1794826 – [RFE]: subscription-manager refresh needs a light version

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1794826 - [RFE]: subscription-manager refresh needs a light version

Summary: [RFE]: subscription-manager refresh needs a light version

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	---
Hardware:	x86_64
OS:	All
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	8.3
Assignee:	Jiri Hnidek
QA Contact:	Red Hat subscription-manager QE Team
Docs Contact:
URL:
Whiteboard:
Depends On:	1796088
Blocks:	1803951 1825061
TreeView+	depends on / blocked

Reported:	2020-01-24 19:25 UTC by Taft Sanders
Modified:	2023-09-07 21:35 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Draft of documentation text: The default behavior of "subscription-manager refresh" command was modified and a new option "--force" was added. By default, this command no longer regenerates new entitlement certificates on subscription management service before downloading them. Now, it only downloads new copies of the existing entitlement certificates from subscription management service. If the old behavior is required (complete regeneration of entitlement certificates), then you must also pass the new "--force" option.
Clone Of:
Clones:	1796088 (view as bug list)
Environment:
Last Closed:	2020-11-04 01:38:42 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	candlepin subscription-manager pull 2215	0	None	closed	1794826: Added option --force for command refresh; ENT-2033	2020-12-01 09:19:26 UTC
Red Hat Product Errata	RHBA-2020:4460	0	None	None	None	2020-11-04 01:38:57 UTC

Description Taft Sanders 2020-01-24 19:25:24 UTC

Description of problem:
The cost of subscription-manager refresh is taxing. From the client, the client will dirty the certificates and pull all-new, fresh information. An alternative to this being the default should be just pulling information and not forcing a default to dirty the current certificates. The current default could still be implemented if needed with a 'subscription-manager refresh --force'.


Version-Release number of selected component (if applicable):
subscription-manager-1.26.9-1.el8

How reproducible:
n/a

Steps to Reproduce:
1.
2.
3.

Actual results:
10.12.213.118 - - [24/Jan/2020:14:18:54 -0500] "PUT /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates?lazy_regen=true HTTP/1.1" 200 - "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:54 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates/serials HTTP/1.1" 200 32 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates?serials=7166878632496595261 HTTP/1.1" 200 8201 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/status HTTP/1.1" 200 377 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/ HTTP/1.1" 200 2125 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/content_overrides HTTP/1.1" 200 2 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=rhsmd)"


Expected results:
# subscription-manager refresh:
10.12.213.118 - - [24/Jan/2020:14:18:54 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates/serials HTTP/1.1" 200 32 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates?serials=7166878632496595261 HTTP/1.1" 200 8201 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/status HTTP/1.1" 200 377 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/ HTTP/1.1" 200 2125 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/content_overrides HTTP/1.1" 200 2 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"


# subscription-manager refresh --force:
10.12.213.118 - - [24/Jan/2020:14:18:54 -0500] "PUT /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates?lazy_regen=true HTTP/1.1" 200 - "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:54 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates/serials HTTP/1.1" 200 32 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/certificates?serials=7166878632496595261 HTTP/1.1" 200 8201 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/status HTTP/1.1" 200 377 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/ HTTP/1.1" 200 2125 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/content_overrides HTTP/1.1" 200 2 "-" "RHSM/1.0 (cmd=subscription-manager)"
10.12.213.118 - - [24/Jan/2020:14:18:55 -0500] "GET /rhsm/consumers/d8850955-3ba1-402b-a01b-e6bfe85bc164/compliance HTTP/1.1" 200 5920 "-" "RHSM/1.0 (cmd=subscription-manager)"

Additional info:
I'm not sure why there are 5 compliance calls being made at the end (4 from subman, 1 from rhsmd) being made back to back even when the first call returns with a http code 200. I excluded those from the expected output above as this could be included in the RFE.

Comment 7 Shwetha Kallesh 2020-05-18 10:42:42 UTC

[root@kvm-06-guest05 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 2.9.27-1
subscription management rules: 5.37
subscription-manager: 1.27.3


Help message should display new force option: 
--------------------------------------------------------
[root@kvm-06-guest05 ~]# subscription-manager refresh -h
Usage: subscription-manager refresh [OPTIONS]

Pull the latest subscription data from the server

Options:
  -h, --help            show this help message and exit
  --proxy=PROXY_URL     proxy URL in the form of proxy_hostname:proxy_port
  --proxyuser=PROXY_USER
                        user for HTTP proxy with basic authentication
  --proxypassword=PROXY_PASSWORD
                        password for HTTP proxy with basic authentication
  --noproxy=NO_PROXY    host suffixes that should bypass HTTP proxy
  --force               force certificate regeneration
^^ new --force option

Verify man page is updated with --force option:
[root@kvm-06-guest05 ~]# man subscription-manager | grep refresh -A6
              11. refresh

              12. environments

              13. repos

              14. orgs
--
       The refresh command pulls the latest subscription data from the server. Normally, the system polls the subscription management service at a set interval (4 hours by default) to check for any changes in the available subscrip‐
       tions. The refresh command checks with the subscription management service right then, outside the normal interval.

