Description of problem: After a fresh RHUI 3 installation when trying to create an entitlement certificate for the client rpm, it fails because there is no /etc/pki/rhui/certs/entitlement-ca.srl. Ideally it should created automatically. Version-Release number of selected component (if applicable): rh-rhui-tools-pre.3.0.16-1.el7ui.noarch How reproducible: Everytime Steps to Reproduce: 1. After a fresh install of RHUI3 search for entitlement-ca.srl file under /etc/pki/rhui/certs directory 2. Try to create an entitlement certificate via rhui-manager. 3. It fails with error - Error creating entitlement certificate, check the log file for more information Actual results: Error in /root/.rhui/rhui.log - ========= Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/rhui/tools/pulp_api.py", line 155, in repo importer_response = self.repo_importer_api.importers(id) File "/usr/lib/python2.7/site-packages/pulp/bindings/repository.py", line 201, in importers return self.server.GET(path) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 91, in GET return self._request('GET', path, queries) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 147, in _request response_code, response_body = self.server_wrapper.request(method, url, body) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 333, in request response = connection.getresponse() File "/usr/lib64/python2.7/httplib.py", line 1051, in getresponse response.begin() File "/usr/lib64/python2.7/httplib.py", line 415, in begin version, status, reason = self._read_status() File "/usr/lib64/python2.7/httplib.py", line 371, in _read_status line = self.fp.readline(_MAXLINE + 1) File "/usr/lib64/python2.7/socket.py", line 476, in readline data = self._sock.recv(self._rbufsize) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 228, in read return self._read_bio(size) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 213, in _read_bio return m2.ssl_read(self.ssl, size, self._timeout) KeyboardInterrupt 2016-02-14 09:25:42,887 - Private key creation output 2016-02-14 09:25:42,888 - Exit Code: 0 2016-02-14 09:25:42,889 - 2016-02-14 09:25:42,889 - writing RSA key 2016-02-14 09:25:42,894 - Command [openssl x509 -req -days 365 -in /root/client/rhuiclient.csr -CA /etc/pki/rhui/certs/entitlement-ca.crt -CAkey /etc/pki/rhui/private/entitlement-ca.key -CAserial /etc/pki/rhui/certs/entitlement-ca.srl -out /root/client/rhuiclient.crt -extfile /root/client/rhuiclient-extensions.txt -extensions rhui] 2016-02-14 09:25:42,936 - Certificate creation output 2016-02-14 09:25:42,937 - 2016-02-14 09:25:42,937 - Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key /etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory 140658459240352:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r') 140658459240352:error:20074002:BIO r outines:FILE_CTRL:system lib:bss_file.c:400: =========== Expected results: 1. Entitlement certificate created at /root/client/rhuiclient.crt OR 2. File /etc/pki/rhui/certs/entitlement-ca.srl should be created automatically. Additional info: Workaround - create the file manually - # echo 01 > /etc/pki/rhui/certs/entitlement-ca.srl
Reproduced on RHUI-3.0-RHEL-6-20160712.n.1-RHUI-x86_64-dvd1.iso. When fixing it, please also mind point #2: #1 If there are no any repos, 'create an entitlement certificate' reports so. And it's expected: rhui (client) => e There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection. #2 If there is a protected custom repo, but no RH repos, 'create an entitlement certificate' doesn't create the cert, and says to create a custom repo, however there is one: rhui (repo) => l Custom Repositories repo_protected rhui (client) => e There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection. #3 When there are RH repo and custom protected repo: rhui (repo) => l Custom Repositories repo_protected Red Hat Repositories Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386) Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64) rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories - 1 : Red Hat Update Infrastructure 2.0 (RPMs) Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories x 1 : Red Hat Update Infrastructure 2.0 (RPMs) Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: irina_ec Local directory in which to save the generated certificate [current directory]: /tmp Number of days the certificate should be valid [365]: Repositories to be included in the entitlement certificate: Red Hat Repositories Red Hat Update Infrastructure 2.0 (RPMs) Proceed? (y/n) y ..............+++ .+++ Error creating entitlement certificate, check the log file for more information >> less /root/.rhui/rhui.log 2016-07-14 09:52:54,946 - Certificate creation output 2016-07-14 09:52:54,946 - 2016-07-14 09:52:54,946 - Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key /etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory 139942278465440:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r') 139942278465440:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
BZ is still there. See https://bugzilla.redhat.com/show_bug.cgi?id=1349361#c3
Failed QE on both RHEL6 and RHEL7 ISOes 20160823. See attachment, notes in red and green.
Created attachment 1195376 [details] screenshot of entitlement and custom rpm creation
Depends On: 1364024 was added because I can't check whether the created entitlement and custom rpm work as expected.
-= Client Entitlement Management =- e generate an entitlement certificate c create a client configuration RPM from an entitlement certificate Connected: rhua.example.com ------------------------------------------------------------------------------ rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories - 1 : protected_repo1 protected_repo1 Red Hat Repositories - 2 : Red Hat Update Infrastructure 2.0 (RPMs) - 3 : Red Hat Update Infrastructure 2.0 (SRPMS) Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1-3 Select one or more repositories to include in the entitlement certificate: Custom Repositories x 1 : protected_repo1 protected_repo1 Red Hat Repositories x 2 : Red Hat Update Infrastructure 2.0 (RPMs) x 3 : Red Hat Update Infrastructure 2.0 (SRPMS) Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: my-cert Local directory in which to save the generated certificate [current directory]: /tmp Number of days the certificate should be valid [365]: Repositories to be included in the entitlement certificate: Custom Entitlements protected_repo1 Red Hat Repositories Red Hat Update Infrastructure 2.0 (RPMs) Red Hat Update Infrastructure 2.0 (SRPMS) Proceed? (y/n) y .+++ .........................................................................+++ Entitlement certificate created at /tmp/my-cert.crt ------------------------------------------------------------------------------ rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories - 1 : protected_repo1 protected_repo1 Red Hat Repositories - 2 : Red Hat Update Infrastructure 2.0 (RPMs) - 3 : Red Hat Update Infrastructure 2.0 (SRPMS) Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: b ------------------------------------------------------------------------------ rhui (client) => c Full path to local directory in which the client configuration files generated by this tool should be stored (if this directory does not exist, it will be created): /tmp Name of the RPM: my-rpm Version of the configuration RPM [2.0]: Full path to the entitlement certificate authorizing the client to access specific channels: /tmp/my-cert.crt Full path to the private key for the above entitlement certificate: /tmp/my-cert.key Port to serve Docker content on (default 5000): Select any unprotected repositories to be included in the client configuration: - 1 : unprotected_repo1 Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select any unprotected repositories to be included in the client configuration: x 1 : unprotected_repo1 Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Successfully created client configuration RPM. RPMs can be found at /tmp
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367