807721 – upgrading subscription-manager to rhel63 does not set a default rhsm.manage_repos configuration

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 807721 - upgrading subscription-manager to rhel63 does not set a default rhsm.manage_repos configuration

Summary: upgrading subscription-manager to rhel63 does not set a default rhsm.manage_r...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	python-rhsm
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Michael Stead
QA Contact:	Entitlement Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	738066
TreeView+	depends on / blocked

Reported:	2012-03-28 14:50 UTC by John Sefler
Modified:	2012-06-20 12:58 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-06-20 12:58:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0804	0	normal	SHIPPED_LIVE	subscription-manager bug fix and enhancement update	2012-06-19 19:51:31 UTC
Red Hat Product Errata	RHBA-2012:0805	0	normal	SHIPPED_LIVE	python-rhsm bug fix and enhancement update	2012-06-19 20:34:30 UTC

Description John Sefler 2012-03-28 14:50:13 UTC

Description of problem:
New in rhel63 is the rhsm.manage_repos configuration which gets installed with a new /etc/rhsm/rhsm.conf file.  However in the upgrade scenario where we upgrade subscription manager from rhel62 to rhel63, a default value for manage_repos does not appear to get set. 


Version-Release number of selected component (if applicable):
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.99.12-1.el6.x86_64


How reproducible:


Steps to Reproduce:
Start with an install of subscription-manager from rhel62..
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.96.17.2-2.el6.x86_64
[root@jsefler-r63-server ~]# subscription-manager config --server.insecure 1
^^ THIS SIMPLY CHANGES A CONFIG IN rhsm.log TO A NON-DEFAULT VALUE
[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf
[root@jsefler-r63-server ~]# 
^^ THIS SIMPLY SHOW THAT THE manage_repos CONFIG DID NOT EXIST DURING RHEL62
[root@jsefler-r63-server ~]# rpm -Uvh http://download.devel.redhat.com/brewroot/packages/subscription-manager/0.99.12/1.el6/x86_64/subscription-manager-0.99.12-1.el6.x86_64.rpm http://download.devel.redhat.com/brewroot/packages/python-rhsm/0.99.7/1.el6/noarch/python-rhsm-0.99.7-1.el6.noarch.rpm
Retrieving http://download.devel.redhat.com/brewroot/packages/subscription-manager/0.99.12/1.el6/x86_64/subscription-manager-0.99.12-1.el6.x86_64.rpm
Retrieving http://download.devel.redhat.com/brewroot/packages/python-rhsm/0.99.7/1.el6/noarch/python-rhsm-0.99.7-1.el6.noarch.rpm
Preparing...                ########################################### [100%]
   1:python-rhsm            ########################################### [ 50%]
   2:subscription-manager   warning: /etc/rhsm/rhsm.conf created as /etc/rhsm/rhsm.conf.rpmnew
########################################### [100%]

^^^ THE WARNING IS GOOD TO SHOW THAT A NEW rhsm.conf IS LAID DOWN BUT WILL EXIST FOR INFORMATION ONLY.

[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf
[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf.rpmnew 
manage_repos = 1
[root@jsefler-r63-server ~]#

^^^ NOTICE THAT THE NEW manage_repos CONFIG IS PRESENT IN THE rhsm.conf.rpmnew FILE BUT NOT rhsm.conf.  THIS MAKES SENSE AND IS EXPECTED.

[root@jsefler-r63-server ~]# subscription-manager config --list
[server]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = subscription.rhn.redhat.com
   insecure = 1
   port = 443
   prefix = /subscription
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = https://cdn.redhat.com
   ca_cert_dir = [/etc/rhsm/ca/]
   consumercertdir = /etc/pki/consumer
   entitlementcertdir = /etc/pki/entitlement
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = /etc/pki/product
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = 240
   healfrequency = 1440
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use

^^^ BANG! THERE IS NO DEFAULT VALUE FOR rhsm.manage_repos.  EXPECTED TO SEE:
   manage_repos = [1]

Comment 1 John Sefler 2012-03-28 15:07:56 UTC

Upon further review, this problem has nothing to do with the upgrade scenario.  Instead, there are several configurations (including manage_repos) for which no default value appears to exist....


[root@jsefler-r63-workstation ~]# cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:

# Unified Entitlement Platform Configuration
[server]
# Server hostname:
#hostname=jsefler-f14-candlepin.usersys.redhat.com
#hostname=subscription.rhn.stage.redhat.com

# Server prefix:
#prefix=/candlepin
#prefix=/subscription

# Server port:
#port=443

# Set to 1 to disable certificate validation:
#insecure=0

# Set the depth of certs which should be checked
# when validating a certificate
#ssl_verify_depth = 3

# Server CA certificate location:
#ca_cert_dir = /etc/rhsm/ca/

# an http proxy server to use
#proxy_hostname =

# port for http proxy server
#proxy_port =

# user name for authenticating to an http proxy, if needed
#proxy_user =

# password for basic http proxy auth, if needed
#proxy_password =

[rhsm]
# Content base URL:
#baseurl= https://cdn.redhat.com

# Default CA cert to use when generating yum repo configs:
#repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem

# Where the certificates should be stored
productCertDir=/etc/pki/product
entitlementCertDir=/etc/pki/entitlement
consumerCertDir=/etc/pki/consumer