       --force
              Force regeneration of entitlement certificates on the server before these certificates are pulled from the server.


[root@kvm-06-guest05 ~]# subscription-manager register --serverurl subscription.rhsm.stage.redhat.com --username stage_auto_syspurpose001 --password redhat --auto-attach
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
The system has been registered with ID: 51da6f30-37cb-4326-b128-3c99f49d45e5
The registered system name is: kvm-06-guest05.hv2.lab.eng.bos.redhat.com
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64 Beta
Status:       Subscribed

[root@kvm-06-guest05 ~]# subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Beta Access
Provides:            Red Hat Enterprise Linux for Power, little endian Beta
                     Red Hat Enterprise Linux for ARM 64 Beta
                     Red Hat CodeReady Linux Builder for x86_64 Beta
                     Red Hat CodeReady Linux Builder for Power, little endian Beta
                     Red Hat CodeReady Linux Builder for ARM 64 Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for Power, little endian
                     Red Hat Enterprise Linux for SAP HANA for Power, little endian Beta
                     Red Hat Enterprise Linux for x86_64 Beta
                     Red Hat Enterprise Linux for SAP Applications for x86_64 Beta
                     Red Hat Enterprise Linux High Availability Beta
                     Red Hat CodeReady Linux Builder for IBM z Systems Beta
                     Red Hat Enterprise Linux Resilient Storage Beta
                     Red Hat Enterprise Linux for Real Time Beta
                     Red Hat Enterprise Linux for IBM z Systems Beta
                     Red Hat Directory Server Beta
                     Red Hat Enterprise Linux for SAP Applications for Power, little endian Beta
                     Red Hat Certificate System Beta
                     Red Hat Enterprise Linux for SAP Applications for IBM z Systems Beta
                     Red Hat Enterprise Linux for Real Time for NFV Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for x86_64
                     Red Hat Enterprise Linux for SAP HANA for x86_64 Beta
SKU:                 RH00069     }
Contract:            12034275    } -----> Note the SKU and contract number, they should remain same after refresh with --force
Account:             6320620
Serial:              5203860064193666648         ---------> Note down the serial number , it should change after refresh --force
Pool ID:             8a99f9ae6e3a9cac016e3b677d1b00c3      ----------> Note the pool Id , it should remain unchanged too
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        L1-L3
Roles:               
Service Level:       Self-Support
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              11/05/2019
Ends:                11/04/2020
Entitlement Type:    Physical

[root@kvm-06-guest05 ~]# subscription-manager refresh --force
1 local certificate has been deleted.            -------------------> Observe the message "1 local certificate has been deleted" , which should be displayed with force option as it will regenerate the entitlement
All local data refreshed


[root@kvm-06-guest05 ~]# subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Beta Access
Provides:            Red Hat Enterprise Linux for Power, little endian Beta
                     Red Hat Enterprise Linux for ARM 64 Beta
                     Red Hat CodeReady Linux Builder for x86_64 Beta
                     Red Hat CodeReady Linux Builder for Power, little endian Beta
                     Red Hat CodeReady Linux Builder for ARM 64 Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for Power, little endian
                     Red Hat Enterprise Linux for SAP HANA for Power, little endian Beta
                     Red Hat Enterprise Linux for x86_64 Beta
                     Red Hat Enterprise Linux for SAP Applications for x86_64 Beta
                     Red Hat Enterprise Linux High Availability Beta
                     Red Hat CodeReady Linux Builder for IBM z Systems Beta
                     Red Hat Enterprise Linux Resilient Storage Beta
                     Red Hat Enterprise Linux for Real Time Beta
                     Red Hat Enterprise Linux for IBM z Systems Beta
                     Red Hat Directory Server Beta
                     Red Hat Enterprise Linux for SAP Applications for Power, little endian Beta
                     Red Hat Certificate System Beta
                     Red Hat Enterprise Linux for SAP Applications for IBM z Systems Beta
                     Red Hat Enterprise Linux for Real Time for NFV Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for x86_64
                     Red Hat Enterprise Linux for SAP HANA for x86_64 Beta
SKU:                 RH00069          }
Contract:            12034275         }-----------------------> Observe the SKU and contract number remain same after refresh --force  
Account:             6320620
Serial:              8791313614599063492   } --------------------> Observe the serial number has changed after refresh with --force option , entitlement with new serial number has been generated
Pool ID:             8a99f9ae6e3a9cac016e3b677d1b00c3 }  ---------------------> Observe the pool id remains unchanged
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        L1-L3
Roles:               
Service Level:       Self-Support
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              11/05/2019
Ends:                11/04/2020
Entitlement Type:    Physical

