Bug 1340323 - Certificate errors when automating the installation of packages using subscription manager
Certificate errors when automating the installation of packages using subscri...
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cloud-init (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Ryan McCabe
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-26 22:06 EDT by Andrew Beekhof
Modified: 2017-07-17 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Beekhof 2016-05-26 22:06:12 EDT
Description of problem:

I am unable to install packages when creating instances from a heat template due to SSL and certificate errors.

Version-Release number of selected component (if applicable):

Whatever comes in http://download.eng.bos.redhat.com/brewroot/packages/rhel-guest-image/7.2/20160302.0/images/rhel-guest-image-7.2-20160302.0.x86_64.qcow2

How reproducible:

100%

Steps to Reproduce:
1. wget http://download.eng.bos.redhat.com/brewroot/packages/rhel-guest-image/7.2/20160302.0/images/rhel-guest-image-7.2-20160302.0.x86_64.qcow2
2. 

Arrange for the following user_data to be passed to the openstack instance when it is created:

user_data_raw:
user_data:
  #cloud-config
  rh_subscription:
    username: rhn-engineering-XXXX
    password: 'secret'
    auto-attach: True
  packages:
   - ntp

3. Watch the console


Actual results:

Out of the box I get:
   https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#77 - "Problem with the SSL CA cert (path? access rights?)"

Running this before first trying to install:
  sed -i 's/insecure.*/insecure = 1/' /etc/rhsm/rhsm.conf
  sed -i 's/sslverify.*/sslverify = 0/' /etc/yum.repos.d/redhat.repo

Produces this instead:
  https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#58 - "unable to load client key: -8178 (SEC_ERROR_BAD_KEY)"


Expected results:

Package is installed

Additional info:

Even running the subscription-manager manually from a script:

user_data_raw:
user_data:
  #!/bin/sh -ex

  subscription-manager register --username='rhn-engineering-XXXX' --password='mysecret'
  subscription-manager attach --auto
  yum install -y ntp

doesn't seem to help, even though it normally works from the
command line.

Perhaps it is something to do with the timing of the commands or the environment in which they are being executed.

Note You need to log in before you can comment on or make changes to this bug.