Description of problem: when working with multi content cert, if one of the cert expires, does not add any further repos. ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Repository Management =- l list repositories currently managed by the RHUI i display detailed information on a repository a add a new Red Hat content repository c create a new custom repository d delete a repository from the RHUI u upload content to a custom repository p list packages in a repository Connected: ip-10-122-70-115.ec2.internal ------------------------------------------------------------------------------ rhui (repo) => a Loading latest entitled products from Red Hat... An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log. ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Repository Management =- [root@ip-10-122-70-115 noarch]# cat /root/.rhui/rhui.log Connecting to RHUA [ip-10-122-70-115.ec2.internal]... Successfully connected to [ip-10-122-70-115.ec2.internal] Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 75, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 94, in listen Shell.listen(self) File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 191, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 122, in add self.candidate_repo_manager.translate_entitlements() File "/usr/lib/python2.6/site-packages/rhui/tools/repo_candidates.py", line 62, in translate_entitlements mappings = self.cdn_api.expand_variables(e.download_url, cert.cert_filename) File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 70, in expand_variables mappings = self._translate_next_variable({'' : url}, cert_filename) File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 104, in _translate_next_variable substitutions = self._request_get(listing_url, cert_filename).split('\n')[:-1] File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 155, in _request_get raise Exception(response.status, response.read()) Exception: (403, '<HTML><HEAD>\n<TITLE>Access Denied</TITLE>\n</HEAD><BODY>\n<H1>Access Denied</H1>\n \nYou don\'t have permission to access "http://cdn.redhat.com/content/dist/rhel/rhui/server-6/releases/listing" on this server.<P>\nReference #18.df38fa8.1309187058.1ff7961\n</BODY>\n</HTML>\n') Version-Release number of selected component (if applicable): pulp-194, rhui - 2.0.32 How reproducible: Adding a repo to rhua, fails if one content cert is expired. Steps to Reproduce: 1. 2. 3. Actual results: fails to add a repo , from the new content cert. Expected results: Should allow, to add repo's from the new content cert, when the old/current content cert is already expired. Additional info: OLD content cert , VALIDITY [root@ip-10-122-70-115 gen_certs]# openssl x509 -in rhui-content.pem -noout -text | grep -A 2 -i "validity" Validity Not Before: Mar 29 13:59:28 2011 GMT Not After : Jun 25 13:59:28 2011 GMT NEW content cert, VALIDITY [root@ip-10-122-70-115 gen_certs]# openssl x509 -in rhui-combo.pem -noout -text | grep -A 2 -i "validity" Validity Not Before: Nov 10 16:13:35 2010 GMT Not After : Nov 9 16:13:35 2011 GMT
commit 9151128ed1f7683c4fa66558554f88e20f012254 Author: Jay Dobies <jason.dobies> Date: Fri Jul 8 10:13:30 2011 -0400 716966 - Cert manager is now aware of valid v. expired certificates. RHUI Manager will now only work with valid certificates for things like new repos or client entitlement certificates. Expired certificates are shown in the entitlements list. rhui-2.0/tools/src/rhui/tools/cert_manager.py rhui-2.0/tools/src/rhui/tools/content_cert.py rhui-2.0/tools/src/rhui/tools/repo_candidates.py rhui-2.0/tools/src/rhui/tools/screens/client.py
Filed a docs bug with the new screenshot (719960). The behavior now is that when adding new repos or creating client entitlement certificates, only valid entitlements are accessible. The only place to even know expired entitlements exist is in the Entitlements Manager screen. From that screen, selecting to list the entitlements should show: - Valid section - Always shown; if none are valid, will contain a message indicating that. - Expired section - Only shown if there are one or more expired entitlements.
Fixed in 2.0.36.
Yes, we have a Valid and Expired Section When using an expired cert. ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Entitlements Manager =- l list Red Hat content certificate entitlements c list custom repository entitlements u upload a new or updated Red Hat content certificate Connected: ip-10-88-107-123.ec2.internal ------------------------------------------------------------------------------ rhui (entitlements) => u Full path to the new content certificate: /root/gen_certs/rhui-content.pem The RHUI will be updated with the following certificate: /root/gen_certs/rhui-content.pem Proceed? (y/n) y Red Hat Entitlements Valid No valid entitlements found. Expired Red Hat Enterprise Linux Server (RPMs) Expiration: 06-25-2011 Certificate: rhui-content.pem Red Hat Enterprise Linux Server 6 Releases (RPMs) Expiration: 06-25-2011 Certificate: rhui-content.pem ..... removed content on purpose Red Hat Enterprise Linux Server 6 Updates (RPMs) Expiration: 06-25-2011 Certificate: rhui-content.pem Red Hat Update Infrastructure 1.2 (RPMs) Expiration: 06-25-2011 Certificate: rhui-content.pem Red Hat Update Infrastructure 1.2 (SRPMS) Expiration: 06-25-2011 Certificate: rhui-content.pem ------------------------------------------------------------------------------ When using a new active content certs. rhui (entitlements) => u Full path to the new content certificate: /root/gen_certs/rhui-amazon-2011.pem The RHUI will be updated with the following certificate: /root/gen_certs/rhui-amazon-2011.pem Proceed? (y/n) y Red Hat Entitlements Valid Red Hat Enterprise Linux Server (Beta RPMs) Expiration: 03-21-2012 Certificate: rhui-amazon-2011.pem Red Hat Enterprise Linux Server (RPMs) Expiration: 03-21-2012 Certificate: rhui-amazon-2011.pem Red Hat Enterprise Linux Server (SRPMS) Expiration: 03-21-2012 Certificate: rhui-amazon-2011.pem Red Hat Enterprise Linux Server (STS) Expiration: 03-21-2012 Certificate: rhui-amazon-2011.pem ...... removed content on purpose Red Hat Update Infrastructure x86_64 Beta Optional (RPMs) Expiration: 03-21-2012 Certificate: rhui-amazon-2011.pem Expired Red Hat Update Infrastructure 1.2 (SRPMS) Expiration: 06-25-2011 Certificate: rhui-content.pem And also we get the options menu now, after adding new active content cert. ------------------------------------------------------------------------------ -= Red Hat Update Infrastructure Management Tool =- -= Repository Management =- l list repositories currently managed by the RHUI i display detailed information on a repository a add a new Red Hat content repository c create a new custom repository d delete a repository from the RHUI u upload content to a custom repository p list packages in a repository Connected: ip-10-88-107-123.ec2.internal ------------------------------------------------------------------------------ rhui (repo) => a Loading latest entitled products from Red Hat... ... listings loaded Determining undeployed products... ... product list calculated Import Repositories: 1 - All in Certificate 2 - By Product 3 - By Repository Enter value (1-3) or 'b' to abort: 3 Also, after updating the new active content certs, we are able to add content repos and sync.
moving to release pending
closing out, product released