1422196 – subscription-manager-plugin-container doesn't refresh the entitlement certs

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1422196 - subscription-manager-plugin-container doesn't refresh the entitlement certs

Summary: subscription-manager-plugin-container doesn't refresh the entitlement certs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Kevin Howell
QA Contact:	John Sefler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-14 17:13 UTC by Sushma
Modified:	2018-04-10 09:49 UTC (History)
CC List:	10 users (show)
Fixed In Version:	subscription-manager-1.20.2-1
Doc Type:	No Doc Update
Doc Text:	Cause: Container certificates were not automatically updated after the subscription-manager-plugin-container RPM was installed. Consequence: In some cases, users needed to run subscription-manager refresh to get container certificates updated after installing the subscription-manager-plugin-container RPM. Fix: The subscription-manager-plugin-container RPM now updates container certs after install. Result: Installing subscription-manager-plugin-container after registering will update the container certificates.
Clone Of:
Environment:
Last Closed:	2018-04-10 09:49:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	candlepin subscription-manager pull 1634	0	None	closed	1422196: Update container certs after plugin install	2021-02-16 07:59:00 UTC
Red Hat Product Errata	RHBA-2018:0681	0	None	None	None	2018-04-10 09:49:28 UTC

Description Sushma 2017-02-14 17:13:54 UTC

Description of problem:
After installing subscription-manager-plugin-container on a machine with subscription, the required folder and certs aren't refreshed for docker

Version-Release number of selected component (if applicable):
subscription-manager-plugin-container-1.17.15-1.el7

How reproducible:
100%

Steps to Reproduce:
1. subscription-manager register / attach
2. subscription-manager repos --enable...
3. install subscription-manager-plugin-container
4. ll /etc/docker/certs.d

Actual results:
access.redhat.com and registry.access.redhat.com not found under /etc/docker/certs.d and entitlement certs aren't placed

Expected results:
access.redhat.com and registry.access.redhat.com are created and the entitlement certs are placed as expected

Additional info:

Comment 5 John Sefler 2017-02-15 15:29:22 UTC

The issue here is that the user is starting with a valid entitlement to access "containerimage" content attached to the system, but one or both of the following packages has NOT YET been installed...

-> docker
    which provides the following /etc/docker/certs.d/ directories..
     # rpm -ql docker | grep "/etc/docker/certs.d/" 
     /etc/docker/certs.d/redhat.com
     /etc/docker/certs.d/redhat.com/redhat-ca.crt
     /etc/docker/certs.d/redhat.io
     /etc/docker/certs.d/redhat.io/redhat-ca.crt

-> subscription-manager-plugin-container
    which provides the following /etc/docker/certs.d/ directories..
     # rpm -ql subscription-manager-plugin-container | grep "/etc/docker/certs.d/" 
     /etc/docker/certs.d/cdn.redhat.com
     /etc/docker/certs.d/cdn.redhat.com/redhat-entitlement-authority.crt


Once the user installs these (together or independently), the user is expecting the subscription-manager-plugin-container plugin to *ALSO* be invoked so as to populate the /etc/docker/certs.d/<registry_hostnames>/ directories with existing entitlements to containerimage content.

This a timing issue... The user needs an entitlement to install docker and subscription-manager-plugin-container, but then has no need to attach another entitlement to access the registries because it has already been attached.  The subscription-manager-plugin-container is not being invoked after the docker and subscription-manager-plugin-container packages are installed.

Comment 9 Kevin Howell 2017-05-22 15:02:32 UTC

Note to dev: upon further review, it seems a possible solution is:
 1. As a post-install action for subscription-manager-plugin-container, invoke the plugin OR trigger a cert check (rhsmcertd); avoiding a full cert-check is preferable for performance.

Comment 11 Paul Wright 2017-09-11 08:22:35 UTC

@khowell does this require a docs update?

Comment 12 Sushma 2017-09-11 10:38:27 UTC

(In reply to Paul Wright from comment #11)
> @khowell does this require a docs update?

Hi Paul, once this fix is live (Errata mentioned in comment #10 is shipped live), this needs to tested and confirmed that we needn't manually trigger the step /usr/libexec/rhsmcertd-worker to place the certs under appropriate directories. For RHMAP, QE team can confirm on this.
Upon QE confirmation this step needs to be removed from the doc from my understanding.

