Bug 1594709
| Summary: | Unable to remove subscription using Pool ID | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Community] Candlepin (Migrated to Jira) | Reporter: | Jiri Hnidek <jhnidek> | ||||||||||
| Component: | candlepin | Assignee: | candlepin-bugs | ||||||||||
| Status: | CLOSED NOTABUG | QA Contact: | Katello QA List <katello-qa-list> | ||||||||||
| Severity: | high | Docs Contact: | |||||||||||
| Priority: | urgent | ||||||||||||
| Version: | 2.4 | CC: | awood, jhnidek, khowell, redakkan, skallesh | ||||||||||
| Target Milestone: | --- | Keywords: | Triaged | ||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | Linux | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||
| Doc Text: | Story Points: | --- | |||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | 2018-07-02 17:27:55 UTC | Type: | Bug | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Embargoed: | |||||||||||||
| Attachments: |
|
||||||||||||
Dev, please check 2.3 branch and 2.4 branch for this issue and reach out to me with the results. I'm able to reproduce it using master branch of subscription-manager and candlepin, but only in situation, when subscription-manager is running on host (not in VM). Steps to reproduce (Candlepin server): 1. git clone https://github.com/candlepin/candlepin.git 2. cd candlepin 3. vagrant up dev 4. vagrant ssh dev 5. cd /vagrant 6. ./server/bin/deploy -gta Steps to reproduce (host running subscription-manager) 1. Get master branch of subman [root@localhost /tmp]# git clone https://github.com/candlepin/subscription-manager.git 2. Change directory [root@localhost subscription_manager]# cd subscription-manager 3. Install all required packages; see: https://www.candlepinproject.org/docs/subscription-manager/installation.html 4. Build subscription-manager [root@localhost subscription_manager]# make 5. Register system [root@localhost subscription_manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager register --username admin --password admin --org admin Registering to: svice:8443/candlepin The system has been registered with ID: 1db20c01-caf8-4e01-87b7-d4c407316724 The registered system name is: localhost.localdomain 6. Attach some pool (e.g. using auto attach) [root@localhost subscription_manager]# ll /etc/pki/product-default/ total 4 -rwxr-xr-x. 1 root root 1289 Jan 23 17:43 32060.pem [root@localhost subscription_manager]# PYTHONPATH=./src python -m subscription_manager.scripts.rct cc /etc/pki/product-default/32060.pem +-------------------------------------------+ Product Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/product-default/32060.pem Version: 1.0 Serial: 48636971 Start Date: 2018-01-23 08:43:50+00:00 End Date: 2028-01-23 08:43:50+00:00 Subject: CN: 32060 Issuer: C: US CN: candle.localdomain L: Raleigh Product: ID: 32060 Name: Awesome OS Instance Server Bits Version: 6.1 Arch: ALL Tags: Brand Type: OS Brand Name: [root@localhost subscription_manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager attach --auto Installed Product Current Status: Product Name: Awesome OS Instance Server Bits Status: Subscribed 7. Get information about consumed subscription [root@localhost subscription_manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: Admin OS Instance Based one socket Provides: Awesome OS Instance Server Bits Admin OS Premium Architecture Bits Admin OS Developer Bits SKU: adminos-onesocketib Contract: 1 Account: 12331131231 Serial: 2209513736220810456 Pool ID: Not Available <============ Pool ID is not available Provides Management: Yes Active: True Quantity Used: 2 Service Level: Standard Service Type: L1-L3 Status Details: Subscription is current Subscription Type: Starts: 06/26/18 Ends: 06/26/19 System Type: Physical Created attachment 1454693 [details]
candlepin.log for 1594709
Created attachment 1454694 [details]
rhsm.log for 1594709
Jiri, I haven't been able to reproduce this issue at all. Would you mind doing me a favor and adding log4j.logger.org.candlepin.common.filter=DEBUG to /etc/candlepin/candlepin.conf and then restarting Tomcat? Also, on the client if you wouldn't mind setting [logging] default_logging_level=DEBUG and then running a subscription-manager clean, re-register, re-attach to the pool, and then run subscription-manager list --consumed. After all that, if you could bundle up rhsm.log and candlepin.log, hopefully I can track this down. Alex,
this is interesting. It seems that the entitlement certificate was generated without Pool ID:
[root@localhost subscription-manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager attach --pool=ff80808164455a240164455aae5701b4
Successfully attached a subscription for: Admin OS Instance Based one socket
[root@localhost subscription-manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Admin OS Instance Based one socket
Provides: Awesome OS Instance Server Bits
Admin OS Premium Architecture Bits
Admin OS Developer Bits
SKU: adminos-onesocketib
Contract: 0
Account: 12331131231
Serial: 5554812566954359453
Pool ID: Not Available
Provides Management: Yes
Active: True
Quantity Used: 2
Service Level: Standard
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type:
Starts: 28.6.2018
Ends: 28.6.2019
System Type: Physical
[root@localhost subscription-manager]# PYTHONPATH=./src python -m subscription_manager.scripts.rct cc /etc/pki/entitlement/5554812566954359453.pem
+-------------------------------------------+
Entitlement Certificate
+-------------------------------------------+
Certificate:
Path: /etc/pki/entitlement/5554812566954359453.pem
Version: 1.0
Serial: 5554812566954359453
Start Date: 2018-06-28 00:00:00+00:00
End Date: 2019-06-28 00:00:00+00:00
Pool ID: Not Available <=============== Pool ID is not available
Subject:
CN: d74929836b574c329ddd8a626e21d14a
O: admin
Issuer:
C: US
CN: candlepin.example.com
L: Raleigh
Product:
ID: 5050
Name: Admin OS Premium Architecture Bits
Version: 6.1
Arch: ppc64
Tags:
Brand Type:
Brand Name:
I'm also providing another log files (rhsm.log and candlepin.log) for this case.
