Bug 1308349 - Entitlement certificate creation fails with "/etc/pki/rhui/certs/entitlement-ca.srl : No such file"
Entitlement certificate creation fails with "/etc/pki/rhui/certs/entitlement-...
Status: CLOSED ERRATA
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: Tools (Show other bugs)
3.0.0
All Linux
unspecified Severity low
: ---
: ---
Assigned To: Patrick Creech
Irina Gulina
:
Depends On: 1358564 1364024
Blocks: 1224956 1349361
  Show dependency treegraph
 
Reported: 2016-02-14 09:37 EST by Karan Rai
Modified: 2017-03-01 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-01 17:11:40 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screenshot of entitlement and custom rpm creation (175.40 KB, image/jpeg)
2016-08-29 08:52 EDT, Irina Gulina
no flags Details

  None (edit)
Description Karan Rai 2016-02-14 09:37:51 EST
Description of problem:
After a fresh RHUI 3 installation when trying to create an entitlement certificate for the client rpm, it fails because there is no /etc/pki/rhui/certs/entitlement-ca.srl.

Ideally it should created automatically.

Version-Release number of selected component (if applicable):
rh-rhui-tools-pre.3.0.16-1.el7ui.noarch

How reproducible:
Everytime

Steps to Reproduce:
1. After a fresh install of RHUI3 search for entitlement-ca.srl file under /etc/pki/rhui/certs directory

2. Try to create an entitlement certificate via rhui-manager.

3. It fails with error -
Error creating entitlement certificate, check the log file for more information


Actual results:
Error in /root/.rhui/rhui.log -
=========
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/rhui/tools/pulp_api.py", line 155, in repo
    importer_response = self.repo_importer_api.importers(id)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/repository.py", line 201, in importers
    return self.server.GET(path)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 91, in GET
    return self._request('GET', path, queries)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 147, in _request
    response_code, response_body = self.server_wrapper.request(method, url, body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 333, in request
    response = connection.getresponse()
  File "/usr/lib64/python2.7/httplib.py", line 1051, in getresponse
    response.begin()
  File "/usr/lib64/python2.7/httplib.py", line 415, in begin
    version, status, reason = self._read_status()
  File "/usr/lib64/python2.7/httplib.py", line 371, in _read_status
    line = self.fp.readline(_MAXLINE + 1)
  File "/usr/lib64/python2.7/socket.py", line 476, in readline
    data = self._sock.recv(self._rbufsize)
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 228, in read
    return self._read_bio(size)
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 213, in _read_bio
    return m2.ssl_read(self.ssl, size, self._timeout)
KeyboardInterrupt
2016-02-14 09:25:42,887 - Private key creation output
2016-02-14 09:25:42,888 - Exit Code: 0
2016-02-14 09:25:42,889 - 
2016-02-14 09:25:42,889 - writing RSA key

2016-02-14 09:25:42,894 - Command [openssl x509 -req -days 365 -in /root/client/rhuiclient.csr -CA /etc/pki/rhui/certs/entitlement-ca.crt -CAkey /etc/pki/rhui/private/entitlement-ca.key -CAserial /etc/pki/rhui/certs/entitlement-ca.srl -out /root/client/rhuiclient.crt -extfile /root/client/rhuiclient-extensions.txt -extensions rhui]
2016-02-14 09:25:42,936 - Certificate creation output
2016-02-14 09:25:42,937 - 
2016-02-14 09:25:42,937 - Signature ok
subject=/CN=Red Hat Update Infrastructure
Getting CA Private Key
/etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory
140658459240352:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r')
140658459240352:error:20074002:BIO r
outines:FILE_CTRL:system lib:bss_file.c:400:
===========


Expected results:
1. Entitlement certificate created at /root/client/rhuiclient.crt
OR
2. File /etc/pki/rhui/certs/entitlement-ca.srl should be created automatically.

Additional info:

Workaround -
create the file manually -
# echo 01 > /etc/pki/rhui/certs/entitlement-ca.srl
Comment 4 Irina Gulina 2016-07-14 10:04:13 EDT
Reproduced on RHUI-3.0-RHEL-6-20160712.n.1-RHUI-x86_64-dvd1.iso. When fixing it, please also mind point #2: 

#1 If there are no any repos, 'create an entitlement certificate' reports so. And it's expected: 

rhui (client) => e

There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection.

