	02/21/2014
System Type:          	Physical

[root@rhua ~]#  subscription-manager subscribe --pool 8a85f9833cf49557013cff5f45dc309b

[root@rhua ~]# rhui-manager cert upload --cert /etc/pki/entitlement/7383701223906849095.pem 
Red Hat Entitlements

  Valid
    Red Hat Enterprise Linux 5 Server - Supplementary Beta from RHUI (Debug RPMs)
    Expiration: 02-22-2014     Certificate: 7383701223906849095.pem

    Red Hat Enterprise Linux 5 Server - Supplementary Beta from RHUI (RPMs)
    Expiration: 02-22-2014     Certificate: 7383701223906849095.pem

    Red Hat Enterprise Linux 5 Server - Supplementary Beta from RHUI (Source RPMs)
    Expiration: 02-22-2014     Certificate: 7383701223906849095.pem
....
....

Repo sync with v3 cert succeeded as well.
Comment 5 errata-xmlrpc 2013-12-17 15:11:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1854.html

Note You need to log in before you can comment on or make changes to this bug.