Bug 727970 - Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Chris Duryee
John Sefler
Depends On:
Blocks: rhsm-rhel62
  Show dependency treegraph
Reported: 2011-08-03 15:55 EDT by Devan Goodwin
Modified: 2011-12-06 12:23 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-12-06 12:23:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Devan Goodwin 2011-08-03 15:55:47 EDT
Description of problem:

Unsubscribe on both CLI and GUI will perform the unbind on the server, but leaves the .pem and -key.pem sitting on disk in /etc/pki/entitlements.

Version-Release number of selected component (if applicable):


How reproducible:

Appears to be related to future entitlements. 

Steps to Reproduce:
1. Subscribe to obtain one or more entitlements which have a start date in the future.
2. Try to unsubscribe, either via My Subscriptions tab in the GUI or with "subscription-manager unsubscribe --serial=XXXXXXXXX" 
Actual results:

The entitlement is deleted server side, but locally the cert and it's key are still in /etc/pki/entitlement, and the entitlement still appears in My Subscriptions and "subscription-manager list --consumed".

Expected results:

Entitlement cert needs to get cleaned up locally. This will take care of the GUI and CLI commands.

Additional info:

Certificates which are current get cleaned up fine.
Comment 1 Chris Duryee 2011-08-11 15:21:39 EDT
1112135255fff6176dae0556b6f5624b4c3dc7cb master 0.95.6+
Comment 2 J.C. Molet 2011-08-16 13:43:39 EDT
Setup:   used subscription-manager-gui's subscription assistant to subscribe to a future entitlement and a current entitlement.

[root@jmolet-vm0 entitlement]# ls
1335482394422302683-key.pem  4499798699736688380-key.pem
1335482394422302683.pem      4499798699736688380.pem
[root@jmolet-vm0 entitlement]# subscription-manager unregister
System has been un-registered.
[root@jmolet-vm0 entitlement]# ls
[root@jmolet-vm0 entitlement]# 

All entitlements have been removed as expected.

Comment 3 John Sefler 2011-08-28 15:28:07 EDT
Something regressed the fix in comment 1

Problem:  The entitlement key is no longer being removed...

[root@jsefler-onprem-62server ~]# rpm -q subscription-manager

[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
    Consumed Product Subscriptions

ProductName:        	Awesome OS Scalable Filesystem Bits
ContractNumber:     	3                        
AccountNumber:      	12331131231              
SerialNumber:       	4721107639713123950      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	08/16/2012               
Expires:            	08/16/2013               

[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4721107639713123950-key.pem  4721107639713123950.pem
[root@jsefler-onprem-62server ~]# subscription-manager unsubscribe --serial=4721107639713123950
[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
[root@jsefler-onprem-62server ~]# 


moving back to NEW
Comment 4 John Sefler 2011-08-28 21:50:15 EDT
(In reply to comment #3)
> Something regressed the fix in comment 1
> Problem:  The entitlement key is no longer being removed...

if comment 3 is fixed, also mark the fix in bug 708362
Comment 5 John Sefler 2011-08-29 10:44:42 EDT
Reviewing comment 2 more closely, the unregister command was mistakenly used to verify this bug.  The unregister command was not broken in the first place and appears to remove the entitlements and their corresponding key as expected.  That's good.

Comment 3 is actually the better verification for this bug.  The unsubscribe command now removes the entitlement cert but leaves the dirty key behind.  Although this is not a problem and will eventually get cleaned up (by an unregister), the remaining dirty key is the subject of bug 708362.

Moving back to VERIFIED
Comment 6 errata-xmlrpc 2011-12-06 12:23:06 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.