Description of problem: New provisioned machines do not get temporary subscription during the provisioning even if VDC subscription is added to the activation-key. This leads to the following on the provisioned machine: - katello-agent is not installed. - puppet is not installed. - Other software like free-ipa is not installed. - The machine is not updated. - The machine status is : +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Invalid Red Hat Enterprise Linux for x86_64: - Not supported by a valid subscription. System Purpose Status: Not Specified Version-Release number of selected component (if applicable): satellite 6.6 RHEL 8 , 8.1 kickstarts How reproducible: 100% Steps to Reproduce: 1. Add VDC subscription to the activation-key used on the host-group. 2. Provision a new RHEL8 machine. 3. Check the machine after the provisioning. Actual results: - katello-agent is not installed. - puppet is not installed. - Other software like free-ipa is not installed. - The machine is not updated. - The machine status is : +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Invalid Red Hat Enterprise Linux for x86_64: - Not supported by a valid subscription. System Purpose Status: Not Specified Expected results: Assign a temporary subscription to the to successfully finish the installation until reported by virt-who. Additional info:
Let me add that this problem is not related to RHEL8. Also kickstarting a 7Server client does not get the temporarily subscription attached. I suspect the register_redhat kickstart snippet needs to be expanded. Because this guide https://access.redhat.com/documentation/en-us/red_hat_satellite/6.5/html/virtual_instances_guide/registering_virtual_guests states the registration of virtual clients is a two stage process: Use the following procedure to register guest virtual machines. Configure the virtual machine to register with the Red Hat Satellite Server. # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm Register the virtual machine. # subscription-manager register --org="organization_label" Obtain a subscription. # subscription-manager attach --pool=subscription_pool_ID When using subscription-manager register --org='ORG' --activiationkey='AK' it fails, but subsequent running subscription-manager attach --auto does get the temporarily subscription attached...
Running the auto-attach after the provisioning is finished will attach the temporary subscription as you have mentioned. But during the provisioning it will fails which will lead to unfinished provisioning.
Could this be a duplicate of bug 1662212?
(In reply to Brad Buckingham from comment #5) > Could this be a duplicate of bug 1662212? The issue on bugzilla 1662212 is general with unavailability of temporary subscription when registering the machine not during the provisioning. As in comment #4 , after the provisioning , there is no issue to attach a temporary subscription. But during the provisioning it will fails which will lead to unfinished provisioning.
As a workaround I modified the redhat_register snippet and changed the lines below: <% if host_param('subscription_manager_username') && host_param('subscription_manager_password') %> <% if host_param('subscription_manager_pool') %> subscription-manager register --name="<%= @host.name %>" --username='<%= host_param("subscription_manager_username") %>' --password='<%= host_param("subscription_manager_password") %>' subscription-manager attach --pool='<%= host_param('subscription_manager_pool') %>' <% else %> subscription-manager register --name="<%= @host.name %>" --username='<%= host_param("subscription_manager_username") %>' --password='<%= host_param("subscription_manager_password") %>' --auto-attach <% end %> <% elsif activation_key %> subscription-manager register --name="<%= @host.name %>" --org='<%= subscription_manager_org %>' --activationkey='<%= activation_key %>' ==> # MVE: Fix for temporary VDC license bug ==> subscription-manager attach --auto <% else %> echo "No activation key found: Not registering to subscription manager" <% end %> By adding this auto attach at least the kickstart will continue, but subscription-manager on the host is still broken, but at least kickstart finishes successful; [root@vmurhel8 ~]# subscription-manager status +-------------------------------------------+ System Status Details +-------------------------------------------+ Traceback (most recent call last): File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 173, in update_check self._sync_with_server(uep, consumer_uuid) File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 605, in _sync_with_server content_tags=self.tags) File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1121, in updateConsumer ret = self.conn.request_put(method, params) File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 735, in request_put return self._request("PUT", method, params, headers=headers) File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 752, in _request info=info, headers=headers) File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 583, in _request conn.request(request_type, handler, body=body, headers=final_headers) File "/usr/lib64/python3.6/http/client.py", line 1254, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output self.send(msg) File "/usr/lib64/python3.6/http/client.py", line 974, in send self.connect() File "/usr/lib64/python3.6/http/client.py", line 1422, in connect server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 773, in __init__ self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1033, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 645, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CA_KEY_TOO_SMALL] ca key too small (_ssl.c:897)
(In reply to Marco Verschuur from comment #7) > As a workaround I modified the redhat_register snippet and changed the lines > below: > > <% if host_param('subscription_manager_username') && > host_param('subscription_manager_password') %> > <% if host_param('subscription_manager_pool') %> > subscription-manager register --name="<%= @host.name %>" > --username='<%= host_param("subscription_manager_username") %>' > --password='<%= host_param("subscription_manager_password") %>' > subscription-manager attach --pool='<%= > host_param('subscription_manager_pool') %>' > <% else %> > subscription-manager register --name="<%= @host.name %>" > --username='<%= host_param("subscription_manager_username") %>' > --password='<%= host_param("subscription_manager_password") %>' --auto-attach > <% end %> > <% elsif activation_key %> > subscription-manager register --name="<%= @host.name %>" --org='<%= > subscription_manager_org %>' --activationkey='<%= activation_key %>' > ==> # MVE: Fix for temporary VDC license bug > ==> subscription-manager attach --auto > <% else %> > echo "No activation key found: Not registering to subscription manager" > <% end %> > > > By adding this auto attach at least the kickstart will continue, but > subscription-manager on the host is still broken, but at least kickstart > finishes successful; > > [root@vmurhel8 ~]# subscription-manager status > +-------------------------------------------+ > System Status Details > +-------------------------------------------+ > Traceback (most recent call last): > File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", > line 173, in update_check > self._sync_with_server(uep, consumer_uuid) > File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", > line 605, in _sync_with_server > content_tags=self.tags) > File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1121, > in updateConsumer > ret = self.conn.request_put(method, params) > File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 735, in > request_put > return self._request("PUT", method, params, headers=headers) > File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 752, in > _request > info=info, headers=headers) > File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 583, in > _request > conn.request(request_type, handler, body=body, headers=final_headers) > File "/usr/lib64/python3.6/http/client.py", line 1254, in request > self._send_request(method, url, body, headers, encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request > self.endheaders(body, encode_chunked=encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders > self._send_output(message_body, encode_chunked=encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output > self.send(msg) > File "/usr/lib64/python3.6/http/client.py", line 974, in send > self.connect() > File "/usr/lib64/python3.6/http/client.py", line 1422, in connect > server_hostname=server_hostname) > File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket > _context=self, _session=session) > File "/usr/lib64/python3.6/ssl.py", line 773, in __init__ > self.do_handshake() > File "/usr/lib64/python3.6/ssl.py", line 1033, in do_handshake > self._sslobj.do_handshake() > File "/usr/lib64/python3.6/ssl.py", line 645, in do_handshake > self._sslobj.do_handshake() > ssl.SSLError: [SSL: CA_KEY_TOO_SMALL] ca key too small (_ssl.c:897) Hello Marco, Thank you for adding the workaround on the bugzilla. I tried it and it is working and the subscription-manager is also working after the provisioning is finished.
Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. This message may be a repeat of a previous update and the bug is again being considered to be closed. If you have any concerns about this, please contact your Red Hat Account team. Thank you.
Thank you for your interest in Red Hat Satellite. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this feel free to contact your Red Hat Account Team. Thank you.