Description of problem: 1) generate an entitlement certificate doesn't display a list of protected repos (see ***NOTE***) 2) creation of a client configuration RPM from an entitlement certificate fails with an unexpected error Version-Release number of selected component (if applicable): RHUI3 iso 20160531 How reproducible: always Steps to Reproduce: 1. create protected and unprotected custom repo in my case 'zoo' is not protected and 'protected_repo_1' requires the cert 2. add RH repo 3. generate an entitlement certificate 4. create a client configuration RPM from an entitlement certificate Actual results: rhui (repo) => l Custom Repositories protected_repo_1 zoo Red Hat Repositories Red Hat Enterprise Linux 6 Update Infrastructure Load Balancer (6Server-i386) Red Hat Enterprise Linux 6 Update Infrastructure Load Balancer (6Server-x86_64) ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Client Entitlement Management =- e generate an entitlement certificate c create a client configuration RPM from an entitlement certificate Connected: rhua.example.com ------------------------------------------------------------------------------ rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories - 1 : Red Hat Enterprise Linux 6 Update Infrastructure Load Balancer /start{***NOTE***} Why is 'protected_repo_1' custom repo not visible here? I expect to see a list of protected custom repos here + RH repos) In RHUI@ it was: rhui (client) => e Select the CDS cluster that clients using this entitlement certificate will use to download content: 1 - cluster_1 Enter value (1-1) or 'b' to abort: 1 Select one or more repositories to include in the entitlement certificate: Custom Repositories - 1 : custom_repo_2 custom_repo_2 Red Hat Repositories - 2 : Red Hat Update Infrastructure 2.0 (RPMs) Enter value (1-2) to toggle selection, 'c' to confirm selections, or '?' for more commands: where 'custom_repo_2' is a protected repo /end{***NOTE***} Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories x 1 : Red Hat Enterprise Linux 6 Update Infrastructure Load Balancer Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: irina_cert Local directory in which to save the generated certificate [current directory]: Number of days the certificate should be valid [365]: 10 Repositories to be included in the entitlement certificate: Red Hat Repositories Red Hat Enterprise Linux 6 Update Infrastructure Load Balancer Proceed? (y/n) y .+++ .........................+++ Error creating entitlement certificate, check the log file for more information ------------------------------------------------------------------------------ rhui (client) => c Full path to local directory in which the client configuration files generated by this tool should be stored (if this directory does not exist, it will be created): /root/ Name of the RPM: irina_rpm Version of the configuration RPM [2.0]: Full path to the entitlement certificate authorizing the client to access specific channels: /root/irina_cert.crt Full path to the private key for the above entitlement certificate: /root/irina_cert.key Port to serve Docker content on (default 5000): An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log. >> less /root/.rhui/rhui.log 2016-06-23 06:04:56,848 - <type 'exceptions.KeyError'> 2016-06-23 06:04:56,848 - Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/rhui/tools/shell.py", line 88, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.7/site-packages/rhui/tools/shell.py", line 122, in listen Shell.listen(self) File "/usr/lib/python2.7/site-packages/rhui/common/shell.py", line 186, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.7/site-packages/rhui/tools/screens/client.py", line 208, in create_rpm answers = self._collect_answers() File "/usr/lib/python2.7/site-packages/rhui/tools/screens/client.py", line 274, in _collect_answers unprotected_repo_names = [r['name'] for r in unprotected_repos] KeyError: 'name' Expected results: a client conf rpm is created successfully for RH repo and custom protected repos
Failed_QA on RHEL7 20160719 iso: >> rhui (repo) => l Custom Repositories protected_repo selinux_repo unprotected_repo Red Hat Repositories JBoss Enterprise Application Platform 5 (for RHEL 6 Server) (RPMs) from RHUI (6Server-x86_64) Red Hat Enterprise Linux 6 Server (Source ISOs) from RHUI (6Server-x86_64) >> ------------------------------------------------------------------------------ rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories - 1 : JBoss Enterprise Application Platform 5 (for RHEL 6 Server) (RPMs) from RHUI - 2 : Red Hat Enterprise Linux 6 Server (Source ISOs) from RHUI - 3 : Red Hat Enterprise Linux 6 Server from RHUI (RPMs) Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1-3 Select one or more repositories to include in the entitlement certificate: Custom Repositories Red Hat Repositories x 1 : JBoss Enterprise Application Platform 5 (for RHEL 6 Server) (RPMs) from RHUI x 2 : Red Hat Enterprise Linux 6 Server (Source ISOs) from RHUI x 3 : Red Hat Enterprise Linux 6 Server from RHUI (RPMs) Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: irina_cert Local directory in which to save the generated certificate [current directory]: Number of days the certificate should be valid [365]: Repositories to be included in the entitlement certificate: Red Hat Repositories JBoss Enterprise Application Platform 5 (for RHEL 6 Server) (RPMs) from RHUI Red Hat Enterprise Linux 6 Server (Source ISOs) from RHUI Red Hat Enterprise Linux 6 Server from RHUI (RPMs) Proceed? (y/n) y ..................+++ ............+++ Error creating entitlement certificate, check the log file for more information >> less ~/.rhui/rhui.log 2016-07-20 20:35:18,788 - Successfully connected to [rhua.example.com] 2016-07-20 21:02:18,940 - Private key creation output 2016-07-20 21:02:18,940 - Exit Code: 0 2016-07-20 21:02:18,940 - 2016-07-20 21:02:18,940 - writing RSA key 2016-07-20 21:02:18,943 - Command [openssl x509 -req -days 365 -in ./irina_cert.csr -CA /etc/pki/rhui/certs/entitlement-ca.crt -CAkey /etc/pki/rhui/private/entitlement-ca.key -CAserial /etc/pki/rhui/certs/entitlement-ca.srl -out ./irina_cert.crt -extfile ./irina_cert-extensions.txt -extensions rhui] 2016-07-20 21:02:18,959 - Certificate creation output 2016-07-20 21:02:18,960 - 2016-07-20 21:02:18,960 - Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key /etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory 139925297199008:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r') 139925297199008:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
And I can't verify it on RHEL6 because of BZ1358564.
I haven't seen the error with entitlement-ca.srl recently, nor is there anything about this file in the rhui log on my test RHUI instance; entitlement-ca.srl just exists. This issue was fixed in two steps, here: # rpm -q --changelog rhui-installer-base ... * Wed Jul 27 2016 Patrick Creech <pcreech> 0.0.33-1 - Fixing srl extension (pcreech) * Tue Jul 26 2016 Patrick Creech <pcreech> 0.0.32-1 - Fix mispelling in entitlement (pcreech) ... In particular, I see the following difference in /usr/share/rhui-installer/modules/rhua/manifests/init.pp between version 0.0.31 and 0.0.33: --- /tmp/init.pp.0 2016-09-20 05:33:08.529787417 -0400 +++ /tmp/init.pp.2 2016-09-20 05:36:34.716790847 -0400 @@ -285,7 +285,7 @@ replace => false } - file { '/etc/pki/rhui/certs/entitilement-ca.srl': + file { '/etc/pki/rhui/certs/entitlement-ca.srl': content => '01', require => Class['Certs'], replace => false (For the record, version 0.0.32 contained "/etc/pki/rhui/certs/entitlement-ca.crt", which was the wrong extension.) The first issue mentioned in comment 0 remains open, though: "generate an entitlement certificate doesn't display a list of protected repos (see ***NOTE***)"
Verified as bug 1308349 comment 11
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367