Comment 13 Shwetha Kallesh 2017-11-13 13:54:20 UTC

Reproducer:

[root@bkr-hv01-guest05 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: Unknown
subscription management rules: Unknown
subscription-manager: 1.19.23-1.el7_4
python-rhsm: 1.19.10-1.el7_4


[root@bkr-hv01-guest05 ~]# subscription-manager register --serverurl subscription.rhsm.stage.redhat.com --auto-attach
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: shwetha_tier1_test
Password: 
The system has been registered with ID: c9387e13-6c04-47a7-b8b6-a41c54d0c8f6 

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

[root@bkr-hv01-guest05 ~]# --enable=rhel-7-server-rpms --enable=rhel-7-server-extras-rpms
-bash: --enable=rhel-7-server-rpms: command not found
[root@bkr-hv01-guest05 ~]# subscription-manager repos --enable=rhel-7-server-rpms --enable=rhel-7-server-extras-rpms
Repository 'rhel-7-server-rpms' is enabled for this system.
Repository 'rhel-7-server-extras-rpms' is enabled for this system.
[root@bkr-hv01-guest05 ~]# yum remove subscription-manager-plugin-container -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
No Match for argument: subscription-manager-plugin-container
No Packages marked for removal
[root@bkr-hv01-guest05 ~]# yum install docker -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
rhel-7-server-extras-rpms                                                                                                                        | 3.4 kB  00:00:00     
rhel-7-server-rpms                                                                                                                               | 3.5 kB  00:00:00     
(1/6): rhel-7-server-extras-rpms/x86_64/group                                                                                                    |  104 B  00:00:01     
(2/6): rhel-7-server-extras-rpms/x86_64/updateinfo                                                                                               | 214 kB  00:00:02     
(3/6): rhel-7-server-extras-rpms/x86_64/primary_db                                                                                               | 312 kB  00:00:01     
(4/6): rhel-7-server-rpms/7Server/x86_64/group                                                                                                   | 709 kB  00:00:02     
(5/6): rhel-7-server-rpms/7Server/x86_64/updateinfo                                                                                              | 2.4 MB  00:00:02     
(6/6): rhel-7-server-rpms/7Server/x86_64/primary_db                                                                                              |  44 MB  00:00:09     
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
--> Processing Dependency: docker-client = 2:1.12.6-61.git85d7426.el7 for package: 2:docker-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: docker-common = 2:1.12.6-61.git85d7426.el7 for package: 2:docker-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: libseccomp.so.2()(64bit) for package: 2:docker-1.12.6-61.git85d7426.el7.x86_64
--> Running transaction check
---> Package docker-client.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
---> Package docker-common.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
--> Processing Dependency: docker-rhel-push-plugin = 2:1.12.6-61.git85d7426.el7 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: container-selinux >= 2:2.21-2 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: container-storage-setup >= 0.7.0-1 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-3.10 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: oci-umount >= 2:2.0.0-1 for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: atomic-registries for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: skopeo-containers for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: subscription-manager-plugin-container for package: 2:docker-common-1.12.6-61.git85d7426.el7.x86_64
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed
--> Running transaction check
---> Package atomic-registries.x86_64 1:1.19.1-5.git48c224b.el7 will be installed
--> Processing Dependency: libyaml for package: 1:atomic-registries-1.19.1-5.git48c224b.el7.x86_64
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: 1:atomic-registries-1.19.1-5.git48c224b.el7.x86_64
---> Package container-selinux.noarch 2:2.28-1.git85ce147.el7 will be installed
--> Processing Dependency: policycoreutils >= 2.5-11 for package: 2:container-selinux-2.28-1.git85ce147.el7.noarch
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.28-1.git85ce147.el7.noarch
---> Package container-storage-setup.noarch 0:0.7.0-1.git4ca59c5.el7 will be installed
---> Package docker-rhel-push-plugin.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
---> Package oci-register-machine.x86_64 1:0-3.13.gitcd1e331.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.1.14-1.git1ba44c6.el7 will be installed
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook-0.1.14-1.git1ba44c6.el7.x86_64
---> Package oci-umount.x86_64 2:2.0.0-1.git299e781.el7 will be installed
---> Package skopeo-containers.x86_64 1:0.1.24-1.dev.git28d4e08.el7 will be installed
---> Package subscription-manager-plugin-container.x86_64 0:1.19.23-1.el7_4 will be installed
--> Processing Dependency: subscription-manager = 1.19.23-1.el7_4 for package: subscription-manager-plugin-container-1.19.23-1.el7_4.x86_64
--> Running transaction check
---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed
---> Package policycoreutils.x86_64 0:2.5-8.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-17.1.el7 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-17.1.el7 will be installed
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-5 for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: setools-libs >= 3.3.8-1 for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-17.1.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-17.1.el7.x86_64
---> Package subscription-manager.x86_64 0:1.17.15-1.el7 will be updated
---> Package subscription-manager.x86_64 0:1.19.23-1.el7_4 will be an update
--> Processing Dependency: python-rhsm >= 1.19.10 for package: subscription-manager-1.19.23-1.el7_4.x86_64
---> Package yajl.x86_64 0:2.0.4-4.el7 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.7.6-3.el7 will be installed
--> Processing Dependency: audit-libs(x86-64) = 2.7.6-3.el7 for package: audit-libs-python-2.7.6-3.el7.x86_64
---> Package checkpolicy.x86_64 0:2.5-4.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-13.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-8.el7 will be installed
