Hide Forgot
Description of problem: Unsubscribe on both CLI and GUI will perform the unbind on the server, but leaves the .pem and -key.pem sitting on disk in /etc/pki/entitlements. Version-Release number of selected component (if applicable): subscription-manager-0.96.5-1 How reproducible: Appears to be related to future entitlements. Steps to Reproduce: 1. Subscribe to obtain one or more entitlements which have a start date in the future. 2. Try to unsubscribe, either via My Subscriptions tab in the GUI or with "subscription-manager unsubscribe --serial=XXXXXXXXX" Actual results: The entitlement is deleted server side, but locally the cert and it's key are still in /etc/pki/entitlement, and the entitlement still appears in My Subscriptions and "subscription-manager list --consumed". Expected results: Entitlement cert needs to get cleaned up locally. This will take care of the GUI and CLI commands. Additional info: Certificates which are current get cleaned up fine.
1112135255fff6176dae0556b6f5624b4c3dc7cb master 0.95.6+
Setup: used subscription-manager-gui's subscription assistant to subscribe to a future entitlement and a current entitlement. [root@jmolet-vm0 entitlement]# ls 1335482394422302683-key.pem 4499798699736688380-key.pem 1335482394422302683.pem 4499798699736688380.pem [root@jmolet-vm0 entitlement]# subscription-manager unregister System has been un-registered. [root@jmolet-vm0 entitlement]# ls [root@jmolet-vm0 entitlement]# All entitlements have been removed as expected. subscription-manager-0.96.5-1.git.51.ac50478.el6.x86_64 subscription-manager-firstboot-0.96.5-1.git.51.ac50478.el6.x86_64 python-rhsm-0.96.8-1.git.5.d42033a.el6.noarch subscription-manager-gnome-0.96.5-1.git.51.ac50478.el6.x86_64
Something regressed the fix in comment 1 Problem: The entitlement key is no longer being removed... Version... [root@jsefler-onprem-62server ~]# rpm -q subscription-manager subscription-manager-0.96.7-1.git.10.586c3c4.el6.x86_64 [root@jsefler-onprem-62server ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Product Subscriptions +-------------------------------------------+ ProductName: Awesome OS Scalable Filesystem Bits ContractNumber: 3 AccountNumber: 12331131231 SerialNumber: 4721107639713123950 Active: True QuantityUsed: 1 Begins: 08/16/2012 Expires: 08/16/2013 [root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/ 4721107639713123950-key.pem 4721107639713123950.pem [root@jsefler-onprem-62server ~]# subscription-manager unsubscribe --serial=4721107639713123950 [root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/ 4721107639713123950-key.pem [root@jsefler-onprem-62server ~]# ^^^^ NOTE THAT THE FUTURE ENTITLEMENT's KEY IS NOT BEING DELETED moving back to NEW
(In reply to comment #3) > Something regressed the fix in comment 1 > > Problem: The entitlement key is no longer being removed... if comment 3 is fixed, also mark the fix in bug 708362 thanks
Reviewing comment 2 more closely, the unregister command was mistakenly used to verify this bug. The unregister command was not broken in the first place and appears to remove the entitlements and their corresponding key as expected. That's good. Comment 3 is actually the better verification for this bug. The unsubscribe command now removes the entitlement cert but leaves the dirty key behind. Although this is not a problem and will eventually get cleaned up (by an unregister), the remaining dirty key is the subject of bug 708362. Moving back to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1695.html