Bug 751358 - product cert of first add-on product got removed when a second add-on product was installed
Summary: product cert of first add-on product got removed when a second add-on product...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: subscription-manager
Version: 5.7
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: ---
Assignee: William Poteat
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks: 715031
TreeView+ depends on / blocked
 
Reported: 2011-11-04 13:46 UTC by Keqin Hong
Modified: 2011-12-16 14:31 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-16 14:31:30 UTC
Target Upstream Version:

Attachments (Terms of Use)
rhsm.log (72.89 KB, text/plain)
2011-11-04 13:48 UTC, Keqin Hong 		no flags Details
screen output (32.23 KB, text/plain)
2011-11-04 13:56 UTC, Keqin Hong 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Keqin Hong 2011-11-04 13:46:02 UTC 
Description of problem:
Install HA on RHEL6.2 server then install LB on it. Once the LB is installed, HA's product cert (83.pem) got removed.

Version-Release number of selected component (if applicable):
subscription-manager-0.96.17-1.el6
python-rhsm-0.96.15-1.el6

How reproducible:
always


Steps to Reproduce:

1. configure to use stage candlepin and cdn-internal instance
# subscription-manager config --server.hostname=subscription.rhn.stage.redhat.com
# subscription-manager config --rhsm.baseurl=http://cdn-internal.rcm-test.redhat.com

2. register, subscribe then install a package from HA
# subscription-manager register --username=stage_test_2
# subscription-manager subscribe --pool=8a99f981335b908601335ba8ec6d003 ##RHEL Server subscription
# subscription-manager subscribe --pool=8a99f981335b908601335ba8ec33002f ## HA subscription
# yum-config-manager --disable rhel-6-server-rpms ##disable dist repo
# yum-config-manager --disable rhel-ha-for-rhel-6-server-rpms
# yum-config-manager --enable rhel-6-server-beta-rpms ##enable beta repo, because latest snapshot content has been pushed to /content/beta/
# yum-config-manager --enable rhel-ha-for-rhel-6-server-beta-rpms
# yum install hwloc
# yum install omping
# ls /etc/pki/product/
69.pem  83.pem
        ^^^^ HA product cert

3. unregister (because we don't have a bundle containing both HA ans LB subscriptions)
# subscription-manager unregister

4. register, subscribe then install a package from LB
# subscription-manager register --username=stage_test_5
# subscription-manager subscribe --pool=8a99f982335b997a01336cd441de65a1 ##RHEL Server subscription
# subscription-manager subscribe --pool=8a99f982335b997a01336cd441b26585 ## LB subscription
# yum-config-manager -q --disable rhel-6-server-rpms
# yum-config-manager -q --disable rhel-lb-for-rhel-6-server-rpm
# yum-config-manager -q --enable rhel-lb-for-rhel-6-server-beta-rpms
# yum-config-manager -q --enable rhel-6-server-beta-rpms
# yum install piranha
# ls /etc/pki/product/
69.pem  85.pem
        ^^^^ LB product cert

Actual results:
Notice after installation of LB product, HA product cert (83.pem) got removed.

Expected results:
# ls /etc/pki/product/
69.pem  83.pem  85.pem


Additional info:

after step 4,

# cat /var/lib/rhsm/cache/installed_products.json
{"69": "Red Hat Enterprise Linux Server", "83": "Red Hat Enterprise Linux High Availability (for RHEL Server)"}

# cat /var/lib/rhsm/productid.js 
{
  "69": "rhel-6-server-beta-rpms", 
  "85": "rhel-lb-for-rhel-6-server-beta-rpms"
}
Comment 1 Keqin Hong 2011-11-04 13:48:32 UTC 
Created attachment 531769 [details]
rhsm.log
Comment 2 Keqin Hong 2011-11-04 13:56:11 UTC 
Created attachment 531771 [details]
screen output
Comment 4 Devan Goodwin 2011-11-08 16:27:21 UTC 
I believe this is related to the unregister in step 3, this would cause the first addon repo to be removed on the system, and the code that manages the product certs probably detects this and cleans it up. 

The code does appear to try not to delete product certs for repos that are *disabled*, but if the repo is no longer there, that is probably what is triggering this behavior. This is arguably a bug, still trying to decide, but appears to be of minor impact. 

If you were to use your two addon repos from the same account, which would be the normal use case, then the product cert should *not* get cleaned up.
Comment 5 Dennis Gregorovic 2011-11-08 19:06:16 UTC 
(In reply to comment #4)
> The code does appear to try not to delete product certs for repos that are
> *disabled*, but if the repo is no longer there, that is probably what is
> triggering this behavior. This is arguably a bug, still trying to decide, but
> appears to be of minor impact. 

I would vote for that being a bug.  Removing a yum repo doesn't imply that the product has been removed.  We should only remove product certs when all packages that had been installed from the repo tied to the cert are erased.
Comment 6 Devan Goodwin 2011-11-08 20:04:29 UTC 
To further complicate matters, I cannot reproduce this, I've run through all the exact same commands on the exact same accounts, my 83.pem remains... Trying to figure out where to go with this bug.
Comment 7 Devan Goodwin 2011-11-09 12:09:07 UTC 
I've been trying to reproduce on an old 6.2 test build with updated subscription-manager packages, but have been unable to do so.

Keqin, is there anything you could do to help reverify or confirm if everything is ok *if* you don't unsubscribe in the middle? We suspect this should be fine in the normal use case but we do not have infrastructure where we can test it yet.

I'm making another attempt with a much newer 6.2 ISO, will post how it goes.
Note You need to log in before you can comment on or make changes to this bug.