RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 727970 - Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Summary: Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Chris Duryee
QA Contact: John Sefler
URL:
Whiteboard:
Depends On:
Blocks: rhsm-rhel62
TreeView+ depends on / blocked
 
Reported: 2011-08-03 19:55 UTC by Devan Goodwin
Modified: 2011-12-06 17:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 17:23:06 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1695 0 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2011-12-06 01:23:29 UTC

Description Devan Goodwin 2011-08-03 19:55:47 UTC
Description of problem:

Unsubscribe on both CLI and GUI will perform the unbind on the server, but leaves the .pem and -key.pem sitting on disk in /etc/pki/entitlements.

Version-Release number of selected component (if applicable):

subscription-manager-0.96.5-1

How reproducible:

Appears to be related to future entitlements. 

Steps to Reproduce:
1. Subscribe to obtain one or more entitlements which have a start date in the future.
2. Try to unsubscribe, either via My Subscriptions tab in the GUI or with "subscription-manager unsubscribe --serial=XXXXXXXXX" 
  
Actual results:

The entitlement is deleted server side, but locally the cert and it's key are still in /etc/pki/entitlement, and the entitlement still appears in My Subscriptions and "subscription-manager list --consumed".

Expected results:

Entitlement cert needs to get cleaned up locally. This will take care of the GUI and CLI commands.

Additional info:

Certificates which are current get cleaned up fine.

Comment 1 Chris Duryee 2011-08-11 19:21:39 UTC
1112135255fff6176dae0556b6f5624b4c3dc7cb master 0.95.6+

Comment 2 J.C. Molet 2011-08-16 17:43:39 UTC
Setup:   used subscription-manager-gui's subscription assistant to subscribe to a future entitlement and a current entitlement.

[root@jmolet-vm0 entitlement]# ls
1335482394422302683-key.pem  4499798699736688380-key.pem
1335482394422302683.pem      4499798699736688380.pem
[root@jmolet-vm0 entitlement]# subscription-manager unregister
System has been un-registered.
[root@jmolet-vm0 entitlement]# ls
[root@jmolet-vm0 entitlement]# 

All entitlements have been removed as expected.

subscription-manager-0.96.5-1.git.51.ac50478.el6.x86_64
subscription-manager-firstboot-0.96.5-1.git.51.ac50478.el6.x86_64
python-rhsm-0.96.8-1.git.5.d42033a.el6.noarch
subscription-manager-gnome-0.96.5-1.git.51.ac50478.el6.x86_64

Comment 3 John Sefler 2011-08-28 19:28:07 UTC
Something regressed the fix in comment 1

Problem:  The entitlement key is no longer being removed...

Version...
[root@jsefler-onprem-62server ~]# rpm -q subscription-manager
subscription-manager-0.96.7-1.git.10.586c3c4.el6.x86_64



[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Awesome OS Scalable Filesystem Bits
ContractNumber:     	3                        
AccountNumber:      	12331131231              
SerialNumber:       	4721107639713123950      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	08/16/2012               
Expires:            	08/16/2013               

[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4721107639713123950-key.pem  4721107639713123950.pem
[root@jsefler-onprem-62server ~]# subscription-manager unsubscribe --serial=4721107639713123950
[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4721107639713123950-key.pem
[root@jsefler-onprem-62server ~]# 

^^^^ NOTE THAT THE FUTURE ENTITLEMENT's KEY IS NOT BEING DELETED

moving back to NEW

Comment 4 John Sefler 2011-08-29 01:50:15 UTC
(In reply to comment #3)
> Something regressed the fix in comment 1
> 
> Problem:  The entitlement key is no longer being removed...

if comment 3 is fixed, also mark the fix in bug 708362
thanks

Comment 5 John Sefler 2011-08-29 14:44:42 UTC
Reviewing comment 2 more closely, the unregister command was mistakenly used to verify this bug.  The unregister command was not broken in the first place and appears to remove the entitlements and their corresponding key as expected.  That's good.

Comment 3 is actually the better verification for this bug.  The unsubscribe command now removes the entitlement cert but leaves the dirty key behind.  Although this is not a problem and will eventually get cleaned up (by an unregister), the remaining dirty key is the subject of bug 708362.

Moving back to VERIFIED

Comment 6 errata-xmlrpc 2011-12-06 17:23:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1695.html


Note You need to log in before you can comment on or make changes to this bug.