#2 If there is a protected custom repo, but no RH repos,  'create an entitlement certificate' doesn't create the cert, and says to create a custom repo, however there is one:

rhui (repo) => l

Custom Repositories
  repo_protected

rhui (client) => e

There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection.


#3 When there are RH repo and custom protected repo: 

rhui (repo) => l

Custom Repositories
  repo_protected

Red Hat Repositories
  Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
  Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)

rhui (client) => e

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories

  Red Hat Repositories
    -  1 : Red Hat Update Infrastructure 2.0 (RPMs)

Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories

  Red Hat Repositories
    x  1 : Red Hat Update Infrastructure 2.0 (RPMs)

Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c


Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that will
help identify the products contained with it:
irina_ec    

Local directory in which to save the generated certificate [current directory]:
/tmp

Number of days the certificate should be valid [365]:


Repositories to be included in the entitlement certificate:

  Red Hat Repositories
    Red Hat Update Infrastructure 2.0 (RPMs)

Proceed? (y/n) y

..............+++
.+++
Error creating entitlement certificate, check the log file for more information

>> less /root/.rhui/rhui.log

2016-07-14 09:52:54,946 - Certificate creation output
2016-07-14 09:52:54,946 - 
2016-07-14 09:52:54,946 - Signature ok
subject=/CN=Red Hat Update Infrastructure
Getting CA Private Key
/etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory
139942278465440:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r')
139942278465440:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Comment 5 Irina Gulina 2016-07-20 21:23:21 EDT
BZ is still there. See https://bugzilla.redhat.com/show_bug.cgi?id=1349361#c3
Comment 8 Irina Gulina 2016-08-29 08:51:28 EDT
Failed QE on both RHEL6 and RHEL7 ISOes 20160823. See attachment, notes in red and green.
Comment 9 Irina Gulina 2016-08-29 08:52 EDT
Created attachment 1195376 [details]
screenshot of entitlement and custom rpm creation
Comment 10 Irina Gulina 2016-08-29 08:54:25 EDT
Depends On: 1364024 was added because I can't check whether the created entitlement and custom rpm work as expected.
Comment 11 Irina Gulina 2016-09-22 10:54:15 EDT
-= Client Entitlement Management =-

   e   generate an entitlement certificate
   c   create a client configuration RPM from an entitlement certificate

                                                   Connected: rhua.example.com
------------------------------------------------------------------------------
rhui (client) => e

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories
    -  1 : protected_repo1
             protected_repo1


  Red Hat Repositories
    -  2 : Red Hat Update Infrastructure 2.0 (RPMs)
    -  3 : Red Hat Update Infrastructure 2.0 (SRPMS)

Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1-3

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories
    x  1 : protected_repo1
             protected_repo1


  Red Hat Repositories
    x  2 : Red Hat Update Infrastructure 2.0 (RPMs)
    x  3 : Red Hat Update Infrastructure 2.0 (SRPMS)

Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: c


Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that will
help identify the products contained with it:
my-cert

Local directory in which to save the generated certificate [current directory]:
/tmp

Number of days the certificate should be valid [365]:


Repositories to be included in the entitlement certificate:

  Custom Entitlements
    protected_repo1

  Red Hat Repositories
    Red Hat Update Infrastructure 2.0 (RPMs)
    Red Hat Update Infrastructure 2.0 (SRPMS)

Proceed? (y/n) y

.+++
.........................................................................+++
Entitlement certificate created at /tmp/my-cert.crt

------------------------------------------------------------------------------
rhui (client) => e

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories
    -  1 : protected_repo1
             protected_repo1


  Red Hat Repositories
    -  2 : Red Hat Update Infrastructure 2.0 (RPMs)
    -  3 : Red Hat Update Infrastructure 2.0 (SRPMS)

Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: b



------------------------------------------------------------------------------
rhui (client) => c

Full path to local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/tmp

Name of the RPM:
my-rpm

Version of the configuration RPM [2.0]:


Full path to the entitlement certificate authorizing the client to access
specific channels:
/tmp/my-cert.crt

Full path to the private key for the above entitlement certificate:
/tmp/my-cert.key

Port to serve Docker content on (default 5000):


Select any unprotected repositories to be included in the client configuration:
  -  1 : unprotected_repo1
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1

Select any unprotected repositories to be included in the client configuration:
  x  1 : unprotected_repo1
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c


Successfully created client configuration RPM.
RPMs can be found at /tmp
Comment 12 errata-xmlrpc 2017-03-01 17:11:40 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0367

Note You need to log in before you can comment on or make changes to this bug.