Description of problem: The install-num-migrate-to-rhsm tool (which is only applicable on RHEL5) fails to choose the appropriate product cert from subscription-manager-migration-data-2.0. The reason is because subscription-manager-migration-data-2.0 is a collection of product certs from multiple releases of RHEL both past and present which is different than the logic that was used to assemble subscription-manager-migration-data-1.0. The install-num-migrate-to-rhsm tool appears to randomly choose the first possible product cert and installs it regardless if the product certs applies to RHEL5 or RHEL6 or matches the redhat-release. Version-Release number of selected component (if applicable): [root@jsefler-5 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.11 Beta (Tikanga) [root@jsefler-5 ~]# rpm -q python-rhsm subscription-manager-migration subscription-manager-migration-data python-rhsm-1.11.3-2.git.0.5968608.el5 subscription-manager-migration-1.11.3-1.git.12.94c021f.el5 subscription-manager-migration-data-2.0.7-1.git.0.4fc617f.el5 How reproducible: Steps to Reproduce: [root@jsefler-5 ~]# install-num-migrate-to-rhsm --dryrun --instnumber=000000890017fc00 Installing /usr/share/rhsm/product/RHEL-5/Server-Server-x86_64-06e8bd9df3f0-69.pem to /etc/pki/product/69.pem [root@jsefler-5 ~]# rct cat-cert /usr/share/rhsm/product/RHEL-5/Server-Server-x86_64-06e8bd9df3f0-69.pem | grep Tags: -B5 Product: ID: 69 Name: Red Hat Enterprise Linux Server Version: 6.5 Arch: x86_64 Tags: rhel-6,rhel-6-server BANG! Installing a RHEL6.5 product cert onto a RHEL5.11 Server is a bad choice! Because the tags are wrong, an entitlement from a RHEL subscription repo will grant this system access to the wrong content sets. Additional info: [root@jsefler-5 ~]# python /usr/lib/python2.4/site-packages/instnum.py 000000890017fc00 | egrep "^{.*}$" {'Virt': 'VT', 'Base': 'Server'} [root@jsefler-5 ~]# ls -C1 /usr/share/rhsm/product/RHEL-5/ | egrep "^Server-(Server|VT)-x86_64-.*-69.pem" Server-Server-x86_64-00109b956e23-69.pem Server-Server-x86_64-06e8bd9df3f0-69.pem Server-Server-x86_64-23d36f276d57-69.pem Server-Server-x86_64-323beb20e916-69.pem Server-Server-x86_64-a515006cc2b2-69.pem Server-Server-x86_64-e774841f1bf0-69.pem Server-Server-x86_64-f2915f6444f4-69.pem ^^ These are all of the potential product certs to be installed given installation number 000000890017fc00. Realizing that only one 69.pem product cert can be installed, let's take a closer look at the candidates.... [root@jsefler-5 RHEL-5]# cd /usr/share/rhsm/product/RHEL-5/; for f in $(ls -C1 /usr/share/rhsm/product/RHEL-5/ | egrep "^Server-(Server|VT)-x86_64-.*-69.pem"); do echo $f; rct cat-cert $f | grep Tags -B2; done; Server-Server-x86_64-00109b956e23-69.pem Version: 5.10 Beta Arch: x86_64 Tags: rhel-5,rhel-5-server Server-Server-x86_64-06e8bd9df3f0-69.pem Version: 6.5 Arch: x86_64 Tags: rhel-6,rhel-6-server Server-Server-x86_64-23d36f276d57-69.pem Version: 6.3 Arch: x86_64 Tags: rhel-6,rhel-6-server Server-Server-x86_64-323beb20e916-69.pem Version: 6.4 Beta Arch: x86_64 Tags: rhel-6,rhel-6-server Server-Server-x86_64-a515006cc2b2-69.pem Version: 5.8 Arch: x86_64 Tags: rhel-5,rhel-5-server Server-Server-x86_64-e774841f1bf0-69.pem Version: 6.5 Beta Arch: x86_64 Tags: rhel-6,rhel-6-server Server-Server-x86_64-f2915f6444f4-69.pem Version: 7.0 Arch: x86_64 Tags: rhel-7,rhel-7-server Among these candidates, Server-Server-x86_64-00109b956e23-69.pem is the best choice because... 1. It has a rhel-5 product tag 2. Its version, 5.10 Beta, is the newest. Note: a 5.11 product cert matching the redhat-release would be best, but is blocked by bug 1080072
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Removed the tool from rhel5.11
commit 2bc51dd501b5d63cd04933462bda88e03eb78572 Author: ckozak <ckozak> Date: Thu May 22 16:01:37 2014 -0400 1092754: 1094879: Remove install-num-migrate-to-rhsm tool Remove 'install-num*' special case in make stylish Update README.Fedora to remove ref to install-num-migrate-to-rhsm.
As discussed above, a decision was made to remove install-num-migrate-to-rhsm from the subscription-manager package due to low usage rather than make it compatible with the format of the new subscription-manager-migration-data-2.0 package. Verifying Version... [root@jsefler-5 ~]# rpm -q subscription-manager subscription-manager-1.11.3-5.el5 [root@jsefler-5 ~]# rpm -ql subscription-manager | grep install-num-migrate-to-rhsm [root@jsefler-5 ~]# man install-num-migrate-to-rhsm No manual entry for install-num-migrate-to-rhsm [root@jsefler-5 ~]# install-num-migrate-to-rhsm -bash: install-num-migrate-to-rhsm: command not found [root@jsefler-5 ~]# As demonstrated, the install-num-migrate-to-rhsm has been removed. Moving to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1225.html