Description of problem: Version-Release number of selected component (if applicable): How reproducible: 5/5 Prerequisites: Client : Rhel 5.7 with following subscription manager Candlepin : subscription.rhn.stage.redhat.com Steps to repro : Register client to candlepin using stage_test_2 user subscribe multiple subscription. Unsubscribe subscription. Expected Result : Product cert and product-key.pem should removed from /etc/pki/entitlement Actual Result : Unsubscribe process is not removing “product-key.pem” [root@dhcp201-117 product]# subscription-manager unsubscribe --serial 8035461471472409942 [root@dhcp201-117 product]# ls /etc/pki/entitlement/ 4727182473993461144-key.pem 8035461471472409942-key.pem 4727182473993461144.pem 8042440189867585360-key.pem 683430525277978079-key.pem
subscription-manager rpm subscription-manager-gnome-0.95.5.18-1.el5 subscription-manager-0.95.5.18-1.el5 subscription-manager-firstboot-0.95.5.18-1.el5
This is the same behavior as RHEL6. Leaving just the -key file around is harmless, since you need both the key file and the actual cert in order to do anything. Moving to 6.2.
*** Bug 748303 has been marked as a duplicate of this bug. ***
commit 86db0f9a2d76214d33ac1f7676411b85b659387e Author: Adrian Likins <alikins> Date: Wed Nov 9 14:30:16 2011 -0500 708362: remove entitlement keys on delete as well Make EntitlementCertificate.delete delete the -key.pem files associated with it as well. Fixes these keys being orphaned on "unsubscribe --all"
Verifying Version... [root@jsefler-onprem-5server ~]# rpm -q subscription-manager subscription-manager-0.98.5-1.git.2.cd86f84.el5_7 [root@jsefler-onprem-5server ~]# subscription-manager register --username testuser1 --password password --org admin The system has been registered with id: 82d1581b-b8c4-4365-aa04-5a158effab65 [root@jsefler-onprem-5server ~]# subscription-manager list --avail | grep PoolId PoolId: 8a90f85734100c930134100d72cf02ad PoolId: 8a90f85734100c930134100d72f202b8 PoolId: 8a90f85734100c930134100d74a70340 PoolId: 8a90f85734100c930134100d74c00352 PoolId: 8a90f85734100c930134100d7558038e PoolId: 8a90f85734100c930134100d756e039b PoolId: 8a90f85734100c930134100d75a603b4 PoolId: 8a90f85734100c930134100d75d803c0 PoolId: 8a90f85734100c930134100d761f03db PoolId: 8a90f85734100c930134100d763d03e8 PoolId: 8a90f85734100c930134100d76830406 PoolId: 8a90f85734100c930134100d769d0416 PoolId: 8a90f85734100c930134100d76e1042f PoolId: 8a90f85734100c930134100d77060436 [root@jsefler-onprem-5server ~]# subscription-manager subscribe --pool 8a90f85734100c930134100d77060436 --pool 8a90f85734100c930134100d76e1042f --pool 8a90f85734100c930134100d769d0416 --pool 8a90f85734100c930134100d76830406 --pool 8a90f85734100c930134100d763d03e8 --pool 8a90f85734100c930134100d761f03db --pool 8a90f85734100c930134100d75d803c0 --pool 8a90f85734100c930134100d75a603b4 --pool 8a90f85734100c930134100d756e039b --pool 8a90f85734100c930134100d7558038e Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d77060436 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d76e1042f Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d769d0416 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d76830406 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d763d03e8 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d761f03db Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d75d803c0 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d75a603b4 Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d756e039b Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d7558038e [root@jsefler-onprem-5server ~]# ls -1 /etc/pki/entitlement/1043679991170367058-key.pem 1043679991170367058.pem 2059334052163475049-key.pem 2059334052163475049.pem 2346149501123504972-key.pem 2346149501123504972.pem 500244911211969324-key.pem 500244911211969324.pem 5366436265077627978-key.pem 5366436265077627978.pem 6295066169357212289-key.pem 6295066169357212289.pem 6870093174543016081-key.pem 6870093174543016081.pem 6888712187957928269-key.pem 6888712187957928269.pem 7520140706408486929-key.pem 7520140706408486929.pem 7977689738042329588-key.pem 7977689738042329588.pem [root@jsefler-onprem-5server ~]# subscription-manager unsubscribe --serial 6870093174543016081 [root@jsefler-onprem-5server ~]# ls -1 /etc/pki/entitlement/1043679991170367058-key.pem 1043679991170367058.pem 2059334052163475049-key.pem 2059334052163475049.pem 2346149501123504972-key.pem 2346149501123504972.pem 500244911211969324-key.pem 500244911211969324.pem 5366436265077627978-key.pem 5366436265077627978.pem 6295066169357212289-key.pem 6295066169357212289.pem 6888712187957928269-key.pem 6888712187957928269.pem 7520140706408486929-key.pem 7520140706408486929.pem 7977689738042329588-key.pem 7977689738042329588.pem [root@jsefler-onprem-5server ~]# subscription-manager unsubscribe --all [root@jsefler-onprem-5server ~]# ls -1 /etc/pki/entitlement/ [root@jsefler-onprem-5server ~]# ^^ VERIFIED WHEN THE SERIAL IS UNSUBSCRIBED INDIVIDUALLY AS WELL AS WITH --ALL, THEN THE CORRESPONDING KEY IS ALSO REMOVED. moving to VERIFIED
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No description necessary
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0154.html