RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1267034 - if system is registered with a consumer cert for different serverurl, select_sla screen shows error and fails
Summary: if system is registered with a consumer cert for different serverurl, select_...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: candlepin-bugs
QA Contact: Sean Toner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-28 21:21 UTC by Adrian Likins
Modified: 2015-11-19 11:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 11:51:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
contains 2 pngs, one of error before fix, one of error after fix (170.80 KB, application/x-gzip)
2015-10-06 17:31 UTC, Sean Toner 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2122 0 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2015-11-19 10:31:14 UTC

Description Adrian Likins 2015-09-28 21:21:03 UTC 
Description of problem:
If a system is registered to server url A, but initial-setup starts with rhsm configured to use server url B, (where current consumer does not work and causes invalid credentials), the screen will move to the select_sla's pre() function
(ie, talking to the server and trying to figure entitlements are needed), we
show a error message but stay on the select_sla's pre progress screen.

Since without supporting un-register or re-register, there is no way to fix this, so instead we should show the error and go to the end screen.
Comment 2 Chris Snyder 2015-09-30 15:18:59 UTC 
In master as of commit: f508338da8107d339b0bdb854c42bffd696c9465
Comment 3 Chris "Ceiu" Rog 2015-09-30 18:06:49 UTC 
commit f508338da8107d339b0bdb854c42bffd696c9465
Author: Adrian Likins <alikins>
Date:   Mon Sep 28 18:03:25 2015 -0400

    1267034: Handle 401 with cert based auth
    
    If we got here with an unexcepted RestlibException,
    nothing would signal that the attach was finished
    (in the sense that there is nothing else it can do).
    
    In particular, 401's that have a valid candlepin
    error response. Which could happen if you have the
    CA certs for current serverurl, but have a valid consumer
    cert from a different server, and you fail the consumer
    cert auth check.
Comment 5 Sean Toner 2015-10-06 17:30:12 UTC 
I installed the following:

[root@rh72-stoner-snap4 consumer]# rpm -qa | grep subscription
subscription-manager-initial-setup-addon-1.15.9-12.el7.x86_64
subscription-manager-1.15.9-12.el7.x86_64
subscription-manager-migration-1.15.9-12.el7.x86_64
subscription-manager-gui-1.15.9-12.el7.x86_64
subscription-manager-plugin-ostree-1.15.9-12.el7.x86_64
subscription-manager-plugin-container-1.15.9-12.el7.x86_64
subscription-manager-migration-data-2.0.24-1.el7.noarch


I registered a system on a private candlepin instance.  I then went into rhsm.conf, and changed the server hostname to point to the regular production subscription.rhn.redhat.com

I then launched initial-setup, and it hung during attaching trying to find suitable service levels (see bz1267034.png).  So I believe I was able to reproduce the same issue.

I then changed rhsm.conf to allow me to unregister, and updated the rpms to 1.15.9-13.  I followed the same steps as above, but instead of hanging at the auto attach while trying to find suitable service levels, I was presented with an error during registration (see bz126704-withfix.png).
Comment 6 Sean Toner 2015-10-06 17:31:29 UTC 
Created attachment 1080322 [details]
contains 2 pngs, one of error before fix, one of error after fix
Comment 7 errata-xmlrpc 2015-11-19 11:51:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2122.html
Note You need to log in before you can comment on or make changes to this bug.