I can also confirm that generated cert sent by candlepin in response doesn't include Pool ID too. The cert is sent twice and the content of cert is same in both responses.
Created attachment 1455233 [details]
candlepin.log for 1594709 (more debug info)
Created attachment 1455234 [details]
rhsm.log for 1594709 (more debug info)
When version of generated certificate is 1.0 and not 3.x, then it generates certificate with missing Pool ID. You can influence it using: [root@localhost subscription-manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager facts | grep certificate system.certificate_version: 1.0 In following case it generates correct certificate: [root@localhost subscription-manager]# PYTHONPATH=./src python -m subscription_manager.scripts.subscription_manager facts | grep certificate system.certificate_version: 3.2 You can test it using fact overrides. (In reply to Jiri Hnidek from comment #10) > When version of generated certificate is 1.0 and not 3.x, then it generates > certificate with missing Pool ID. You can influence it using: Ah ha! Would you mind attaching the offending entitlement certificate to the bug? Jiri, I'm pretty sure this is working as designed. If you look at test/certdata.py you'll see the ENTITLEMENT_CERT_V1_0_OUTPUT (the expected output for the test) has Pool ID as "Not Available". V1 entitlement certificates just didn't have pool ID available. V3 certificates carry a blob of gzipped json in the "BEGIN ENTITLEMENT DATA" section of the PEM file that does have the pool ID. There probably aren't very many V1 clients out there but we still support them. |
Description of problem: It is not possible to remove specific subscription using Pool ID Version-Release number of selected component (if applicable): [root@localhost ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.3.8-1 subscription management rules: 5.26 subscription-manager: 1.20.11-1.el7_5 How reproducible: Always Steps to Reproduce: 1. Register the system to candlepin server [root@localhost ~]# subscription-manager register --username admin --password admin --org admin 2. Attach to some pool using pool ID [root@localhost ~]# subscription-manager attach --pool=ff8080816435dd77016435de0fee02e9 Successfully attached a subscription for: Awesome OS for x86_64/i686/ia64/ppc/ppc64/s390x/s390 3. List consumed subscriptions. [root@localhost ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: Awesome OS for x86_64/i686/ia64/ppc/ppc64/s390x/s390 Provides: Awesome OS for x86_64/i686/ia64/ppc/ppc64/s390x/s390 Bits SKU: awesomeos-everything Contract: 0 Account: 12331131231 Serial: 5880192952286168030 Pool ID: Not Available <================ Pool ID is not available Provides Management: Yes Active: True Quantity Used: 1 Service Level: Service Type: Status Details: Subscription is current Subscription Type: Starts: 25.6.2018 Ends: 25.6.2019 System Type: Physical 4. Try to remove pool using the the same pool ID [root@localhost ~]# subscription-manager remove --pool=ff8080816435dd77016435de0fee02e9 Actual results: 'NoneType' object has no attribute 'id' Expected results: Subscription is removed or some reasonable error/warning message is printed to console. Additional info: Traceback in rhsm.log 2018-06-25 10:13:43,029 [ERROR] subscription_manager.py:22572:MainThread @managercli.py:184 - Unable to perform remove due to the following exception: 'NoneType' object has no attribute 'id' 2018-06-25 10:13:43,029 [ERROR] subscription_manager.py:22572:MainThread @managercli.py:185 - 'NoneType' object has no attribute 'id' Traceback (most recent call last): File "/home/jiri/github/candlepin/subscription_manager/src/subscription_manager/managercli.py", line 1728, in _do_command removed_pools, unremoved_pools, removed_serials = ent_service.remove_entilements_by_pool_ids(self.options.pool_ids) File "/home/jiri/github/candlepin/subscription_manager/src/rhsmlib/services/entitlement.py", line 329, in remove_entilements_by_pool_ids pool_id_to_serials = self.entitlement_dir.list_serials_for_pool_ids(_pool_ids) File "/home/jiri/github/candlepin/subscription_manager/src/subscription_manager/certdirectory.py", line 331, in list_serials_for_pool_ids pool_id_to_serials[pool_id] = [str(cert.serial) for cert in self.list_for_pool_id(pool_id)] File "/home/jiri/github/candlepin/subscription_manager/src/subscription_manager/certdirectory.py", line 322, in list_for_pool_id entitlements = [entitlement for entitlement in self.list() if str(entitlement.pool.id) == str(pool_id)] AttributeError: 'NoneType' object has no attribute 'id' It is still possible to remove specific subscription using serial number. [root@localhost ~]# subscription-manager remove --serial=5880192952286168030