Bug 1340323 - Certificate errors when automating the installation of packages using subscription manager
Summary: Certificate errors when automating the installation of packages using subscri...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cloud-init   
(Show other bugs)
Version: 7.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Ryan McCabe
QA Contact:
Keywords: Triaged
Depends On:
TreeView+ depends on / blocked
Reported: 2016-05-27 02:06 UTC by Andrew Beekhof
Modified: 2018-06-05 16:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Andrew Beekhof 2016-05-27 02:06:12 UTC
Description of problem:

I am unable to install packages when creating instances from a heat template due to SSL and certificate errors.

Version-Release number of selected component (if applicable):

Whatever comes in http://download.eng.bos.redhat.com/brewroot/packages/rhel-guest-image/7.2/20160302.0/images/rhel-guest-image-7.2-20160302.0.x86_64.qcow2

How reproducible:


Steps to Reproduce:
1. wget http://download.eng.bos.redhat.com/brewroot/packages/rhel-guest-image/7.2/20160302.0/images/rhel-guest-image-7.2-20160302.0.x86_64.qcow2

Arrange for the following user_data to be passed to the openstack instance when it is created:

    username: rhn-engineering-XXXX
    password: 'secret'
    auto-attach: True
   - ntp

3. Watch the console

Actual results:

Out of the box I get:
   https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#77 - "Problem with the SSL CA cert (path? access rights?)"

Running this before first trying to install:
  sed -i 's/insecure.*/insecure = 1/' /etc/rhsm/rhsm.conf
  sed -i 's/sslverify.*/sslverify = 0/' /etc/yum.repos.d/redhat.repo

Produces this instead:
  https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#58 - "unable to load client key: -8178 (SEC_ERROR_BAD_KEY)"

Expected results:

Package is installed

Additional info:

Even running the subscription-manager manually from a script:

  #!/bin/sh -ex

  subscription-manager register --username='rhn-engineering-XXXX' --password='mysecret'
  subscription-manager attach --auto
  yum install -y ntp

doesn't seem to help, even though it normally works from the
command line.

Perhaps it is something to do with the timing of the commands or the environment in which they are being executed.

Comment 4 Andrew Beekhof 2018-01-17 04:06:09 UTC
I'm not sure I even know how to test this anymore.
I was doing it in the context of Heat and OSP and many moons ago

Note You need to log in before you can comment on or make changes to this bug.