Bug 1428756
| Summary: | [PATCH] configure gpgkey correctly in 'rhui-manager client rpm' command | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Satoru SATOH <ssato> | ||||
| Component: | RHUA | Assignee: | RHUI Bug List <rhui-bugs> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Radek Bíba <rbiba> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.0.0 | CC: | bkearney, mkubik, mverma | ||||
| Target Milestone: | 3.0.3 | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-05-16 12:48:53 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1415661 | ||||||
| Attachments: |
|
||||||
I forgot logs.
Log with some debug messages before the patch ---------------------------------
[root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key
answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/4/
[root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://y20rhc01.local/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=0
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem
[root@rhua-3-1 ~]#
Log with some debug messages after the patch ---------------------------------
[root@rhua-3-1 ~]# rhui-manager client cert --name rhel-7-rhui-client-config --days 3650 --dir /root/setup/clients/4/ --repo_label rhel-7-server-rhui-rpms ...........+++
..........................+++
Entitlement certificate created at /root/setup/clients/4/rhel-7-rhui-client-config.crt
[root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key
pulp=<rhui.tools.pulp_api.Pulp instance at 0x2979a28>,
cert=[sn: 13, path: "/root/setup/clients/4/rhel-7-rhui-client-config.crt"],
entitlements=[Entitlement (content) {
Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
Label ....... = rhel-7-server-rhui-rpms
Quantity .... = None
Flex Quantity = None
Vendor ...... = None
URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os
GPG Key ..... = None
Enabled ..... = None
}]
label='rhel-7-server-rhui-rpms', content_entitlement=Entitlement (content) {
Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
Label ....... = rhel-7-server-rhui-rpms
Quantity .... = None
Flex Quantity = None
Vendor ...... = None
URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os
GPG Key ..... = None
Enabled ..... = None
}
answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/4/
[root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem
[root@rhua-3-1 ~]# rm -rf /root/setup/clients/5
[root@rhua-3-1 ~]# rhui-manager
------------------------------------------------------------------------------
-= Red Hat Update Infrastructure Management Tool =-
-= Home =-
r manage repositories
c manage content delivery servers (CDS)
l manage HAProxy load-balancer instances
s synchronization status and scheduling
e create entitlement certificates and client configuration RPMs
n manage Red Hat entitlement certificates
u manage RHUI users
logout
removes stored authentication credentials and exits
< move to the previous screen
^, home
move to the home screen
/, clear
clears the screen
?, help
display help
q, quit, exit
exit
Connected: rhua-3-1.example.jp
------------------------------------------------------------------------------
rhui (home) => e
------------------------------------------------------------------------------
-= Red Hat Update Infrastructure Management Tool =-
-= Client Entitlement Management =-
e generate an entitlement certificate
c create a client configuration RPM from an entitlement certificate
d create a docker client configuration RPM
o create an atomic client configuration package
Connected: rhua-3-1.example.jp
------------------------------------------------------------------------------
rhui (client) => c
Full path to local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/root/setup/clients/5/
Name of the RPM:
rhel-7-rhui-client-config
Version of the configuration RPM [2.0]:
1.0
Full path to the entitlement certificate authorizing the client to access
specific channels:
/root/setup/clients/4/rhel-7-rhui-client-config.crt
Full path to the private key for the above entitlement certificate:
/root/setup/clients/4/rhel-7-rhui-client-config.key
answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/5/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/5/
------------------------------------------------------------------------------
rhui (client) => q
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/
build/ tmp/
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/
ca.crt debugfiles.list debugsources.list key.pem
content.crt debuglinks.list elfbins.list rh-cloud.repo
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem
[root@rhua-3-1 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1569 |
Created attachment 1259467 [details] An experimental patch to avoid this issue Description of problem: Current implementation of 'rhui-manager client rpm' does nothing about gpg key configuration for repos so that generated RPM is incomplete actually because gpgcheck is disabled and gpgkey is empty in the generated .repo. I made an experimental patch to resolve this. Version-Release number of selected component (if applicable): rh-rhui-tools-3.0.0-1.el7ui How reproducible: always Steps to Reproduce: 1. generate client entitlement cert: rhui-manager, e, e or rhui-manager client cert 2. rhui-manager client rpm ... Actual results: In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo: - gpgcheck=0 (disabled) - no gpgkey line is present Expected results: In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo: - gpgcheck=1 (enabled) - gpgkey line is present: gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Additional info: I made some changes in my experimental patch like the followings: - introduce rhui/common/gpgkeys.py to move and export common gpgkey related functions from rhui/tools/screens/client.py - make rhui/tools/commands/client.py configuring gpgkey related parameters right - add some statements to print debug info and logging messages (should be removed on merge)