Red Hat Bugzilla – Bug 1267034
if system is registered with a consumer cert for different serverurl, select_sla screen shows error and fails
Last modified: 2015-11-19 06:51:06 EST
Description of problem:
If a system is registered to server url A, but initial-setup starts with rhsm configured to use server url B, (where current consumer does not work and causes invalid credentials), the screen will move to the select_sla's pre() function
(ie, talking to the server and trying to figure entitlements are needed), we
show a error message but stay on the select_sla's pre progress screen.
Since without supporting un-register or re-register, there is no way to fix this, so instead we should show the error and go to the end screen.
In master as of commit: f508338da8107d339b0bdb854c42bffd696c9465
Author: Adrian Likins <email@example.com>
Date: Mon Sep 28 18:03:25 2015 -0400
1267034: Handle 401 with cert based auth
If we got here with an unexcepted RestlibException,
nothing would signal that the attach was finished
(in the sense that there is nothing else it can do).
In particular, 401's that have a valid candlepin
error response. Which could happen if you have the
CA certs for current serverurl, but have a valid consumer
cert from a different server, and you fail the consumer
cert auth check.
I installed the following:
[root@rh72-stoner-snap4 consumer]# rpm -qa | grep subscription
I registered a system on a private candlepin instance. I then went into rhsm.conf, and changed the server hostname to point to the regular production subscription.rhn.redhat.com
I then launched initial-setup, and it hung during attaching trying to find suitable service levels (see bz1267034.png). So I believe I was able to reproduce the same issue.
I then changed rhsm.conf to allow me to unregister, and updated the rpms to 1.15.9-13. I followed the same steps as above, but instead of hanging at the auto attach while trying to find suitable service levels, I was presented with an error during registration (see bz126704-withfix.png).
Created attachment 1080322 [details]
contains 2 pngs, one of error before fix, one of error after fix
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.