--> Processing Dependency: libsemanage = 2.5-8.el7 for package: libsemanage-python-2.5-8.el7.x86_64
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package python-rhsm.x86_64 0:1.17.9-1.el7 will be updated
---> Package python-rhsm.x86_64 0:1.19.10-1.el7_4 will be an update
--> Processing Dependency: python-rhsm-certificates = 1.19.10-1.el7_4 for package: python-rhsm-1.19.10-1.el7_4.x86_64
---> Package setools-libs.x86_64 0:3.3.8-1.1.el7 will be installed
--> Running transaction check
---> Package audit-libs.x86_64 0:2.6.5-3.el7 will be updated
--> Processing Dependency: audit-libs(x86-64) = 2.6.5-3.el7 for package: audit-2.6.5-3.el7.x86_64
---> Package audit-libs.x86_64 0:2.7.6-3.el7 will be an update
---> Package libsemanage.x86_64 0:2.5-4.el7 will be updated
---> Package libsemanage.x86_64 0:2.5-8.el7 will be an update
---> Package python-rhsm-certificates.x86_64 0:1.17.9-1.el7 will be updated
---> Package python-rhsm-certificates.x86_64 0:1.19.10-1.el7_4 will be an update
--> Running transaction check
---> Package audit.x86_64 0:2.6.5-3.el7 will be updated
---> Package audit.x86_64 0:2.7.6-3.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================================
 Package                                              Arch                  Version                                      Repository                                Size
========================================================================================================================================================================
Installing:
 docker                                               x86_64                2:1.12.6-61.git85d7426.el7                   rhel-7-server-extras-rpms                 15 M
Installing for dependencies:
 atomic-registries                                    x86_64                1:1.19.1-5.git48c224b.el7                    rhel-7-server-extras-rpms                 32 k
 audit-libs-python                                    x86_64                2.7.6-3.el7                                  rhel-7-server-rpms                        73 k
 checkpolicy                                          x86_64                2.5-4.el7                                    beaker-Server                            290 k
 container-selinux                                    noarch                2:2.28-1.git85ce147.el7                      rhel-7-server-extras-rpms                 29 k
 container-storage-setup                              noarch                0.7.0-1.git4ca59c5.el7                       rhel-7-server-extras-rpms                 32 k
 docker-client                                        x86_64                2:1.12.6-61.git85d7426.el7                   rhel-7-server-extras-rpms                3.4 M
 docker-common                                        x86_64                2:1.12.6-61.git85d7426.el7                   rhel-7-server-extras-rpms                 80 k
 docker-rhel-push-plugin                              x86_64                2:1.12.6-61.git85d7426.el7                   rhel-7-server-extras-rpms                1.6 M
 libcgroup                                            x86_64                0.41-13.el7                                  rhel-7-server-rpms                        65 k
 libseccomp                                           x86_64                2.3.1-3.el7                                  rhel-7-server-rpms                        56 k
 libsemanage-python                                   x86_64                2.5-8.el7                                    rhel-7-server-rpms                       104 k
 libyaml                                              x86_64                0.1.4-11.el7_0                               beaker-Server                             55 k
 oci-register-machine                                 x86_64                1:0-3.13.gitcd1e331.el7                      rhel-7-server-extras-rpms                1.1 M
 oci-systemd-hook                                     x86_64                1:0.1.14-1.git1ba44c6.el7                    rhel-7-server-extras-rpms                 32 k
 oci-umount                                           x86_64                2:2.0.0-1.git299e781.el7                     rhel-7-server-extras-rpms                 27 k
 policycoreutils-python                               x86_64                2.5-17.1.el7                                 rhel-7-server-rpms                       446 k
 python-IPy                                           noarch                0.75-6.el7                                   beaker-Server                             32 k
 setools-libs                                         x86_64                3.3.8-1.1.el7                                beaker-Server                            610 k
 skopeo-containers                                    x86_64                1:0.1.24-1.dev.git28d4e08.el7                rhel-7-server-extras-rpms                8.5 k
 subscription-manager-plugin-container                x86_64                1.19.23-1.el7_4                              rhel-7-server-rpms                       197 k
 yajl                                                 x86_64                2.0.4-4.el7                                  beaker-Server                             39 k
Updating for dependencies:
 audit                                                x86_64                2.7.6-3.el7                                  rhel-7-server-rpms                       242 k
 audit-libs                                           x86_64                2.7.6-3.el7                                  rhel-7-server-rpms                        96 k
 libsemanage                                          x86_64                2.5-8.el7                                    rhel-7-server-rpms                       145 k
 policycoreutils                                      x86_64                2.5-17.1.el7                                 rhel-7-server-rpms                       858 k
 python-rhsm                                          x86_64                1.19.10-1.el7_4                              rhel-7-server-rpms                       127 k
 python-rhsm-certificates                             x86_64                1.19.10-1.el7_4                              rhel-7-server-rpms                        41 k
 subscription-manager                                 x86_64                1.19.23-1.el7_4                              rhel-7-server-rpms                       957 k

