1425722 – rhsmcertd update is not automatically regenerating consumer cert

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1425722 - rhsmcertd update is not automatically regenerating consumer cert

Summary: rhsmcertd update is not automatically regenerating consumer cert

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	6.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	candlepin-bugs
QA Contact:	John Sefler
Docs Contact:
URL:
Whiteboard:
Depends On:	923159
Blocks:	rhsm-rhel70 1231074
TreeView+	depends on / blocked

Reported:	2017-02-22 08:38 UTC by qianzhan
Modified:	2017-02-27 08:43 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	923159
Environment:
Last Closed:	2017-02-27 08:43:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
rhsm.log (30.83 KB, text/plain) 2017-02-22 08:42 UTC, qianzhan	no flags	Details
rhsmcertd.log (2.82 KB, text/plain) 2017-02-22 08:42 UTC, qianzhan	no flags	Details
View All

Comment 2 qianzhan 2017-02-22 08:42:03 UTC

The attachments are 'rhsm.log' and 'rhsmcertd.log'.

Comment 3 qianzhan 2017-02-22 08:42:31 UTC

Created attachment 1256376 [details]
rhsm.log

Comment 4 qianzhan 2017-02-22 08:42:56 UTC

Created attachment 1256378 [details]
rhsmcertd.log

Comment 5 Barnaby Court 2017-02-23 14:46:52 UTC

The certificate expiration is checked server side. If you update the time on the Satellite Server and the client and then restart the satellite server do you still see the reported bug?

Comment 6 qianzhan 2017-02-24 06:35:40 UTC

1. I tried to restart satellite and then check the client after 2 mins, but the bug still exists:

[root@ibm-x3650-03 ~]# katello-service restart
Redirecting to /bin/systemctl stop  foreman-tasks.service

Redirecting to /bin/systemctl stop  httpd.service

Redirecting to /bin/systemctl stop  pulp_workers.service

Redirecting to /bin/systemctl stop  foreman-proxy.service

Redirecting to /bin/systemctl stop  pulp_streamer.service

Redirecting to /bin/systemctl stop  pulp_resource_manager.service

Redirecting to /bin/systemctl stop  pulp_celerybeat.service

Redirecting to /bin/systemctl stop  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl stop  tomcat.service

Redirecting to /bin/systemctl stop  squid.service

Redirecting to /bin/systemctl stop  qdrouterd.service

Redirecting to /bin/systemctl stop  qpidd.service

Redirecting to /bin/systemctl stop  postgresql.service

Redirecting to /bin/systemctl stop  mongod.service

Success!
Redirecting to /bin/systemctl start  mongod.service

Redirecting to /bin/systemctl start  postgresql.service

Redirecting to /bin/systemctl start  qpidd.service

Redirecting to /bin/systemctl start  qdrouterd.service

Redirecting to /bin/systemctl start  squid.service

Redirecting to /bin/systemctl start  tomcat.service

Redirecting to /bin/systemctl start  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl start  pulp_celerybeat.service

Redirecting to /bin/systemctl start  pulp_resource_manager.service

Redirecting to /bin/systemctl start  pulp_streamer.service

Redirecting to /bin/systemctl start  foreman-proxy.service

Redirecting to /bin/systemctl start  pulp_workers.service

Redirecting to /bin/systemctl start  httpd.service

Redirecting to /bin/systemctl start  foreman-tasks.service

Success!
[root@ibm-x3650-03 ~]# sleep 120

[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00


2. After step 1, I restart rhsmcertd on client, and tried again, still failed to see the cert regeneration:
[root@dhcp-128-57 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@dhcp-128-57 ~]# sleep 120
[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00
[root@dhcp-128-57 ~]#

Comment 7 qianzhan 2017-02-27 06:58:55 UTC

Can not reproduced this bug on RHEL-6.9-20170226.0 against SAM

1. 
[root@hp-dl2x170g6-02 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 1.4.3.28-1.el6sam_splice-Headpin
subscription management rules: Unknown
subscription-manager: 1.18.10-1.el6
python-rhsm: 1.18.6-1.el6

2.

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 06:42:08 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 11:45:15+00:00
	End Date: 2048-11-29 11:45:15+00:00
[root@hp-dl2x170g6-02 ~]#

Comment 8 qianzhan 2017-02-27 08:43:03 UTC

This bug can not be reproduced on RHEL-6.9-20170226.0 against Satellite6.2.7:

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 03:38:13 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 08:40:14+00:00
	End Date: 2048-11-29 08:40:14+00:00

Close this bug as WORKSFORME.

Note You need to log in before you can comment on or make changes to this bug.