# Manage generation of yum repositories for subscribed content:
#manage_repos = 1

[rhsmcertd]
# Frequency of certificate refresh (in minutes):
#certFrequency = 240
# Frequency of autoheal check (1440 min = 1 day):
#healFrequency = 1440


[root@jsefler-r63-workstation ~]# subscription-manager config --list
[server]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   ca_cert_dir = [/etc/rhsm/ca/]
   consumercertdir = /etc/pki/consumer
   entitlementcertdir = /etc/pki/entitlement
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = /etc/pki/product
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use


[root@jsefler-r63-workstation ~]# 


AFTER COMMENTING OUT SEVERAL rhsm.conf VALUES, NO DEFAULT VALUE APPEARS FOR THESE CONFIGURATIONS:

rhsm.baseurl
rhsm.manage_repos
rhsm.productCertDir
rhsm.entitlementCertDir
rhsm.consumerCertDir
rhsmcertd.certFrequency
rhsmcertd.healFrequency

WORSE IS THAT A TRACEBACK IS THROWN WHEN THESE CONFIGURATIONS ARE NOT SET:
rhsm.productCertDir
rhsm.entitlementCertDir
rhsm.consumerCertDir

FOR EXAMPLE...
[root@jsefler-r63-workstation ~]# subscription-manager config --list
Traceback (most recent call last):
  File "/usr/sbin/subscription-manager", line 54, in <module>
    from subscription_manager import managercli
  File "/usr/share/rhsm/subscription_manager/managercli.py", line 41, in <module>
    from subscription_manager.certlib import CertLib, ConsumerIdentity
  File "/usr/share/rhsm/subscription_manager/certlib.py", line 25, in <module>
    from subscription_manager.certdirectory import EntitlementDirectory, \
  File "/usr/share/rhsm/subscription_manager/certdirectory.py", line 179, in <module>
    class ProductDirectory(CertificateDirectory):
  File "/usr/share/rhsm/subscription_manager/certdirectory.py", line 181, in ProductDirectory
    PATH = cfg.get('rhsm', 'productCertDir')
  File "/usr/lib/python2.6/site-packages/rhsm/config.py", line 56, in get
    return SafeConfigParser.get(self, section, prop)
  File "/usr/lib/python2.6/site-packages/iniparse/compat.py", line 228, in get
    value = RawConfigParser.get(self, section, option, vars)
  File "/usr/lib/python2.6/site-packages/iniparse/compat.py", line 126, in get
    raise NoOptionError(option, section)
ConfigParser.NoOptionError: No option 'productcertdir' in section: 'rhsm'
[root@jsefler-r63-workstation ~]#

Comment 2 Michael Stead 2012-03-29 19:12:27 UTC

This bug was actually fixed in python-rhsm:
e68bc917c685b0e294a67a9bad9197685c7b44f1

It will be available in: python-rhsm-0.99.8-1+

Comment 4 John Sefler 2012-04-05 18:38:57 UTC

Verifying Version...
[root@jsefler-r63-server ~]# rpm -q python-rhsm
python-rhsm-0.99.8-1.el6.noarch
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.99.13-1.el6.x86_64


After commenting out all of the rhsm.conf values....

[root@jsefler-r63-server ~]# cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:

# Unified Entitlement Platform Configuration
[server]
# Server hostname:
#hostname=subscription.rhn.stage.redhat.com

# Server prefix:
#prefix=/subscription
#prefix=/candlepin

# Server port:
#port=443

# Set to 1 to disable certificate validation:
#insecure = 1

# Set the depth of certs which should be checked
# when validating a certificate
#ssl_verify_depth = 3

# Server CA certificate location:
#ca_cert_dir = /etc/rhsm/ca/

# an http proxy server to use
#proxy_hostname =

# port for http proxy server
#proxy_port =

# user name for authenticating to an http proxy, if needed
#proxy_user =

# password for basic http proxy auth, if needed
#proxy_password =

[rhsm]
# Content base URL:
#baseurl= https://cdn.redhat.com

# Default CA cert to use when generating yum repo configs:
#repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem

# Where the certificates should be stored
#productCertDir = /etc/pki/product
#entitlementCertDir = /etc/pki/entitlement
#consumerCertDir = /etc/pki/consumer

# Manage generation of yum repositories for subscribed content:
#manage_repos=1

[rhsmcertd]
# Frequency of certificate refresh (in minutes):
#certFrequency = 2
# Frequency of autoheal check (1440 min = 1 day):
#healFrequency = 1440


[root@jsefler-r63-server ~]# subscription-manager config --list
[server]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use


[root@jsefler-r63-server ~]# 


^^^ VERIFIED That all of the rhsm.conf values now have defaults.
Moving to VERIFIED

Comment 8 errata-xmlrpc 2012-06-20 12:58:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0805.html

Note You need to log in before you can comment on or make changes to this bug.