Transaction Summary
========================================================================================================================================================================
Install  1 Package  (+21 Dependent packages)
Upgrade             (  7 Dependent packages)

Total download size: 25 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7Server/rhel-7-server-extras-rpms/packages/atomic-registries-1.19.1-5.git48c224b.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Public key for atomic-registries-1.19.1-5.git48c224b.el7.x86_64.rpm is not installed
(1/29): atomic-registries-1.19.1-5.git48c224b.el7.x86_64.rpm                                                                                     |  32 kB  00:00:01     
Public key for audit-libs-2.7.6-3.el7.x86_64.rpm is not installed     0% [                                                            ]  0.0 B/s |  86 kB  --:--:-- ETA 
(2/29): audit-libs-2.7.6-3.el7.x86_64.rpm                                                                                                        |  96 kB  00:00:02     
(3/29): checkpolicy-2.5-4.el7.x86_64.rpm                                                                                                         | 290 kB  00:00:00     
(4/29): audit-2.7.6-3.el7.x86_64.rpm                                                                                                             | 242 kB  00:00:03     
(5/29): audit-libs-python-2.7.6-3.el7.x86_64.rpm                                                                                                 |  73 kB  00:00:02     
(6/29): container-storage-setup-0.7.0-1.git4ca59c5.el7.noarch.rpm                                                                                |  32 kB  00:00:01     
(7/29): container-selinux-2.28-1.git85ce147.el7.noarch.rpm                                                                                       |  29 kB  00:00:01     
(8/29): docker-client-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                        | 3.4 MB  00:00:04     
(9/29): docker-common-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                        |  80 kB  00:00:02     
(10/29): libseccomp-2.3.1-3.el7.x86_64.rpm                                                                                                       |  56 kB  00:00:02     
(11/29): libcgroup-0.41-13.el7.x86_64.rpm                                                                                                        |  65 kB  00:00:02     
(12/29): libyaml-0.1.4-11.el7_0.x86_64.rpm                                                                                                       |  55 kB  00:00:00     
(13/29): docker-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                              |  15 MB  00:00:10     
(14/29): docker-rhel-push-plugin-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                             | 1.6 MB  00:00:03     
(15/29): libsemanage-python-2.5-8.el7.x86_64.rpm                                                                                                 | 104 kB  00:00:02     
(16/29): libsemanage-2.5-8.el7.x86_64.rpm                                                                                                        | 145 kB  00:00:02     
(17/29): oci-systemd-hook-0.1.14-1.git1ba44c6.el7.x86_64.rpm                                                                                     |  32 kB  00:00:01     
(18/29): python-IPy-0.75-6.el7.noarch.rpm                                                                                                        |  32 kB  00:00:00     
(19/29): oci-register-machine-0-3.13.gitcd1e331.el7.x86_64.rpm                                                                                   | 1.1 MB  00:00:03     
(20/29): oci-umount-2.0.0-1.git299e781.el7.x86_64.rpm                                                                                            |  27 kB  00:00:01     
(21/29): policycoreutils-python-2.5-17.1.el7.x86_64.rpm                                                                                          | 446 kB  00:00:03     
(22/29): policycoreutils-2.5-17.1.el7.x86_64.rpm                                                                                                 | 858 kB  00:00:03     
(23/29): setools-libs-3.3.8-1.1.el7.x86_64.rpm                                                                                                   | 610 kB  00:00:00     
(24/29): skopeo-containers-0.1.24-1.dev.git28d4e08.el7.x86_64.rpm                                                                                | 8.5 kB  00:00:00     
(25/29): python-rhsm-1.19.10-1.el7_4.x86_64.rpm                                                                                                  | 127 kB  00:00:02     
(26/29): python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm                                                                                     |  41 kB  00:00:01     
(27/29): yajl-2.0.4-4.el7.x86_64.rpm                                                                                                             |  39 kB  00:00:00     
(28/29): subscription-manager-plugin-container-1.19.23-1.el7_4.x86_64.rpm                                                                        | 197 kB  00:00:02     
(29/29): subscription-manager-1.19.23-1.el7_4.x86_64.rpm                                                                                         | 957 kB  00:00:03     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   1.0 MB/s |  25 MB  00:00:25     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importing GPG key 0xFD431D51:
 Userid     : "Red Hat, Inc. (release key 2) <security>"
 Fingerprint: 567e 347a d004 4ade 55ba 8a5f 199e 2f91 fd43 1d51
 Package    : redhat-release-server-7.3-7.el7.x86_64 (@beaker-Server/7.3)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importing GPG key 0x2FA658E0:
 Userid     : "Red Hat, Inc. (auxiliary key) <security>"
 Fingerprint: 43a6 e49c 4a38 f4be 9abf 2a53 4568 9c88 2fa6 58e0
 Package    : redhat-release-server-7.3-7.el7.x86_64 (@beaker-Server/7.3)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : audit-libs-2.7.6-3.el7.x86_64                                                                                                                       1/36 
