Description of problem:
When out of compliance, and using the compliance assistant, it doesn't seem to perform a search of the subscriptions it needs.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install subscription-manager-gnome and all of its deps
2. Register your client (I am using the QA server)
3. Subscribe to a pool
4. Install a product provided by that subscription using yum
5. Unsubscribe to that pool (you should now be in non-compliance)
6. Start up subscription-manager-gui
7. Click on the "become compliant" button
The compliance assistant pops up, and you can change the date, and check which installed products you want to search for, but nothing happens and no subscriptions can be found.
There would be a way to start searching for subscriptions and selecting them once in this window.
This functionality appears healthy in subscription manager, probably an issue with the data in your certs. Will need more information:
- What is the pool you were subscribing too.
- What is the product you were installing via yum.
- What certificates were in /etc/pki/product/ at the time you launched compliance assistant. Output of "openssl x509 -text -in file.pem" may be required for each.
yum install zsh
[root@jmolet-vm2 rhsm]# ls /etc/pki/product/
[root@jmolet-vm2 rhsm]# openssl x509 -text -in /etc/pki/product/3.pem
Version: 3 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=North Carolina, O=Red Hat, Inc., OU=Red Hat Network, CN=Red Hat Entitlement Product Authority/emailAddressfirstname.lastname@example.org
Not Before: Jan 18 16:28:51 2011 GMT
Not After : Jul 17 16:28:51 2011 GMT
Subject: CN=Red Hat Product ID [39552222-3397-4934-bf0b-966cf93d8452]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Exponent: 65537 (0x10001)
X509v3 Basic Constraints:
.$Red Hat Enterprise Linux Entitlement
Signature Algorithm: sha1WithRSAEncryption
Ok so the installed product has an ID of "3". (as per your 3.pem)
If we list all of this owners pools:
"productName": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE",
We can see that there are no subscriptions which provide this product, so there is nothing compliance assistant can do.
So it's a question of how exactly did you come to get that product cert 3.pem installed. (does any rpm own it?) What was the product you mentioned yum installing? After that we can try to track down someone who will know how it should be behaving, likely some data needs to be adjusted.
02:27pm <jmolet> dgoodwin: the yum install zsh pulled it down
I don't fully understand why yum install zsh would pull down this product cert, nor if the subscriptions above should provide it, nor if this account should have some other subscription which does.
Can anyone offer info?
after step 4, is there a new product certificate on your machine?
That is reportedly the case.
I think one of those above subscriptions is supposed to be providing this product ID 3. Going to see if someone in IT can pick this up.
That is correct... you can see in the attachment that during the yum install, the 3.pem is installed into the products directory. Similarly if you 'yum remove' the package the 3.pem is erased by yum (if all packages from that repo are removed). This happens if you if you install any package that came from a repo provided by a subscription.
Also note that the latest entitlement beta compose (RHEL6.1-20110121.0) pulls down this 3.pem with the same behavior if you do a default install. An additional #.pem is included with the install of every add-on (Load Balancer, High Availability, Resilient Storage, etc..)
Ok I think I see what is going on here. The system pool that results is not coming from the IT adapter, we make it directly within candlepin, so the SKU to eng product mapping is irrelevant here.
Looking at the details for the person product: RH3016037
"value": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE"
"value": "Entitlement Beta"
"value": "Red Hat Enterprise Linux"
"name": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE",
The user license product is transferred to the new pool for systems, we also try to transfer provided products but this value comes directly from the person pool's provided products, not an attribute.
So two options to fix:
1. IT modifies the RH3016037 subscriptions (the ones for type "person") to provide product ID "3".
2. We modify Candlepin rules to also look for a new attribute, user_license_provided_products, and use these to transfer to the new system pool as the provided product IDs. IT would need to get this new attribute populated for the ent beta subscriptions.
I think (2) is probably the more correct one but it somewhat depends on what IT feels is the best approach.
Good news it sounds like (1) is a good option, it's also how this is supposed to be working today. Talked to Mark, he is digging into why the "person" product is not getting it's correct provided products, suspects the pools may have been created during a brief window when the SKU to eng product mappings were broken last week. Trying to get these refreshed now.
The person pool has now been refreshed and provides a bunch of products including 3.
Back to ON_QA. Note that you will need to revoke your person entitlement and re-bind to get the sub-pool having the correct provided products.
(In reply to comment #12)
> The person pool has now been refreshed and provides a bunch of products
> including 3.
> Back to ON_QA. Note that you will need to revoke your person entitlement and
> re-bind to get the sub-pool having the correct provided products.
This did it. Products are now shown when selecting the products I want entitlements for.
Tested in latest rhel compose which includes:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.