786155 – Registration with AKs fails on vanilla EL 6.2

Bug 786155 - Registration with AKs fails on vanilla EL 6.2

Summary: Registration with AKs fails on vanilla EL 6.2

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	katello-agent
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high vote
Target Milestone:	Unspecified
Assignee:	Bryan Kearney
QA Contact:	Og Maciel
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	789448 (view as bug list)
Depends On:
Blocks:	790485
TreeView+	depends on / blocked

Reported:	2012-01-31 15:48 UTC by Lukas Zapletal
Modified:	2019-09-26 15:56 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	790485 (view as bug list)
Environment:
Last Closed:	2012-08-22 18:23:47 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lukas Zapletal 2012-01-31 15:48:56 UTC

Steps to Reproduce:
1. Install RHEL 6.2 "vanilla" (no updates!)
2. Configure the rhsm
3. Register against a Katello server using one or more activation keys
  
Actual results:

Both fails

Expected results:

Should work

Additional info:

Covered with system tests. Two tests failing on EL 6.2 vanilla.

Comment 2 Lukas Zapletal 2012-02-14 11:41:15 UTC

Similar to this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=784904

but different. In the linked issue Katello was not authorizing the package upload request. In this BZ Katello does not allow to authenticate rhsm.

Comment 3 Lukas Zapletal 2012-02-14 12:08:36 UTC

The registration call in the "old" rhsm does not contain either certificate or username and password:

Started POST "/katello/api/consumers?owner=org_rhsm_d811620&activation_keys=ak1_d811620" for 127.0.0.1 at Tue Feb 14 13:04:28 +0100 2012
  Processing by Api::SystemsController#activate as JSON

	0x0030:  0085 c918 504f 5354 202f 6b61 7465 6c6c  ....POST./katell
	0x0040:  6f2f 6170 692f 636f 6e73 756d 6572 733f  o/api/consumers?
	0x0050:  6f77 6e65 723d 6f72 675f 7268 736d 5f64  owner=org_rhsm_d
	0x0060:  3831 3136 3230 2661 6374 6976 6174 696f  811620&activatio
	0x0070:  6e5f 6b65 7973 3d61 6b31 5f64 3831 3136  n_keys=ak1_d8116
	0x0080:  3230 2048 5454 502f 312e 310d 0a48 6f73  20.HTTP/1.1..Hos
	0x0090:  743a 2031 3237 2e30 2e30 2e31 3a35 3030  t:.127.0.0.1:500
	0x00a0:  300d 0a41 6363 6570 742d 456e 636f 6469  0..Accept-Encodi
	0x00b0:  6e67 3a20 6964 656e 7469 7479 0d0a 436f  ng:.identity..Co
	0x00c0:  6e74 656e 742d 7479 7065 3a20 6170 706c  ntent-type:.appl
	0x00d0:  6963 6174 696f 6e2f 6a73 6f6e 0d0a 4163  ication/json..Ac
	0x00e0:  6365 7074 3a20 6170 706c 6963 6174 696f  cept:.applicatio
	0x00f0:  6e2f 6a73 6f6e 0d0a 585f 464f 5257 4152  n/json..X_FORWAR
	0x0100:  4445 445f 5052 4f54 4f3a 2068 7474 7073  DED_PROTO:.https
	0x0110:  0d0a 5353 4c5f 434c 4945 4e54 5f43 4552  ..SSL_CLIENT_CER
	0x0120:  543a 2028 6e75 6c6c 290d 0a58 2d46 6f72  T:.(null)..X-For
	0x0130:  7761 7264 6564 2d46 6f72 3a20 3132 372e  warded-For:.127.
	0x0140:  302e 302e 310d 0a58 2d46 6f72 7761 7264  0.0.1..X-Forward
	0x0150:  6564 2d48 6f73 743a 2062 6574 612e 6c61  ed-Host:.beta.la
	0x0160:  6e0d 0a58 2d46 6f72 7761 7264 6564 2d53  n..X-Forwarded-S
	0x0170:  6572 7665 723a 2062 6574 612e 6c61 6e0d  erver:.beta.lan.
	0x0180:  0a43 6f6e 6e65 6374 696f 6e3a 204b 6565  .Connection:.Kee
	0x0190:  702d 416c 6976 650d 0a43 6f6e 7465 6e74  p-Alive..Content
	0x01a0:  2d4c 656e 6774 683a 2033 3537 300d 0a0d  -Length:.3570...
	0x01b0:  0a7b 2266 6163 7473 223a 207b 2264 6d69  .{"facts":.{"dmi
	0x01c0:  2e73 7973 7465 6d2e 7575 6964 223a 2022  .system.uuid":."
	0x01d0:  3930 3836 3332 6331 2d30 3761 332d 6433  908632c1-07a3-d3
	0x01e0:  3334 2d30 3761 362d 3933 3365 6661 6162  34-07a6-933efaab
	0x01f0:  6432 6335 222c 2022 6c73 6370 752e 6c31  d2c5",."lscpu.l1
	0x0200:  645f 6361 6368 6522 3a20 2233 324b 222c  d_cache":."32K",
	0x0210:  2022 6469 7374 7269 6275 7469 6f6e 2e6e  ."distribution.n
	0x0220:  616d 6522 3a20 2252 6564 2048 6174 2045  ame":."Red.Hat.E
	0x0230:  6e74 6572 7072 6973 6520 4c69 6e75 7820  nterprise.Linux.
	0x0240:  5365 7276 6572 222c 2022 646d 692e 6269  Server",."dmi.bi

I guess we are not able to allow regitration from this one without proper authentication.

Comment 4 Bryan Kearney 2012-02-14 12:49:46 UTC

The creds should not be necessary with an activation key.

Comment 6 Mike McCune 2012-02-14 15:59:08 UTC

*** Bug 789448 has been marked as a duplicate of this bug. ***

Comment 7 Lukas Zapletal 2012-02-14 16:17:11 UTC

So dgoodwin confirmed me this particluar "vanilla" version does not send either cert or credentials. what is the preferred solution?

I guess we need to do some kind of trick because many customers will try to register a clean rhel 6.2 I guess

Possible solution is to ignore first package profile update and return HTTP 200, but then rhsm will think it is up-to-date until the next refresh.

Comment 10 Og Maciel 2012-02-23 18:25:18 UTC

Verified on:
* candlepin-0.5.22-1.el6.noarch
* candlepin-tomcat6-0.5.22-1.el6.noarch
* katello-0.1.300-1.el6.noarch
* katello-all-0.1.300-1.el6.noarch
* katello-certs-tools-1.0.2-2.el6.noarch
* katello-cli-0.1.100-2.el6.noarch
* katello-cli-common-0.1.100-2.el6.noarch
* katello-common-0.1.300-1.el6.noarch
* katello-configure-0.1.100-7.el6.noarch
* katello-glue-candlepin-0.1.300-1.el6.noarch
* katello-glue-foreman-0.1.300-1.el6.noarch
* katello-glue-pulp-0.1.300-1.el6.noarch
* katello-httpd-ssl-key-pair-1.0-1.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-repos-0.1.5-1.el6.noarch
* katello-selinux-0.1.7-1.el6.noarch
* katello-trusted-ssl-cert-1.0-1.noarch
* pulp-0.0.267-2.el6.noarch
* pulp-admin-0.0.267-2.el6.noarch
* pulp-client-lib-0.0.267-2.el6.noarch
* pulp-common-0.0.267-2.el6.noarch
* pulp-selinux-server-0.0.267-2.el6.noarch

Comment 12 Mike McCune 2013-08-16 18:04:46 UTC

getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.