  Updating   : libsemanage-2.5-8.el7.x86_64                                                                                                                        2/36 
  Updating   : policycoreutils-2.5-17.1.el7.x86_64                                                                                                                 3/36 
  Installing : yajl-2.0.4-4.el7.x86_64                                                                                                                             4/36 
  Installing : 2:oci-umount-2.0.0-1.git299e781.el7.x86_64                                                                                                          5/36 
  Installing : 1:oci-systemd-hook-0.1.14-1.git1ba44c6.el7.x86_64                                                                                                   6/36 
  Installing : libsemanage-python-2.5-8.el7.x86_64                                                                                                                 7/36 
  Installing : audit-libs-python-2.7.6-3.el7.x86_64                                                                                                                8/36 
  Installing : setools-libs-3.3.8-1.1.el7.x86_64                                                                                                                   9/36 
  Installing : checkpolicy-2.5-4.el7.x86_64                                                                                                                       10/36 
  Installing : 1:skopeo-containers-0.1.24-1.dev.git28d4e08.el7.x86_64                                                                                             11/36 
  Installing : libyaml-0.1.4-11.el7_0.x86_64                                                                                                                      12/36 
  Installing : 1:atomic-registries-1.19.1-5.git48c224b.el7.x86_64                                                                                                 13/36 
  Installing : 2:docker-rhel-push-plugin-1.12.6-61.git85d7426.el7.x86_64                                                                                          14/36 
  Installing : container-storage-setup-0.7.0-1.git4ca59c5.el7.noarch                                                                                              15/36 
  Installing : libcgroup-0.41-13.el7.x86_64                                                                                                                       16/36 
  Installing : python-IPy-0.75-6.el7.noarch                                                                                                                       17/36 
  Installing : policycoreutils-python-2.5-17.1.el7.x86_64                                                                                                         18/36 
  Installing : 2:container-selinux-2.28-1.git85ce147.el7.noarch                                                                                                   19/36 
  Updating   : python-rhsm-certificates-1.19.10-1.el7_4.x86_64                                                                                                    20/36 
  Updating   : python-rhsm-1.19.10-1.el7_4.x86_64                                                                                                                 21/36 
  Updating   : subscription-manager-1.19.23-1.el7_4.x86_64                                                                                                        22/36 
warning: /etc/rhsm/rhsm.conf created as /etc/rhsm/rhsm.conf.rpmnew
  Installing : subscription-manager-plugin-container-1.19.23-1.el7_4.x86_64                                                                                       23/36 
  Installing : 1:oci-register-machine-0-3.13.gitcd1e331.el7.x86_64                                                                                                24/36 
  Installing : 2:docker-common-1.12.6-61.git85d7426.el7.x86_64                                                                                                    25/36 
  Installing : 2:docker-client-1.12.6-61.git85d7426.el7.x86_64                                                                                                    26/36 
  Installing : libseccomp-2.3.1-3.el7.x86_64                                                                                                                      27/36 
  Installing : 2:docker-1.12.6-61.git85d7426.el7.x86_64                                                                                                           28/36 
  Updating   : audit-2.7.6-3.el7.x86_64                                                                                                                           29/36 
  Cleanup    : policycoreutils-2.5-8.el7.x86_64                                                                                                                   30/36 
  Cleanup    : libsemanage-2.5-4.el7.x86_64                                                                                                                       31/36 
  Cleanup    : audit-2.6.5-3.el7.x86_64                                                                                                                           32/36 
  Cleanup    : subscription-manager-1.17.15-1.el7.x86_64                                                                                                          33/36 
  Cleanup    : python-rhsm-1.17.9-1.el7.x86_64                                                                                                                    34/36 
  Cleanup    : python-rhsm-certificates-1.17.9-1.el7.x86_64                                                                                                       35/36 
  Cleanup    : audit-libs-2.6.5-3.el7.x86_64                                                                                                                      36/36 
rhel-7-server-extras-rpms/x86_64/productid                                                                                                       | 2.1 kB  00:00:00     
