786155 – Registration with AKs fails on vanilla EL 6.2

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 786155 - Registration with AKs fails on vanilla EL 6.2

Summary: Registration with AKs fails on vanilla EL 6.2

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	katello-agent
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Bryan Kearney
QA Contact:	Og Maciel
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	789448 (view as bug list)
Depends On:
Blocks:	790485
TreeView+	depends on / blocked

Reported:	2012-01-31 15:48 UTC by Lukas Zapletal
Modified:	2019-09-26 15:56 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	790485 (view as bug list)
Environment:
Last Closed:	2012-08-22 18:23:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Lukas Zapletal 2012-01-31 15:48:56 UTC

Steps to Reproduce:
1. Install RHEL 6.2 "vanilla" (no updates!)
2. Configure the rhsm
3. Register against a Katello server using one or more activation keys
  
Actual results:

Both fails

Expected results:

Should work

Additional info:

Covered with system tests. Two tests failing on EL 6.2 vanilla.

Comment 2 Lukas Zapletal 2012-02-14 11:41:15 UTC

Similar to this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=784904

but different. In the linked issue Katello was not authorizing the package upload request. In this BZ Katello does not allow to authenticate rhsm.

Comment 3 Lukas Zapletal 2012-02-14 12:08:36 UTC

The registration call in the "old" rhsm does not contain either certificate or username and password:

Started POST "/katello/api/consumers?owner=org_rhsm_d811620&activation_keys=ak1_d811620" for 127.0.0.1 at Tue Feb 14 13:04:28 +0100 2012
  Processing by Api::SystemsController#activate as JSON

	0x0030:  0085 c918 504f 5354 202f 6b61 7465 6c6c  ....POST./katell
	0x0040:  6f2f 6170 692f 636f 6e73 756d 6572 733f  o/api/consumers?
	0x0050:  6f77 6e65 723d 6f72 675f 7268 736d 5f64  owner=org_rhsm_d
	0x0060:  3831 3136 3230 2661 6374 6976 6174 696f  811620&activatio
	0x0070:  6e5f 6b65 7973 3d61 6b31 5f64 3831 3136  n_keys=ak1_d8116
	0x0080:  3230 2048 5454 502f 312e 310d 0a48 6f73  20.HTTP/1.1..Hos
	0x0090:  743a 2031 3237 2e30 2e30 2e31 3a35 3030  t:.127.0.0.1:500
	0x00a0:  300d 0a41 6363 6570 742d 456e 636f 6469  0..Accept-Encodi
	0x00b0:  6e67 3a20 6964 656e 7469 7479 0d0a 436f  ng:.identity..Co
	0x00c0:  6e74 656e 742d 7479 7065 3a20 6170 706c  ntent-type:.appl
	0x00d0:  6963 6174 696f 6e2f 6a73 6f6e 0d0a 4163  ication/json..Ac
	0x00e0:  6365 7074 3a20 6170 706c 6963 6174 696f  cept:.applicatio
	0x00f0:  6e2f 6a73 6f6e 0d0a 585f 464f 5257 4152  n/json..X_FORWAR
	0x0100:  4445 445f 5052 4f54 4f3a 2068 7474 7073  DED_PROTO:.https
	0x0110:  0d0a 5353 4c5f 434c 4945 4e54 5f43 4552  ..SSL_CLIENT_CER
	0x0120:  543a 2028 6e75 6c6c 290d 0a58 2d46 6f72  T:.(null)..X-For
	0x0130:  7761 7264 6564 2d46 6f72 3a20 3132 372e  warded-For:.127.
	0x0140:  302e 302e 310d 0a58 2d46 6f72 7761 7264  0.0.1..X-Forward
	0x0150:  6564 2d48 6f73 743a 2062 6574 612e 6c61  ed-Host:.beta.la
	0x0160:  6e0d 0a58 2d46 6f72 7761 7264 6564 2d53  n..X-Forwarded-S
	0x0170:  6572 7665 723a 2062 6574 612e 6c61 6e0d  erver:.beta.lan.
	0x0180:  0a43 6f6e 6e65 6374 696f 6e3a 204b 6565  .Connection:.Kee
	0x0190:  702d 416c 6976 650d 0a43 6f6e 7465 6e74  p-Alive..Content
	0x01a0:  2d4c 656e 6774 683a 2033 3537 300d 0a0d  -Length:.3570...
	0x01b0:  0a7b 2266 6163 7473 223a 207b 2264 6d69  .{"facts":.{"dmi
	0x01c0:  2e73 7973 7465 6d2e 7575 6964 223a 2022  .system.uuid":."
	0x01d0:  3930 3836 3332 6331 2d30 3761 332d 6433  908632c1-07a3-d3
	0x01e0:  3334 2d30 3761 362d 3933 3365 6661 6162  34-07a6-933efaab
	0x01f0:  6432 6335 222c 2022 6c73 6370 752e 6c31  d2c5",."lscpu.l1
	0x0200:  645f 6361 6368 6522 3a20 2233 324b 222c  d_cache":."32K",
	0x0210:  2022 6469 7374 7269 6275 7469 6f6e 2e6e  ."distribution.n
	0x0220:  616d 6522 3a20 2252 6564 2048 6174 2045  ame":."Red.Hat.E
	0x0230:  6e74 6572 7072 6973 6520 4c69 6e75 7820  nterprise.Linux.
	0x0240:  5365 7276 6572 222c 2022 646d 692e 6269  Server",."dmi.bi

I guess we are not able to allow regitration from this one without proper authentication.

Comment 4 Bryan Kearney 2012-02-14 12:49:46 UTC

The creds should not be necessary with an activation key.

Comment 6 Mike McCune 2012-02-14 15:59:08 UTC

*** Bug 789448 has been marked as a duplicate of this bug. ***

Comment 7 Lukas Zapletal 2012-02-14 16:17:11 UTC

So dgoodwin confirmed me this particluar "vanilla" version does not send either cert or credentials. what is the preferred solution?

I guess we need to do some kind of trick because many customers will try to register a clean rhel 6.2 I guess

Possible solution is to ignore first package profile update and return HTTP 200, but then rhsm will think it is up-to-date until the next refresh.

Comment 10 Og Maciel 2012-02-23 18:25:18 UTC

Verified on:
* candlepin-0.5.22-1.el6.noarch
* candlepin-tomcat6-0.5.22-1.el6.noarch
* katello-0.1.300-1.el6.noarch
* katello-all-0.1.300-1.el6.noarch
* katello-certs-tools-1.0.2-2.el6.noarch
* katello-cli-0.1.100-2.el6.noarch
* katello-cli-common-0.1.100-2.el6.noarch
* katello-common-0.1.300-1.el6.noarch
* katello-configure-0.1.100-7.el6.noarch
* katello-glue-candlepin-0.1.300-1.el6.noarch
* katello-glue-foreman-0.1.300-1.el6.noarch
* katello-glue-pulp-0.1.300-1.el6.noarch
* katello-httpd-ssl-key-pair-1.0-1.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-repos-0.1.5-1.el6.noarch
* katello-selinux-0.1.7-1.el6.noarch
* katello-trusted-ssl-cert-1.0-1.noarch
* pulp-0.0.267-2.el6.noarch
* pulp-admin-0.0.267-2.el6.noarch
* pulp-client-lib-0.0.267-2.el6.noarch
* pulp-common-0.0.267-2.el6.noarch
* pulp-selinux-server-0.0.267-2.el6.noarch

Comment 12 Mike McCune 2013-08-16 18:04:46 UTC

getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.