Hide Forgot
Description of problem: Install HA on RHEL6.2 server then install LB on it. Once the LB is installed, HA's product cert (83.pem) got removed. Version-Release number of selected component (if applicable): subscription-manager-0.96.17-1.el6 python-rhsm-0.96.15-1.el6 How reproducible: always Steps to Reproduce: 1. configure to use stage candlepin and cdn-internal instance # subscription-manager config --server.hostname=subscription.rhn.stage.redhat.com # subscription-manager config --rhsm.baseurl=http://cdn-internal.rcm-test.redhat.com 2. register, subscribe then install a package from HA # subscription-manager register --username=stage_test_2 # subscription-manager subscribe --pool=8a99f981335b908601335ba8ec6d003 ##RHEL Server subscription # subscription-manager subscribe --pool=8a99f981335b908601335ba8ec33002f ## HA subscription # yum-config-manager --disable rhel-6-server-rpms ##disable dist repo # yum-config-manager --disable rhel-ha-for-rhel-6-server-rpms # yum-config-manager --enable rhel-6-server-beta-rpms ##enable beta repo, because latest snapshot content has been pushed to /content/beta/ # yum-config-manager --enable rhel-ha-for-rhel-6-server-beta-rpms # yum install hwloc # yum install omping # ls /etc/pki/product/ 69.pem 83.pem ^^^^ HA product cert 3. unregister (because we don't have a bundle containing both HA ans LB subscriptions) # subscription-manager unregister 4. register, subscribe then install a package from LB # subscription-manager register --username=stage_test_5 # subscription-manager subscribe --pool=8a99f982335b997a01336cd441de65a1 ##RHEL Server subscription # subscription-manager subscribe --pool=8a99f982335b997a01336cd441b26585 ## LB subscription # yum-config-manager -q --disable rhel-6-server-rpms # yum-config-manager -q --disable rhel-lb-for-rhel-6-server-rpm # yum-config-manager -q --enable rhel-lb-for-rhel-6-server-beta-rpms # yum-config-manager -q --enable rhel-6-server-beta-rpms # yum install piranha # ls /etc/pki/product/ 69.pem 85.pem ^^^^ LB product cert Actual results: Notice after installation of LB product, HA product cert (83.pem) got removed. Expected results: # ls /etc/pki/product/ 69.pem 83.pem 85.pem Additional info: after step 4, # cat /var/lib/rhsm/cache/installed_products.json {"69": "Red Hat Enterprise Linux Server", "83": "Red Hat Enterprise Linux High Availability (for RHEL Server)"} # cat /var/lib/rhsm/productid.js { "69": "rhel-6-server-beta-rpms", "85": "rhel-lb-for-rhel-6-server-beta-rpms" }
Created attachment 531769 [details] rhsm.log
Created attachment 531771 [details] screen output
I believe this is related to the unregister in step 3, this would cause the first addon repo to be removed on the system, and the code that manages the product certs probably detects this and cleans it up. The code does appear to try not to delete product certs for repos that are *disabled*, but if the repo is no longer there, that is probably what is triggering this behavior. This is arguably a bug, still trying to decide, but appears to be of minor impact. If you were to use your two addon repos from the same account, which would be the normal use case, then the product cert should *not* get cleaned up.
(In reply to comment #4) > The code does appear to try not to delete product certs for repos that are > *disabled*, but if the repo is no longer there, that is probably what is > triggering this behavior. This is arguably a bug, still trying to decide, but > appears to be of minor impact. I would vote for that being a bug. Removing a yum repo doesn't imply that the product has been removed. We should only remove product certs when all packages that had been installed from the repo tied to the cert are erased.
To further complicate matters, I cannot reproduce this, I've run through all the exact same commands on the exact same accounts, my 83.pem remains... Trying to figure out where to go with this bug.
I've been trying to reproduce on an old 6.2 test build with updated subscription-manager packages, but have been unable to do so. Keqin, is there anything you could do to help reverify or confirm if everything is ok *if* you don't unsubscribe in the middle? We suspect this should be fine in the normal use case but we do not have infrastructure where we can test it yet. I'm making another attempt with a much newer 6.2 ISO, will post how it goes.