rhel-7-server-rpms/7Server/x86_64/productid                                                                                                      | 2.1 kB  00:00:00     
  Verifying  : subscription-manager-1.19.23-1.el7_4.x86_64                                                                                                         1/36 
  Verifying  : libseccomp-2.3.1-3.el7.x86_64                                                                                                                       2/36 
  Verifying  : policycoreutils-python-2.5-17.1.el7.x86_64                                                                                                          3/36 
  Verifying  : 1:oci-register-machine-0-3.13.gitcd1e331.el7.x86_64                                                                                                 4/36 
  Verifying  : audit-libs-2.7.6-3.el7.x86_64                                                                                                                       5/36 
  Verifying  : 2:oci-umount-2.0.0-1.git299e781.el7.x86_64                                                                                                          6/36 
  Verifying  : 2:docker-common-1.12.6-61.git85d7426.el7.x86_64                                                                                                     7/36 
  Verifying  : python-rhsm-certificates-1.19.10-1.el7_4.x86_64                                                                                                     8/36 
  Verifying  : python-IPy-0.75-6.el7.noarch                                                                                                                        9/36 
  Verifying  : libsemanage-python-2.5-8.el7.x86_64                                                                                                                10/36 
  Verifying  : libcgroup-0.41-13.el7.x86_64                                                                                                                       11/36 
  Verifying  : audit-2.7.6-3.el7.x86_64                                                                                                                           12/36 
  Verifying  : 2:docker-1.12.6-61.git85d7426.el7.x86_64                                                                                                           13/36 
  Verifying  : policycoreutils-2.5-17.1.el7.x86_64                                                                                                                14/36 
  Verifying  : subscription-manager-plugin-container-1.19.23-1.el7_4.x86_64                                                                                       15/36 
  Verifying  : 1:oci-systemd-hook-0.1.14-1.git1ba44c6.el7.x86_64                                                                                                  16/36 
  Verifying  : container-storage-setup-0.7.0-1.git4ca59c5.el7.noarch                                                                                              17/36 
  Verifying  : 2:docker-rhel-push-plugin-1.12.6-61.git85d7426.el7.x86_64                                                                                          18/36 
  Verifying  : libsemanage-2.5-8.el7.x86_64                                                                                                                       19/36 
  Verifying  : yajl-2.0.4-4.el7.x86_64                                                                                                                            20/36 
  Verifying  : libyaml-0.1.4-11.el7_0.x86_64                                                                                                                      21/36 
  Verifying  : 2:docker-client-1.12.6-61.git85d7426.el7.x86_64                                                                                                    22/36 
  Verifying  : 1:atomic-registries-1.19.1-5.git48c224b.el7.x86_64                                                                                                 23/36 
  Verifying  : audit-libs-python-2.7.6-3.el7.x86_64                                                                                                               24/36 
  Verifying  : python-rhsm-1.19.10-1.el7_4.x86_64                                                                                                                 25/36 
  Verifying  : 1:skopeo-containers-0.1.24-1.dev.git28d4e08.el7.x86_64                                                                                             26/36 
  Verifying  : 2:container-selinux-2.28-1.git85ce147.el7.noarch                                                                                                   27/36 
  Verifying  : checkpolicy-2.5-4.el7.x86_64                                                                                                                       28/36 
  Verifying  : setools-libs-3.3.8-1.1.el7.x86_64                                                                                                                  29/36 
  Verifying  : policycoreutils-2.5-8.el7.x86_64                                                                                                                   30/36 
  Verifying  : python-rhsm-certificates-1.17.9-1.el7.x86_64                                                                                                       31/36 
  Verifying  : python-rhsm-1.17.9-1.el7.x86_64                                                                                                                    32/36 
  Verifying  : subscription-manager-1.17.15-1.el7.x86_64                                                                                                          33/36 
  Verifying  : audit-libs-2.6.5-3.el7.x86_64                                                                                                                      34/36 
  Verifying  : libsemanage-2.5-4.el7.x86_64                                                                                                                       35/36 
  Verifying  : audit-2.6.5-3.el7.x86_64                                                                                                                           36/36 

