Bug 2231100
| Summary: | [RFE] change the container detection to check harder for secrets | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Pino Toscano <ptoscano> |
| Component: | subscription-manager | Assignee: | mhorky |
| Status: | CLOSED ERRATA | QA Contact: | CSI Client Tools Bugs <csi-client-tools-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.9 | CC: | cdonnell, jsefler, zpetrace |
| Target Milestone: | rc | Keywords: | AutoVerified, FutureFeature, Triaged |
| Target Release: | 8.9 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | subscription-manager-1.28.39-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-14 15:48:09 UTC | Type: | Story |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Pino Toscano
2023-08-10 14:53:42 UTC
Pre-verification done on SUBMAN version: [root@kvm-02-guest03 ~]# subscription-manager version server type: This system is currently not registered. subscription management server: 4.2.15-1 subscription management rules: 5.43 subscription-manager: 1.28.38+19.geac279219-1.git.0.5ed9b8d Checking for shared secrets: [root@kvm-02-guest03 /]# subscription-manager register Registering to: subscription.rhsm.stage.redhat.com:443/subscription Username: zpetracek Password: The system has been registered with ID: b7e30e89-b6d1-4ebc-9d7e-2afdef3dbe7a The registered system name is: kvm-02-guest03.rhts.eng.brq.redhat.com [root@kvm-02-guest03 /]# subscription-manager attach Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 Status: Subscribed [root@kvm-02-guest03 /]# ll /etc/pki/entitlement total 52 -rw-r--r--. 1 root root 3272 Aug 17 13:27 3460476172276112314-key.pem -rw-r--r--. 1 root root 31710 Aug 17 13:27 3460476172276112314.pem -rw-r--r--. 1 root root 3272 Aug 17 13:27 5348984623186667049-key.pem -rw-r--r--. 1 root root 8757 Aug 17 13:27 5348984623186667049.pem [root@kvm-02-guest03 /]# ll /etc/rhsm total 8 drwxr-xr-x. 2 root root 68 Aug 17 13:16 ca drwxr-xr-x. 2 root root 6 Aug 15 16:47 facts -rw-r--r--. 1 root root 1662 Aug 15 16:47 logging.conf drwxr-xr-x. 2 root root 6 Aug 15 16:47 pluginconf.d -rw-r--r--. 1 root root 3147 Aug 17 13:23 rhsm.conf drwxr-xr-x. 2 root root 54 Aug 17 13:26 syspurpose [root@kvm-02-guest03 /]# podman pull registry.access.redhat.com/ubi8/ubi:8.8-1032 Trying to pull registry.access.redhat.com/ubi8/ubi:8.8-1032... Getting image source signatures Checking if image destination supports signatures Copying blob bea2a0b08f4f done Copying config 7e569fa199 done Writing manifest to image destination Storing signatures 7e569fa199c00a48fc249200463d903ca157a4e965348a845827871f4ede3714 [root@kvm-02-guest03 /]# podman run -it ubi:8.8-1032 [root@398f901aeb56 /]# ls /run/secrets/rhsm/ ca logging.conf rhsm.conf syspurpose [root@398f901aeb56 /]# ls /run/secrets/etc-pki-entitlement/ 3460476172276112314-key.pem 3460476172276112314.pem 5348984623186667049-key.pem 5348984623186667049.pem Unregistering the system and trying to register from inside of the container: [root@kvm-02-guest03 /]# subscription-manager status +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Unknown System Purpose Status: Unknown [root@kvm-02-guest03 /]# podman run -it ubi:8.8-1032 [root@eae165b8da40 /]# subscription-manager version server type: This system is currently not registered. subscription management server: 4.2.15-1 subscription management rules: 5.43 subscription-manager: 1.28.38+19.geac279219-1.git.0.5ed9b8d [root@eae165b8da40 /]# subscription-manager register Registering to: subscription.rhsm.stage.redhat.com:443/subscription Username: zpetracek Password: The system has been registered with ID: 1d53ff7f-550a-44d2-a659-91d5b9d8d527 The registered system name is: eae165b8da40 ^^ the system was able to register from inside of the container as expected --> PRE-VERIFICATION PASSED Final verification done on SUBMAN version: [testuser@kvm-01-guest06 ~]$ rpm -qa | grep subscription-manager python3-subscription-manager-rhsm-1.28.39-1.el8.x86_64 subscription-manager-1.28.39-1.el8.x86_64 dnf-plugin-subscription-manager-1.28.39-1.el8.x86_64 subscription-manager-rhsm-certificates-20220623-1.el8.noarch [root@kvm-01-guest06 ~]# subscription-manager register Registering to: subscription.rhsm.stage.redhat.com:443/subscription Username: zpetracek Password: The system has been registered with ID: c9c71c14-9366-434b-afc7-2af095e3d3ac The registered system name is: kvm-01-guest06.lab.eng.rdu2.redhat.com [root@kvm-01-guest06 ~]# subscription-manager attach --auto Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 Beta Status: Subscribed [root@kvm-01-guest06 ~]# ll /etc/pki/entitlement total 16 -rw-r--r--. 1 root root 3272 Aug 25 15:17 7725869388622276044-key.pem -rw-r--r--. 1 root root 8757 Aug 25 15:17 7725869388622276044.pem [root@kvm-01-guest06 ~]# ll /etc/rhsm total 8 drwxr-xr-x. 2 root root 68 Aug 25 14:51 ca drwxr-xr-x. 2 root root 6 Aug 23 02:54 facts -rw-r--r--. 1 root root 1662 Aug 23 02:54 logging.conf drwxr-xr-x. 2 root root 6 Aug 23 02:54 pluginconf.d -rw-r--r--. 1 root root 3147 Aug 25 15:17 rhsm.conf drwxr-xr-x. 2 root root 54 Aug 25 15:11 syspurpose [root@kvm-01-guest06 ~]# podman pull registry.access.redhat.com/ubi8/ubi:latest Trying to pull registry.access.redhat.com/ubi8/ubi:latest... Getting image source signatures Checking if image destination supports signatures Copying blob 70de3d8fc2c6 done Copying config 62ac1f7ef5 done Writing manifest to image destination Storing signatures 62ac1f7ef5371d1fb6e01abd84f7a6fd80ea1c64a0728fb5f19198b084dea171 [root@kvm-01-guest06 ~]# podman run -it registry.access.redhat.com/ubi8/ubi:latest [root@db4636dabc6c /]# ls /run/secrets/rhsm/ ca logging.conf rhsm.conf syspurpose [root@db4636dabc6c /]# ls /run/secrets/etc-pki-entitlement/ 7725869388622276044-key.pem 7725869388622276044.pem Unregistering the system and trying to register from inside of the container: [root@kvm-01-guest06 ~]# subscription-manager status +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Unknown System Purpose Status: Unknown [root@kvm-01-guest06 ~]# podman run -it registry.access.redhat.com/ubi8/ubi:latest [root@9f4be4ba83e0 /]# subscription-manager version server type: This system is currently not registered. subscription management server: 4.2.15-1 subscription management rules: 5.43 subscription-manager: 1.28.39-1.el8 Registering from inside of the container: [root@9f4be4ba83e0 /]# subscription-manager register Registering to: subscription.rhsm.stage.redhat.com:443/subscription Username: zpetracek Password: The system has been registered with ID: a3c47104-6628-4ac4-8dde-a7f01838793f The registered system name is: 9f4be4ba83e0 ^^ I was able to registered from inside of the container and shared secrets are as expected --> Final verification PASSED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (subscription-manager bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:7092 |