Now try to execute refresh without --force , entitlement cert should not be regenerated

[root@kvm-06-guest05 ~]# subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Beta Access
Provides:            Red Hat Enterprise Linux for Power, little endian Beta
                     Red Hat Enterprise Linux for ARM 64 Beta
                     Red Hat CodeReady Linux Builder for x86_64 Beta
                     Red Hat CodeReady Linux Builder for Power, little endian Beta
                     Red Hat CodeReady Linux Builder for ARM 64 Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for Power, little endian
                     Red Hat Enterprise Linux for SAP HANA for Power, little endian Beta
                     Red Hat Enterprise Linux for x86_64 Beta
                     Red Hat Enterprise Linux for SAP Applications for x86_64 Beta
                     Red Hat Enterprise Linux High Availability Beta
                     Red Hat CodeReady Linux Builder for IBM z Systems Beta
                     Red Hat Enterprise Linux Resilient Storage Beta
                     Red Hat Enterprise Linux for Real Time Beta
                     Red Hat Enterprise Linux for IBM z Systems Beta
                     Red Hat Directory Server Beta
                     Red Hat Enterprise Linux for SAP Applications for Power, little endian Beta
                     Red Hat Certificate System Beta
                     Red Hat Enterprise Linux for SAP Applications for IBM z Systems Beta
                     Red Hat Enterprise Linux for Real Time for NFV Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for x86_64
                     Red Hat Enterprise Linux for SAP HANA for x86_64 Beta
SKU:                 RH00069          
Contract:            12034275         
Serial:              8791313614599063492   } --------------------------> Note the serial number
Pool ID:             8a99f9ae6e3a9cac016e3b677d1b00c3 
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        L1-L3
Roles:               
Service Level:       Self-Support
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              11/05/2019
Ends:                11/04/2020
Entitlement Type:    Physical

[root@kvm-06-guest05 ~]# subscription-manager refresh
All local data refreshed
^^ The message "1 local certificate has been deleted" is not displayed anymore without --force option

[root@kvm-06-guest05 ~]# subscription-manager list --consumed
+-------------------------------------------+
   Consumed Subscriptions
+-------------------------------------------+
Subscription Name:   Red Hat Beta Access
Provides:            Red Hat Enterprise Linux for Power, little endian Beta
                     Red Hat Enterprise Linux for ARM 64 Beta
                     Red Hat CodeReady Linux Builder for x86_64 Beta
                     Red Hat CodeReady Linux Builder for Power, little endian Beta
                     Red Hat CodeReady Linux Builder for ARM 64 Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for Power, little endian
                     Red Hat Enterprise Linux for SAP HANA for Power, little endian Beta
                     Red Hat Enterprise Linux for x86_64 Beta
                     Red Hat Enterprise Linux for SAP Applications for x86_64 Beta
                     Red Hat Enterprise Linux High Availability Beta
                     Red Hat CodeReady Linux Builder for IBM z Systems Beta
                     Red Hat Enterprise Linux Resilient Storage Beta
                     Red Hat Enterprise Linux for Real Time Beta
                     Red Hat Enterprise Linux for IBM z Systems Beta
                     Red Hat Directory Server Beta
                     Red Hat Enterprise Linux for SAP Applications for Power, little endian Beta
                     Red Hat Certificate System Beta
                     Red Hat Enterprise Linux for SAP Applications for IBM z Systems Beta
                     Red Hat Enterprise Linux for Real Time for NFV Beta
                     Red Hat Enterprise Linux Fast Datapath Beta for x86_64
                     Red Hat Enterprise Linux for SAP HANA for x86_64 Beta
SKU:                 RH00069
Contract:            12034275
Account:             6320620
Serial:              8791313614599063492    --------------------------> Observe that serial number is same        
Pool ID:             8a99f9ae6e3a9cac016e3b677d1b00c3
Provides Management: No
Active:              True
Quantity Used:       1
Service Type:        L1-L3
Roles:               
Service Level:       Self-Support
Usage:               
Add-ons:             
Status Details:      Subscription is current
Subscription Type:   Standard
Starts:              11/05/2019
Ends:                11/04/2020
Entitlement Type:    Physical

Comment 10 errata-xmlrpc 2020-11-04 01:38:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (subscription-manager bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4460

Note You need to log in before you can comment on or make changes to this bug.