Installed:
  docker.x86_64 2:1.12.6-61.git85d7426.el7                                                                                                                              

Dependency Installed:
  atomic-registries.x86_64 1:1.19.1-5.git48c224b.el7     audit-libs-python.x86_64 0:2.7.6-3.el7                         checkpolicy.x86_64 0:2.5-4.el7                 
  container-selinux.noarch 2:2.28-1.git85ce147.el7       container-storage-setup.noarch 0:0.7.0-1.git4ca59c5.el7        docker-client.x86_64 2:1.12.6-61.git85d7426.el7
  docker-common.x86_64 2:1.12.6-61.git85d7426.el7        docker-rhel-push-plugin.x86_64 2:1.12.6-61.git85d7426.el7      libcgroup.x86_64 0:0.41-13.el7                 
  libseccomp.x86_64 0:2.3.1-3.el7                        libsemanage-python.x86_64 0:2.5-8.el7                          libyaml.x86_64 0:0.1.4-11.el7_0                
  oci-register-machine.x86_64 1:0-3.13.gitcd1e331.el7    oci-systemd-hook.x86_64 1:0.1.14-1.git1ba44c6.el7              oci-umount.x86_64 2:2.0.0-1.git299e781.el7     
  policycoreutils-python.x86_64 0:2.5-17.1.el7           python-IPy.noarch 0:0.75-6.el7                                 setools-libs.x86_64 0:3.3.8-1.1.el7            
  skopeo-containers.x86_64 1:0.1.24-1.dev.git28d4e08.el7 subscription-manager-plugin-container.x86_64 0:1.19.23-1.el7_4 yajl.x86_64 0:2.0.4-4.el7                      

Dependency Updated:
  audit.x86_64 0:2.7.6-3.el7                               audit-libs.x86_64 0:2.7.6-3.el7                 libsemanage.x86_64 0:2.5-8.el7                              
  policycoreutils.x86_64 0:2.5-17.1.el7                    python-rhsm.x86_64 0:1.19.10-1.el7_4            python-rhsm-certificates.x86_64 0:1.19.10-1.el7_4           
  subscription-manager.x86_64 0:1.19.23-1.el7_4           

Complete!
[root@bkr-hv01-guest05 ~]# ll /etc/docker/certs.d
total 0
drwxr-xr-x. 2 root root 46 Nov 13 08:49 cdn.redhat.com
drwxr-xr-x. 2 root root 27 Nov 13 08:49 redhat.com
drwxr-xr-x. 2 root root 27 Nov 13 08:49 redhat.io
drwxr-xr-x. 2 root root 27 Nov 13 08:49 registry.access.redhat.com
[root@bkr-hv01-guest05 ~]# ll /etc/docker/certs.d/registry.access.redhat.com/
total 0
lrwxrwxrwx. 1 root root 27 Nov 13 08:49 redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem

Comment 14 Shwetha Kallesh 2017-11-13 14:04:28 UTC

Verification:

[root@dhcp35-121 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 2.0.43-1
subscription management rules: 5.26
subscription-manager: 1.20.5-1.el7


[root@dhcp35-121 /]# subscription-manager register
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: shwetha_tier1_test
Password: 
The system has been registered with ID: dfefffb4-5bc8-44cb-8031-28e15485649b


[root@dhcp35-121 /]# subscription-manager attach --auto
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed


[root@dhcp35-121 /]# subscription-manager repos --enable=rhel-7-server-rpms --enable=rhel-7-server-extras-rpms
Repository 'rhel-7-server-rpms' is enabled for this system.
Repository 'rhel-7-server-extras-rpms' is enabled for this system.

[root@dhcp35-121 ~]# yum install docker subscription-manager-plugin-container-1.20.5-1.el7.x86_64.rpm -y
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
rhel-7-server-extras-rpms                                                                                                                        | 3.4 kB  00:00:00     
https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/solutions/69319

If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.

