Description of problem: the client config rpms requires the following versions of nss and curl rpms to be present on the clients. => nss 3.12.9-9 => curl-7.19.7-26 These dependencies for pulp-server and pulp-cds have been addressed, the same is required for clients. Version-Release number of selected component (if applicable): The above dependencies are for client-config rpm only on rhel6 . Its fine with rhel5 and fedora clients. How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Currently the clients fail to authenticate, due to absence of the above nss and curl rpm versions. (fails only for rhel6 clients) Expected results: Dependencies for client-config rpms on rhel6 needs to be sorted. Additional info: Not sure how else this can be handled/addressed, but may be rh-client-config.spec file needs , nss and curl as dependencies
Just to make sure I understand why this is needed: What is it about those versions that are needed for RHUI clients to work? Those clients should just be using yum, does that not work against the RHUI?
Required for, yum client operations to work with the RHUI. Please refer, comment 3 of https://bugzilla.redhat.com/show_bug.cgi?id=710455 , for exact details.
Kedar - Are you actually seeing an issue with RHEL 6 clients? The bug you refer to is concerning pulp/cds issues with synchronization. It shouldn't actually affect yum calls from a client. I'm not sure if you think this is a requirement for all on RHEL 6 or if you are actually seeing an issue when you try to use a RHEL 6 client and connect to RHUI. If you are seeing an issue, please provide details on what the error is, how reproducible it is, etc.
Unless I upgrade nss and curl rpms, similar to that of RHUA and CDS, we receive this issue. [root@dhcp201-140 yum.repos.d]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-140 yum.repos.d]# yum install zsh Loaded plugins: rhui-lb Could not retrieve mirrorlist https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server-6/releases/6Server/x86_64/os error was 14: problem with the local client certificate Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhel-server-6-releases. Please verify its path and try again The rh-cloud.repo output for sample [root@dhcp201-140 yum.repos.d]# cat rh-cloud.repo [rhui-rhel-server-6-releases] name=Red Hat Enterprise Linux Server 6 Releases (RPMs) mirrorlist=https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server-6/releases/$releasever/$basearch/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/entitlement/ca.crt sslclientcert=/etc/pki/entitlement/product/content.crt sslclientkey=/etc/pki/entitlement/key.pem
Yes, this issue is only with RHEL6 clients that are connected with RHUI 2.0. Its fine for RHEL5 and fedora clients. If the RHEL6 Cleint is updated with nss and curl rpms, this issue is resolved. Existing RHEL 6.0 ami's would fail to contact rhui, unless the nss and curl rpms are installed prior to updating the instances with the client-config-rpms from that of rhui 2.0.
commit 5fa9cf405474eb0e0903c501be2ec225e863108e Author: Jay Dobies <jason.dobies> Date: Fri Jul 8 16:05:52 2011 -0400 716951 - Convert PKCS8 formatted keys to RSA when generating client entitlement and identity certificates rhui-2.0/tools/src/rhui/common/cert_utils.py Verify this in two steps: - First make sure RHEL6 clients can access RHUI repositories from yum (the reason that caused this bug in the first place). - If that works, also need a clean. Delete the identity certificate (/etc/pki/rhui/identity*) and restart RHUI Manager. That will cause a new identity certificate to be generated which will use the new format as part of this fix. Then register a new protected Red Hat repo. That will use the new identity cert; need to make sure that CDS instances can still sync from the RHUA using this new identity certificate.
Fixed in 2.0.37.
Now the yum client operations work without upgrading to the above versions of nss and curl. [root@dhcp201-140 ~]# rpm -qav | grep -ie "nss-3" -ie "^curl" nss-3.12.7-2.el6.x86_64 curl-7.19.7-16.el6.x86_64 [root@dhcp201-140 ~]# yum install zsh Loaded plugins: rhui-lb Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package zsh.x86_64 0:4.3.10-4.1.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================= Package Arch Version Repository Size ================================================================================================================================================================================= Installing: zsh x86_64 4.3.10-4.1.el6 rhui-rhel-server-6-releases 2.1 M Transaction Summary ================================================================================================================================================================================= Install 1 Package(s) Upgrade 0 Package(s) Total download size: 2.1 M Installed size: 4.8 M Is this ok [y/N]: y Downloading Packages: zsh-4.3.10-4.1.el6.x86_64.rpm | 2.1 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : zsh-4.3.10-4.1.el6.x86_64 1/1 Installed: zsh.x86_64 0:4.3.10-4.1.el6 Complete! [root@dhcp201-140 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.0 (Santiago)
moving to release pending
closing out, product released