Hide Forgot
Description of problem: When you auto-attach or manually attach a subscription that provides entitlement certs with content type "containerImage" ,ent certs do not land in hostname directories Version-Release number of selected component (if applicable): [root@dhcp35-212 ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 0.9.51.15-1 subscription management rules: 5.15.1 subscription-manager: 1.16.8-5.el6 python-rhsm: 1.16.6-1.el6 How reproducible: Steps to Reproduce: Docker service is up and running : [root@dhcp35-212 certs.d]# service docker status docker (pid 13960) is running... register and auto-attach the subscriptions: [root@dhcp35-212 certs.d]# subscription-manager register --force --auto-attach Registering to: subscription.rhn.stage.redhat.com:443/subscription Username: qa Password: The system has been registered with ID: 5720b2b3-59db-4c48-9264-c141fe3eb24f Installed Product Current Status: Product Name: Red Hat Enterprise Linux Desktop Status: Subscribed [root@dhcp35-212 certs.d]# subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: Employee SKU Provides: JBoss Enterprise Web Platform Oracle Java (for Middleware) Red Hat Enterprise Virtualization for IBM Power Red Hat Certificate System Red Hat Enterprise Linux for Power, big endian - Extended Update Support MRG Management Oracle Java (for RHEL Compute Node) - Extended Update Support Red Hat Mobile Application Platform v4.0 Red Hat OpenShift Enterprise Infrastructure Beta Red Hat Enterprise Linux for Real Time Red Hat OpenStack Red Hat Enterprise Linux Server for Itanium - Extended Life Cycle Support Red Hat Hardware Certification Test Suite Red Hat Certificate System with Advanced Access Red Hat Enterprise Linux High Performance Networking (for RHEL Compute Node) Red Hat JBoss A-MQ Clients Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta JBoss Enterprise Application Platform Red Hat OpenShift Enterprise JBoss FUSE add-on MRG Grid Execute Red Hat Enterprise Linux Server Oracle Java (for RHEL Workstation) Red Hat Enterprise Linux for Power, big endian Red Hat Enterprise Linux EUS Compute Node Red Hat Ceph Storage MON Red Hat Enterprise Linux High Performance Networking (for RHEL for IBM POWER) Red Hat Software Collections (for RHEL Workstation) Red Hat OpenShift Enterprise Application Node Beta Red Hat Enterprise Linux Scalable File System (for RHEL Workstation) JBoss Enterprise Application Platform - ELS Red Hat Enterprise Linux 7 for IBM POWER High Touch Beta Red Hat Enterprise Linux EUS Compute Node High Performance Networking Red Hat OpenShift Enterprise JBoss A-MQ add-on Red Hat Gluster Storage Server for On-premise Atomic Enterprise Platform Beta Red Hat Enterprise Linux Atomic Host HTB Red Hat Gluster Storage Nagios Server Red Hat Ceph Storage Calamari Red Hat OpenStack Beta Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Red Hat Directory Server MRG Realtime Red Hat Enterprise MRG Messaging 3 for RHEL 7 Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support Red Hat OpenShift Enterprise Infrastructure Red Hat Enterprise Linux Resilient Storage (for IBM z Systems) Red Hat Enterprise Linux High Availability (for RHEL Server) Red Hat Enterprise Linux for Power, little endian Red Hat Enterprise Linux EUS Compute Node Scalable File System Red Hat Enterprise Linux 7 for IBM z Systems High Touch Beta Red Hat CloudForms Beta Red Hat Developer Toolset (for RHEL Workstation) Red Hat Enterprise Linux Server - AUS JBoss Enterprise Web Server Red Hat Enterprise Linux for SAP Red Hat Enterprise Linux for IBM z Systems Red Hat Enterprise Linux Atomic Host Red Hat Enterprise Linux for Real Time for NFV Red Hat Storage Oracle Java (for RHEL Server) - Extended Update Support Red Hat Enterprise Linux 7 Desktop High Touch Beta Red Hat Software Collections (for RHEL Server) Red Hat OpenShift Enterprise Application Node Red Hat Enterprise Linux Scalable File System (for RHEL Server) Red Hat OpenShift Enterprise Red Hat OpenStack Beta Certification Test Suite Red Hat Enterprise Linux High Performance Networking (for RHEL Server) Kernel Derivative Works for HPC for Power Systems Atomic Enterprise Platform HTB Red Hat Enterprise Linux Workstation Oracle Java (for RHEL Client) Red Hat Gluster Storage Management Console (for RHEL Server) Red Hat Enterprise MRG Messaging Red Hat Enterprise Linux High Availability (for RHEL Server) - AUS Red Hat Beta MRG Grid Red Hat Enterprise Linux Atomic Host Beta Red Hat OpenStack - Extended Life Cycle Support Red Hat Enterprise Linux 7 Workstation High Touch Beta Red Hat Software Collections Beta (for RHEL Client) Red Hat Enterprise Linux Load Balancer (for RHEL Server) Red Hat S-JIS Support (for RHEL Server) Red Hat Enterprise Virtualization Red Hat Container Development Kit Red Hat Enterprise Linux Server - Extended Update Support Red Hat Enterprise Linux 7 Resilient Storage High Touch Beta Red Hat Enterprise Linux Load Balancer (for RHEL Server) - AUS Red Hat Atomic Platform Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support Red Hat Enterprise Linux 7 Server High Touch Beta Red Hat Certification (for RHEL Server) Red Hat Enterprise Linux 6 Server HTB Red Hat Single Sign-On Red Hat Container Images Red Hat Cloud Infrastructure Red Hat Software Collections Beta (for RHEL Workstation) Oracle Java (for RHEL Compute Node) Red Hat CloudForms Red Hat Enterprise Linux for Power, little endian - Extended Update Support Oracle Java (for RHEL Server) Red Hat Developer Toolset (for RHEL Server EUS) Red Hat S-JIS Support (for RHEL Server) - AUS Red Hat Enterprise Linux Desktop Red Hat Enterprise Linux 7 Load Balancer High Touch Beta Red Hat Enterprise Linux Resilient Storage (for RHEL Server) Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - AUS Red Hat Developer Toolset (for RHEL Server) Red Hat Enterprise Linux Server - Extended Life Cycle Support Red Hat Container Images Beta Red Hat Ceph Storage Red Hat Mobile Application Platform v4.0 Beta Red Hat Enterprise Linux High Availability (for IBM z Systems) Red Hat Enterprise Linux Server for ARM Beta Red Hat OpenShift Enterprise Client Tools Beta Red Hat OpenShift Enterprise Client Tools Red Hat Enterprise Linux for SAP Hana Red Hat EUCJP Support (for RHEL Server) Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support Red Hat Enterprise Linux 7 High Availability High Touch Beta Oracle Java (for RHEL Server) - AUS Red Hat Software Collections Beta (for RHEL Server) Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support Red Hat Enterprise Linux Scalable File System (for RHEL Compute Node) Red Hat Enterprise Linux Scalable File System (for RHEL Server) - AUS Red Hat Container Images HTB Red Hat Enterprise Linux 6 Workstation HTB Red Hat Enterprise Linux for Scientific Computing Kernel Derivative Works for Bluegene/Q Red Hat Enterprise Linux Server for ARM Development Preview Red Hat OpenShift Enterprise JBoss EAP add-on Beta Red Hat Ceph Storage OSD Red Hat OpenShift Enterprise JBoss EAP add-on Red Hat Enterprise Linux Server for ARM SKU: ES0113909 Contract: 10169793 Account: 477931 Serial: 5955147232964112912 Pool ID: 8a85f9823e3d5e43013e3ddd4e9509c4 Provides Management: Yes Active: True Quantity Used: 1 Service Level: Self-Support Service Type: L1-L3 Status Details: Subscription is current Subscription Type: Standard Starts: 04/24/2013 Ends: 01/01/2022 System Type: Virtual Ent cert has the content type "Container image" [root@dhcp35-212 certs.d]# rct cat-cert /etc/pki/entitlement/5955147232964112912.pem | grep "containerimage" Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage Type: containerimage [root@dhcp35-212 certs.d]# ll /etc/docker/certs.d/ total 12 drwxr-xr-x. 2 root root 4096 Mar 21 16:10 access.redhat.com drwxr-xr-x. 2 root root 4096 Mar 21 16:06 cdn.redhat.com drwxr-xr-x. 2 root root 4096 Mar 21 16:10 registry.access.redhat.com [root@dhcp35-212 certs.d]# cat /etc/rhsm/pluginconf.d/container_content.ContainerContentPlugin.conf [main] enabled = 1 registry_hostnames = registry.access.redhat.com,cdn.redhat.com,access.redhat.com registry_hostnames = registry.access.redhat.com,cdn.redhat.com,access.redhat.com [root@dhcp35-212 certs.d]# ls access.redhat.com/ [root@dhcp35-212 certs.d]# ls cdn.redhat.com/ redhat-entitlement-authority.crt [root@dhcp35-212 certs.d]# ls registry.access.redhat.com/ [root@dhcp35-212 certs.d]# [root@dhcp35-212 certs.d]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE rhel latest bf63a676257a 2 weeks ago 203.2 MB rhel6 latest 31b925c88737 2 weeks ago 166.1 MB [root@dhcp35-212 certs.d]# docker run -i -t rhel6 yum -y update Loaded plugins: product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Update Process No Packages marked for Update Actual results: Expected results: Additional info:
