Bug 1428756 - [PATCH] configure gpgkey correctly in 'rhui-manager client rpm' command
Summary: [PATCH] configure gpgkey correctly in 'rhui-manager client rpm' command
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 3.0.3
: ---
Assignee: RHUI Bug List
QA Contact: Radek Bíba
URL:
Whiteboard:
Depends On:
Blocks: 1415661
TreeView+ depends on / blocked
 
Reported: 2017-03-03 10:24 UTC by Satoru SATOH
Modified: 2018-05-16 12:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-16 12:48:53 UTC


Attachments (Terms of Use)
An experimental patch to avoid this issue (10.43 KB, patch)
2017-03-03 10:24 UTC, Satoru SATOH
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1569 None None None 2018-05-16 12:49:23 UTC

Description Satoru SATOH 2017-03-03 10:24:18 UTC
Created attachment 1259467 [details]
An experimental patch to avoid this issue

Description of problem:
Current implementation of 'rhui-manager client rpm' does nothing about gpg key configuration for repos so that generated RPM is incomplete actually because gpgcheck is disabled and gpgkey is empty in the generated .repo.

I made an experimental patch to resolve this.


Version-Release number of selected component (if applicable):
rh-rhui-tools-3.0.0-1.el7ui


How reproducible:
always


Steps to Reproduce:
1. generate client entitlement cert: rhui-manager, e, e or rhui-manager client cert
2. rhui-manager client rpm ...

Actual results:
In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo:

- gpgcheck=0 (disabled)
- no gpgkey line is present


Expected results:
In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo:

- gpgcheck=1 (enabled)
- gpgkey line is present: gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release


Additional info:
I made some changes in my experimental patch like the followings:

- introduce rhui/common/gpgkeys.py to move and export common gpgkey related functions from rhui/tools/screens/client.py
- make rhui/tools/commands/client.py configuring gpgkey related parameters right
- add some statements to print debug info and logging messages (should be removed on merge)

Comment 3 Satoru SATOH 2017-03-03 10:53:35 UTC
I forgot logs.

Log with some debug messages before the patch ---------------------------------

[root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key
answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/4/
[root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://y20rhc01.local/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=0
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem

[root@rhua-3-1 ~]#


Log with some debug messages after the patch ---------------------------------

[root@rhua-3-1 ~]# rhui-manager client cert --name rhel-7-rhui-client-config --days 3650 --dir /root/setup/clients/4/ --repo_label rhel-7-server-rhui-rpms      ...........+++
..........................+++
Entitlement certificate created at /root/setup/clients/4/rhel-7-rhui-client-config.crt
[root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key
pulp=<rhui.tools.pulp_api.Pulp instance at 0x2979a28>,
cert=[sn: 13, path: "/root/setup/clients/4/rhel-7-rhui-client-config.crt"],
entitlements=[Entitlement (content) {
        Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
        Label ....... = rhel-7-server-rhui-rpms
        Quantity .... = None
        Flex Quantity = None
        Vendor ...... = None
        URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os
        GPG Key ..... = None
        Enabled ..... = None
}]

label='rhel-7-server-rhui-rpms', content_entitlement=Entitlement (content) {
        Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
        Label ....... = rhel-7-server-rhui-rpms
        Quantity .... = None
        Flex Quantity = None
        Vendor ...... = None
        URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os
        GPG Key ..... = None
        Enabled ..... = None
}
answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/4/
[root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem

[root@rhua-3-1 ~]# rm -rf /root/setup/clients/5
[root@rhua-3-1 ~]# rhui-manager


------------------------------------------------------------------------------
             -= Red Hat Update Infrastructure Management Tool =-


-= Home =-

   r   manage repositories
   c   manage content delivery servers (CDS)
   l   manage HAProxy load-balancer instances
   s   synchronization status and scheduling
   e   create entitlement certificates and client configuration RPMs
   n   manage Red Hat entitlement certificates
   u   manage RHUI users

   logout
       removes stored authentication credentials and exits

   <   move to the previous screen
   ^, home
       move to the home screen
   /, clear
       clears the screen
   ?, help
       display help
   q, quit, exit
       exit

                                                Connected: rhua-3-1.example.jp
------------------------------------------------------------------------------
rhui (home) => e


------------------------------------------------------------------------------
             -= Red Hat Update Infrastructure Management Tool =-


-= Client Entitlement Management =-

   e   generate an entitlement certificate
   c   create a client configuration RPM from an entitlement certificate
   d   create a docker client configuration RPM
   o   create an atomic client configuration package

                                                Connected: rhua-3-1.example.jp
------------------------------------------------------------------------------
rhui (client) => c

Full path to local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/root/setup/clients/5/

Name of the RPM:
rhel-7-rhui-client-config

Version of the configuration RPM [2.0]:
1.0

Full path to the entitlement certificate authorizing the client to access
specific channels:
/root/setup/clients/4/rhel-7-rhui-client-config.crt

Full path to the private key for the above entitlement certificate:
/root/setup/clients/4/rhel-7-rhui-client-config.key


answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/5/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'}
Successfully created client configuration RPM.
RPMs can be found at /root/setup/clients/5/

------------------------------------------------------------------------------
rhui (client) => q
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/
build/ tmp/
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/
ca.crt             debugfiles.list    debugsources.list  key.pem
content.crt        debuglinks.list    elfbins.list       rh-cloud.repo
[root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo
[rhui-rhel-7-server-rhui-rpms]
name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslcacert=/etc/pki/rhui/ca.crt
sslclientcert=/etc/pki/rhui/product/content.crt
sslclientkey=/etc/pki/rhui/key.pem

[root@rhua-3-1 ~]#

Comment 11 errata-xmlrpc 2018-05-16 12:48:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1569


Note You need to log in before you can comment on or make changes to this bug.