Bug 734606 - subscription-manager import appears successful, but does not list --consumed
Summary: subscription-manager import appears successful, but does not list --consumed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Michael Stead
QA Contact: John Sefler
URL:
Whiteboard:
Depends On:
Blocks: rhsm-rhel62 743047
TreeView+ depends on / blocked
 
Reported: 2011-08-30 21:43 UTC by John Sefler
Modified: 2011-12-06 17:23 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 17:23:48 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1695 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2011-12-06 01:23:29 UTC

Description John Sefler 2011-08-30 21:43:50 UTC
Description of problem:
When importing an entitlement cert/key bundle that was exported from rhsm-web, the file can be named anything by the user (e.g. save file as /tmp/entitlement.cert), then after importing the certificate, rhsm splits the file into /etc/pki/entitlement/entitlement.cert and /etc/pki/entitlement/entitlement-key.cert), however the subscription-manager list --consumed is empty.  If I change the name of the imported files to the <hash>.pem and <hash>-key.pem, then the list --consumed works.


Version-Release number of selected component (if applicable):
[root@jsefler-onprem-62server ~]# rpm -q subscription-manager
subscription-manager-0.96.7-1.git.14.c203b16.el6.x86_64


How reproducible:


Steps to Reproduce:

[root@jsefler-onprem-62server ~]# subscription-manager register --username=testuser1 --password=password --org=admin
The system has been registered with id: dc70b10f-c7fb-4258-a162-d8a3ff94073d 
[root@jsefler-onprem-62server ~]# subscription-manager list --avail | grep -A1 ProductId
ProductId:         	management-100           
PoolId:            	8a90f8c6321781e0013217835fd20279
--
[root@jsefler-onprem-62server ~]# subscription-manager subscribe --pool=8a90f8c6321781e0013217835fd20279
Successfully subscribed the system to Pool 8a90f8c6321781e0013217835fd20279
[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Management Add-On        
ContractNumber:     	71                       
AccountNumber:      	12331131231              
SerialNumber:       	3567730850023029883      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	08/28/2011               
Expires:            	08/27/2012               

[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
3567730850023029883-key.pem  3567730850023029883.pem
[root@jsefler-onprem-62server ~]# cd /etc/pki/entitlement/

[root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/entitlement.cert

[root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/entitlement.pem

[root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/3567730850023029883

[root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/3567730850023029883.pem

^^^ GENERATED FOUR IMPORT CASES AND YOU WILL SEE THAT TWO OF THEM WILL FAIL

[root@jsefler-onprem-62server entitlement]# rm /etc/pki/entitlement/*
rm: remove regular file `/etc/pki/entitlement/3567730850023029883-key.pem'? y
rm: remove regular file `/etc/pki/entitlement/3567730850023029883.pem'? y
[root@jsefler-onprem-62server entitlement]# 


[root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/entitlement.cert
Successfully imported certificate entitlement.cert
[root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/
entitlement.cert  entitlement-key.cert
[root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed
No Consumed subscription pools to list

^^^ BANG!  THE IMPORT APPEARS SUCCESSFUL AND CORRECTLY SPLITS THE IMPORT FILE, BUT THE LIST --consumed FAILS

LET'S TRY AGAIN...  MAYBE ITS THE FILE EXTENSION THAT IS IMPORTANT?

[root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/*
[root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/entitlement.pem
Successfully imported certificate entitlement.pem
[root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/
entitlement-key.pem  entitlement.pem
[root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed
No Consumed subscription pools to list
[root@jsefler-onprem-62server entitlement]# 

^^^ BANG! FAILED WITH A .pem EXTENSION TOO

NOW LET"S TRY WITH THIRD CASE...

[root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/*
[root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/3567730850023029883
Successfully imported certificate 3567730850023029883
[root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/
3567730850023029883  3567730850023029883-key
[root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed
No Consumed subscription pools to list

^^^ BANG! FAILED AGAIN.

NOW LET"S TRY WITH FOURTH CASE...


[root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/*
[root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/3567730850023029883.pem
Successfully imported certificate 3567730850023029883.pem
[root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/
3567730850023029883-key.pem  3567730850023029883.pem
[root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Management Add-On        
ContractNumber:     	71                       
AccountNumber:      	12331131231              
SerialNumber:       	3567730850023029883      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	08/28/2011               
Expires:            	08/27/2012      

^^^ NOW IT WORKS.

Comment 1 Michael Stead 2011-09-08 16:07:52 UTC
Fixed in master branch (3236ce3f2561e306886ff80963a4ddb3bbdb6950)

Now checks the serial number of the cert and renames the file in the following formats:

<s/n>.pem
<s/n>-key.pem

Comment 3 John Sefler 2011-09-08 18:03:27 UTC
Verifying Version...
[root@jsefler-onprem-62server ~]# rpm -q subscription-manager
subscription-manager-0.96.9-1.git.4.3236ce3.el6.x86_64


[root@jsefler-onprem-62server ~]# subscription-manager clean
All local data removed
[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
No Consumed subscription pools to list
[root@jsefler-onprem-62server ~]# subscription-manager import --certificate /tmp/importCertificatesDir/myExportedEntitlement.pem
Successfully imported certificate myExportedEntitlement.pem
[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4249612904057333274-key.pem  4249612904057333274.pem
[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Awesome OS for i686/x86_64 Bits
ContractNumber:     	44                       
AccountNumber:      	12331131231              
SerialNumber:       	4249612904057333274      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	07/29/2011               
Expires:            	09/28/2012               



^^^ VERIFIED THAT AN IMPORT OF A VALID CERTIFICATE BUNDLE THAT WAS RENAMED BY THE USER (myExportedEntitlement.pem) WAS TRUELY IMPORTED SUCCESSFULLY BY SUBSCRIPTION-MANGER. LET'S TRY AGAIN WITH (anotherExportedEntitlement)...


[root@jsefler-onprem-62server ~]# subscription-manager import --certificate /tmp/importCertificatesDir/anotherExportedEntitlement
Successfully imported certificate anotherExportedEntitlement
[root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/
4249612904057333274-key.pem  4249612904057333274.pem  8122730699557767282-key.pem  8122730699557767282.pem
[root@jsefler-onprem-62server ~]# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Awesome OS for i686/x86_64 Bits
ContractNumber:     	44                       
AccountNumber:      	12331131231              
SerialNumber:       	4249612904057333274      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	07/29/2011               
Expires:            	09/28/2012               


ProductName:        	Management Bits          
ContractNumber:     	18                       
AccountNumber:      	12331131231              
SerialNumber:       	8122730699557767282      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	07/29/2011               
Expires:            	09/28/2012               


^^^ VERIFIED THE RENAMED CERTIFICATE WAS TRUELY IMPORTED SUCCESSFULLY BY SUBSCRIPTION-MANGER.

Moving to VERIFIED

Comment 4 errata-xmlrpc 2011-12-06 17:23:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1695.html


Note You need to log in before you can comment on or make changes to this bug.