Bug 727970 - Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Summary: Unsubscribe Is Not Removing Future Dated Entitlement Certificates Or Keys
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Chris Duryee
QA Contact: John Sefler
Depends On:
Blocks: rhsm-rhel62
TreeView+ depends on / blocked
Reported: 2011-08-03 19:55 UTC by Devan Goodwin
Modified: 2011-12-06 17:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-12-06 17:23:06 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1695 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2011-12-06 01:23:29 UTC

Description Devan Goodwin 2011-08-03 19:55:47 UTC
Description of problem:

Unsubscribe on both CLI and GUI will perform the unbind on the server, but leaves the .pem and -key.pem sitting on disk in /etc/pki/entitlements.

Version-Release number of selected component (if applicable):


How reproducible:

Appears to be related to future entitlements. 

Steps to Reproduce:
1. Subscribe to obtain one or more entitlements which have a start date in the future.
2. Try to unsubscribe, either via My Subscriptions tab in the GUI or with "subscription-manager unsubscribe --serial=XXXXXXXXX" 
Actual results:

The entitlement is deleted server side, but locally the cert and it's key are still in /etc/pki/entitlement, and the entitlement still appears in My Subscriptions and "subscription-manager list --consumed".

Expected results:

Entitlement cert needs to get cleaned up locally. This will take care of the GUI and CLI commands.

Additional info:

Certificates which are current get cleaned up fine.

Comment 1 Chris Duryee 2011-08-11 19:21:39 UTC
1112135255fff6176dae0556b6f5624b4c3dc7cb master 0.95.6+

Comment 2 J.C. Molet 2011-08-16 17:43:39 UTC
Setup:   used subscription-manager-gui's subscription assistant to subscribe to a future entitlement and a current entitlement.

[root@jmolet-vm0 entitlement]# ls
1335482394422302683-key.pem  4499798699736688380-key.pem
1335482394422302683.pem      4499798699736688380.pem
[root@jmolet-vm0 entitlement]# subscription-manager unregister
System has been un-registered.
[root@jmolet-vm0 entitlement]# ls
[root@jmolet-vm0 entitlement]# 

All entitlements have been removed as expected.


Comment 3 John Sefler 2011-08-28 19:28:07 UTC
Something regressed the fix in comment 1

Problem:  The entitlement key is no longer being removed...

[root@jsefler-onprem-62server ~]# rpm -q subscription-manager

[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
    Consumed Product Subscriptions

ProductName:        	Awesome OS Scalable Filesystem Bits
ContractNumber:     	3                        
AccountNumber:      	12331131231              
SerialNumber:       	4721107639713123950      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	08/16/2012               
Expires:            	08/16/2013               

[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4721107639713123950-key.pem  4721107639713123950.pem
[root@jsefler-onprem-62server ~]# subscription-manager unsubscribe --serial=4721107639713123950
[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
[root@jsefler-onprem-62server ~]# 


moving back to NEW

Comment 4 John Sefler 2011-08-29 01:50:15 UTC
(In reply to comment #3)
> Something regressed the fix in comment 1
> Problem:  The entitlement key is no longer being removed...

if comment 3 is fixed, also mark the fix in bug 708362

Comment 5 John Sefler 2011-08-29 14:44:42 UTC
Reviewing comment 2 more closely, the unregister command was mistakenly used to verify this bug.  The unregister command was not broken in the first place and appears to remove the entitlements and their corresponding key as expected.  That's good.

Comment 3 is actually the better verification for this bug.  The unsubscribe command now removes the entitlement cert but leaves the dirty key behind.  Although this is not a problem and will eventually get cleaned up (by an unregister), the remaining dirty key is the subject of bug 708362.

Moving back to VERIFIED

Comment 6 errata-xmlrpc 2011-12-06 17:23:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.