This appears to be working for me on RHEL6 with an entitlement from the same Employee SKU subscription... [root@jsefler-6 ~]# rpm -q subscription-manager-plugin-container subscription-manager-plugin-container-1.16.8-7.el6.x86_64 [root@jsefler-6 ~]# subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.8 Beta Arch: x86_64 Status: Subscribed Status Details: Starts: 04/24/2013 Ends: 12/31/2021 [root@jsefler-6 ~]# subscription-manager list --consumed | egrep "SKU|Serial" Subscription Name: Employee SKU SKU: ES0113909 Serial: 4628960558089844637 [root@jsefler-6 ~]# cat /etc/rhsm/pluginconf.d/container_content.ContainerContentPlugin.conf [main] enabled = 1 registry_hostnames = registry.access.redhat.com,cdn.redhat.com,access.redhat.com [root@jsefler-6 ~]# rct cat-cert /etc/pki/entitlement/4628960558089844637.pem | grep "containerimage" -A10 | egrep "Type|Name|Tags" | grep rhel-6 -B2 Type: containerimage Name: Red Hat Enterprise Linux 6 Server - Beta (Containers) Required Tags: rhel-6-server Type: containerimage Name: Red Hat Enterprise Linux 6 Server (Containers) Required Tags: rhel-6-server Type: containerimage Name: Red Hat Enterprise Linux 6 Server - HTB (Containers) Required Tags: rhel-6-server [root@jsefler-6 ~]# ls -l /etc/docker/certs.d/access.redhat.com/ total 84 -rw-r--r--. 1 root root 77897 Mar 24 16:09 4628960558089844637.cert -rw-------. 1 root root 1679 Mar 24 16:09 4628960558089844637.key [root@jsefler-6 ~]# ls -l /etc/docker/certs.d/cdn.redhat.com/ total 88 -rw-r--r--. 1 root root 77897 Mar 24 16:09 4628960558089844637.cert -rw-------. 1 root root 1679 Mar 24 16:09 4628960558089844637.key -rw-r--r--. 1 root root 2626 Mar 21 16:46 redhat-entitlement-authority.crt [root@jsefler-6 ~]# ls -l /etc/docker/certs.d/registry.access.redhat.com/ total 84 -rw-r--r--. 1 root root 77897 Mar 24 16:09 4628960558089844637.cert -rw-------. 1 root root 1679 Mar 24 16:09 4628960558089844637.key VERIFIED: In my test the entitled serial cert and key was successfully copied to each of the configured registry_hostname directories.
I see the certs being copied onto hostname directory [root@dhcp35-15 ~]# subscription-manager register --serverurl subscription.rhn.stage.redhat.com This system is already registered. Use --force to override [root@dhcp35-15 ~]# subscription-manager register --serverurl subscription.rhn.stage.redhat.com --force The system with UUID 8b5145ed-a866-4896-bb85-dc1051c15ff0 has been unregistered Registering to: subscription.rhn.stage.redhat.com:443/subscription Username: qa Password: The system has been registered with ID: 9af830b5-3a65-442a-a0d3-46c0654a35b2 [root@dhcp35-15 ~]# subscription-manager attach --auto Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed Product Name: Red Hat Enterprise Linux 6 Server HTB Status: Subscribed [root@dhcp35-15 ~]# ls /etc/docker/certs.d/registry.access.redhat.com/ 7489850794993942482.cert 7489850794993942482.key [root@dhcp35-15 ~]# rct cat-cert /etc/pki/entitlement/7489850794993942482.pem | grep "container" Type: containerimage Label: rhel-6-server-beta-containers URL: /content/beta/rhel/server/6/6Server/x86_64/containers Type: containerimage Label: rhel-6-server-containers URL: /content/dist/rhel/server/6/6Server/x86_64/containers Type: containerimage Label: rhel-6-server-htb-containers URL: /content/htb/rhel/server/6/6Server/x86_64/containers Type: containerimage Label: rhel-7-server-aep-3.1-containers URL: /content/dist/rhel/server/7/7Server/$basearch/aep/3.1/containers Type: containerimage Label: rhel-7-server-aep-beta-containers URL: /content/beta/rhel/server/7/$basearch/aep/containers Type: containerimage Label: rhel-7-server-aep-htb-containers URL: /content/htb/rhel/server/7/$basearch/aep/containers Type: containerimage Label: rhel-7-server-aos-beta-containers URL: /content/beta/rhel/server/7/$basearch/aos/containers Type: containerimage