Examining subscription-manager-plugin-container-1.20.5-1.el7.x86_64.rpm: subscription-manager-plugin-container-1.20.5-1.el7.x86_64
Marking subscription-manager-plugin-container-1.20.5-1.el7.x86_64.rpm to be installed
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).
--> Running transaction check
---> Package docker.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
--> Processing Dependency: docker-client = 2:1.12.6-61.git85d7426.el7 for package: 2:docker-1.12.6-61.git85d7426.el7.x86_64
--> Processing Dependency: docker-common = 2:1.12.6-61.git85d7426.el7 for package: 2:docker-1.12.6-61.git85d7426.el7.x86_64
---> Package subscription-manager-plugin-container.x86_64 0:1.20.5-1.el7 will be installed
--> Running transaction check
---> Package docker-client.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
---> Package docker-common.x86_64 2:1.12.6-61.git85d7426.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================================
 Package                                      Arch          Version                             Repository                                                         Size
========================================================================================================================================================================
Installing:
 docker                                       x86_64        2:1.12.6-61.git85d7426.el7          rhel-7-server-extras-rpms                                          15 M
 subscription-manager-plugin-container        x86_64        1.20.5-1.el7                        /subscription-manager-plugin-container-1.20.5-1.el7.x86_64         28 k
Installing for dependencies:
 docker-client                                x86_64        2:1.12.6-61.git85d7426.el7          rhel-7-server-extras-rpms                                         3.4 M
 docker-common                                x86_64        2:1.12.6-61.git85d7426.el7          rhel-7-server-extras-rpms                                          80 k

Transaction Summary
========================================================================================================================================================================
Install  2 Packages (+2 Dependent packages)

Total size: 18 M
Total download size: 18 M
Installed size: 63 M
Downloading packages:
(1/3): docker-client-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                         | 3.4 MB  00:00:04     
(2/3): docker-common-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                         |  80 kB  00:00:00     
(3/3): docker-1.12.6-61.git85d7426.el7.x86_64.rpm                                                                                                |  15 MB  00:00:24     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                   775 kB/s |  18 MB  00:00:24     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : subscription-manager-plugin-container-1.20.5-1.el7.x86_64                                                                                            1/4 
  Installing : 2:docker-common-1.12.6-61.git85d7426.el7.x86_64                                                                                                      2/4 
  Installing : 2:docker-client-1.12.6-61.git85d7426.el7.x86_64                                                                                                      3/4 
  Installing : 2:docker-1.12.6-61.git85d7426.el7.x86_64                                                                                                             4/4 
https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/os/repodata/productid: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
  Verifying  : 2:docker-common-1.12.6-61.git85d7426.el7.x86_64                                                                                                      1/4 
  Verifying  : 2:docker-1.12.6-61.git85d7426.el7.x86_64                                                                                                             2/4 
  Verifying  : 2:docker-client-1.12.6-61.git85d7426.el7.x86_64                                                                                                      3/4 
  Verifying  : subscription-manager-plugin-container-1.20.5-1.el7.x86_64                                                                                            4/4 

Installed:
  docker.x86_64 2:1.12.6-61.git85d7426.el7                                  subscription-manager-plugin-container.x86_64 0:1.20.5-1.el7                                 

Dependency Installed:
  docker-client.x86_64 2:1.12.6-61.git85d7426.el7                                    docker-common.x86_64 2:1.12.6-61.git85d7426.el7                                   

Complete!

[root@dhcp35-121 ~]# ls /etc/docker/certs.d/
access.redhat.com/          redhat.com/                 registry.access.redhat.com/ 
cdn.redhat.com/             redhat.io/                  registry.redhat.io/         
[root@dhcp35-121 ~]# ls /etc/docker/certs.d/access.redhat.com/
677363574348097286.cert  677363574348097286.key
[root@dhcp35-121 ~]# ll /etc/docker/certs.d/registry.access.redhat.com/
total 24
-rw-r--r--. 1 root root 18808 Nov 13 19:31 677363574348097286.cert
-rw-------. 1 root root  1675 Nov 13 19:31 677363574348097286.key
lrwxrwxrwx. 1 root root    27 Nov 13 19:31 redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
[root@dhcp35-121 ~]# ls /etc/pki/entitlement/
677363574348097286-key.pem  677363574348097286.pem

Comment 20 errata-xmlrpc 2018-04-10 09:49:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0681

Note You need to log in before you can comment on or make changes to this bug.