Created attachment 1259467 [details] An experimental patch to avoid this issue Description of problem: Current implementation of 'rhui-manager client rpm' does nothing about gpg key configuration for repos so that generated RPM is incomplete actually because gpgcheck is disabled and gpgkey is empty in the generated .repo. I made an experimental patch to resolve this. Version-Release number of selected component (if applicable): rh-rhui-tools-3.0.0-1.el7ui How reproducible: always Steps to Reproduce: 1. generate client entitlement cert: rhui-manager, e, e or rhui-manager client cert 2. rhui-manager client rpm ... Actual results: In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo: - gpgcheck=0 (disabled) - no gpgkey line is present Expected results: In generated .repo file, <client_rpm_build_topdir>/build/<client_config_rpm_name_ver>/rh-cloud.repo: - gpgcheck=1 (enabled) - gpgkey line is present: gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Additional info: I made some changes in my experimental patch like the followings: - introduce rhui/common/gpgkeys.py to move and export common gpgkey related functions from rhui/tools/screens/client.py - make rhui/tools/commands/client.py configuring gpgkey related parameters right - add some statements to print debug info and logging messages (should be removed on merge)
I forgot logs. Log with some debug messages before the patch --------------------------------- [root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'} Successfully created client configuration RPM. RPMs can be found at /root/setup/clients/4/ [root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo [rhui-rhel-7-server-rhui-rpms] name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs) mirrorlist=https://y20rhc01.local/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os enabled=1 gpgcheck=0 sslverify=1 sslcacert=/etc/pki/rhui/ca.crt sslclientcert=/etc/pki/rhui/product/content.crt sslclientkey=/etc/pki/rhui/key.pem [root@rhua-3-1 ~]# Log with some debug messages after the patch --------------------------------- [root@rhua-3-1 ~]# rhui-manager client cert --name rhel-7-rhui-client-config --days 3650 --dir /root/setup/clients/4/ --repo_label rhel-7-server-rhui-rpms ...........+++ ..........................+++ Entitlement certificate created at /root/setup/clients/4/rhel-7-rhui-client-config.crt [root@rhua-3-1 ~]# rhui-manager client rpm --rpm_name rhel-7-rhui-client-config --rpm_version 1.0 --dir /root/setup/clients/4/ --entitlement_cert /root/setup/clients/4/rhel-7-rhui-client-config.crt --private_key /root/setup/clients/4/rhel-7-rhui-client-config.key pulp=<rhui.tools.pulp_api.Pulp instance at 0x2979a28>, cert=[sn: 13, path: "/root/setup/clients/4/rhel-7-rhui-client-config.crt"], entitlements=[Entitlement (content) { Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs) Label ....... = rhel-7-server-rhui-rpms Quantity .... = None Flex Quantity = None Vendor ...... = None URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os GPG Key ..... = None Enabled ..... = None }] label='rhel-7-server-rhui-rpms', content_entitlement=Entitlement (content) { Name ........ = Red Hat Enterprise Linux 7 Server from RHUI (RPMs) Label ....... = rhel-7-server-rhui-rpms Quantity .... = None Flex Quantity = None Vendor ...... = None URL ......... = /content/dist/rhel/rhui/server/7/$releasever/$basearch/os GPG Key ..... = None Enabled ..... = None } answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/4/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'} Successfully created client configuration RPM. RPMs can be found at /root/setup/clients/4/ [root@rhua-3-1 ~]# cat /root/setup/clients/4/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo [rhui-rhel-7-server-rhui-rpms] name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs) mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/rhui/ca.crt sslclientcert=/etc/pki/rhui/product/content.crt sslclientkey=/etc/pki/rhui/key.pem [root@rhua-3-1 ~]# rm -rf /root/setup/clients/5 [root@rhua-3-1 ~]# rhui-manager ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Home =- r manage repositories c manage content delivery servers (CDS) l manage HAProxy load-balancer instances s synchronization status and scheduling e create entitlement certificates and client configuration RPMs n manage Red Hat entitlement certificates u manage RHUI users logout removes stored authentication credentials and exits < move to the previous screen ^, home move to the home screen /, clear clears the screen ?, help display help q, quit, exit exit Connected: rhua-3-1.example.jp ------------------------------------------------------------------------------ rhui (home) => e ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Client Entitlement Management =- e generate an entitlement certificate c create a client configuration RPM from an entitlement certificate d create a docker client configuration RPM o create an atomic client configuration package Connected: rhua-3-1.example.jp ------------------------------------------------------------------------------ rhui (client) => c Full path to local directory in which the client configuration files generated by this tool should be stored (if this directory does not exist, it will be created): /root/setup/clients/5/ Name of the RPM: rhel-7-rhui-client-config Version of the configuration RPM [2.0]: 1.0 Full path to the entitlement certificate authorizing the client to access specific channels: /root/setup/clients/4/rhel-7-rhui-client-config.crt Full path to the private key for the above entitlement certificate: /root/setup/clients/4/rhel-7-rhui-client-config.key answers={'private_key': '/root/setup/clients/4/rhel-7-rhui-client-config.key', 'ca_cert': '/etc/pki/rhui/certs/server.ca', 'unprotected_repos': [], 'custom_gpg_keys': False, 'lb_hostname': 'cds-3-0.example.jp', 'gpg_keys': {'unprotected': {}, 'protected': {'rhel-7-server-rhui-rpms': {'redhat-release': None}}}, 'create_dir': '/root/setup/clients/5/', 'rpm_name': 'rhel-7-rhui-client-config', 'entitlement_cert': '/root/setup/clients/4/rhel-7-rhui-client-config.crt', 'rpm_version': '1.0'} Successfully created client configuration RPM. RPMs can be found at /root/setup/clients/5/ ------------------------------------------------------------------------------ rhui (client) => q [root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/ build/ tmp/ [root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/ ca.crt debugfiles.list debugsources.list key.pem content.crt debuglinks.list elfbins.list rh-cloud.repo [root@rhua-3-1 ~]# cat /root/setup/clients/5/rhel-7-rhui-client-config-1.0/build/BUILD/rhel-7-rhui-client-config-1.0/rh-cloud.repo [rhui-rhel-7-server-rhui-rpms] name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs) mirrorlist=https://cds-3-0.example.jp/pulp/mirror//content/dist/rhel/rhui/server/7/$releasever/$basearch/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/rhui/ca.crt sslclientcert=/etc/pki/rhui/product/content.crt sslclientkey=/etc/pki/rhui/key.pem [root@rhua-3-1 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1569