Bug 1267034 - if system is registered with a consumer cert for different serverurl, select_sla screen shows error and fails
if system is registered with a consumer cert for different serverurl, select_...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: candlepin-bugs
Sean Toner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-28 17:21 EDT by Adrian Likins
Modified: 2015-11-19 06:51 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 06:51:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
contains 2 pngs, one of error before fix, one of error after fix (170.80 KB, application/x-gzip)
2015-10-06 13:31 EDT, Sean Toner
no flags Details

  None (edit)
Description Adrian Likins 2015-09-28 17:21:03 EDT
Description of problem:
If a system is registered to server url A, but initial-setup starts with rhsm configured to use server url B, (where current consumer does not work and causes invalid credentials), the screen will move to the select_sla's pre() function
(ie, talking to the server and trying to figure entitlements are needed), we
show a error message but stay on the select_sla's pre progress screen.

Since without supporting un-register or re-register, there is no way to fix this, so instead we should show the error and go to the end screen.
Comment 2 Chris Snyder 2015-09-30 11:18:59 EDT
In master as of commit: f508338da8107d339b0bdb854c42bffd696c9465
Comment 3 Chris "Ceiu" Rog 2015-09-30 14:06:49 EDT
commit f508338da8107d339b0bdb854c42bffd696c9465
Author: Adrian Likins <alikins@redhat.com>
Date:   Mon Sep 28 18:03:25 2015 -0400

    1267034: Handle 401 with cert based auth
    
    If we got here with an unexcepted RestlibException,
    nothing would signal that the attach was finished
    (in the sense that there is nothing else it can do).
    
    In particular, 401's that have a valid candlepin
    error response. Which could happen if you have the
    CA certs for current serverurl, but have a valid consumer
    cert from a different server, and you fail the consumer
    cert auth check.
Comment 5 Sean Toner 2015-10-06 13:30:12 EDT
I installed the following:

[root@rh72-stoner-snap4 consumer]# rpm -qa | grep subscription
subscription-manager-initial-setup-addon-1.15.9-12.el7.x86_64
subscription-manager-1.15.9-12.el7.x86_64
subscription-manager-migration-1.15.9-12.el7.x86_64
subscription-manager-gui-1.15.9-12.el7.x86_64
subscription-manager-plugin-ostree-1.15.9-12.el7.x86_64
subscription-manager-plugin-container-1.15.9-12.el7.x86_64
subscription-manager-migration-data-2.0.24-1.el7.noarch


I registered a system on a private candlepin instance.  I then went into rhsm.conf, and changed the server hostname to point to the regular production subscription.rhn.redhat.com

I then launched initial-setup, and it hung during attaching trying to find suitable service levels (see bz1267034.png).  So I believe I was able to reproduce the same issue.

I then changed rhsm.conf to allow me to unregister, and updated the rpms to 1.15.9-13.  I followed the same steps as above, but instead of hanging at the auto attach while trying to find suitable service levels, I was presented with an error during registration (see bz126704-withfix.png).
Comment 6 Sean Toner 2015-10-06 13:31 EDT
Created attachment 1080322 [details]
contains 2 pngs, one of error before fix, one of error after fix
Comment 7 errata-xmlrpc 2015-11-19 06:51:06 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2122.html

Note You need to log in before you can comment on or make changes to this bug.