Bug 807721 - upgrading subscription-manager to rhel63 does not set a default rhsm.manage_repos configuration
upgrading subscription-manager to rhel63 does not set a default rhsm.manage_r...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: python-rhsm (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Michael Stead
Entitlement Bugs
:
Depends On:
Blocks: 738066
  Show dependency treegraph
 
Reported: 2012-03-28 10:50 EDT by John Sefler
Modified: 2012-06-20 08:58 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 08:58:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Sefler 2012-03-28 10:50:13 EDT
Description of problem:
New in rhel63 is the rhsm.manage_repos configuration which gets installed with a new /etc/rhsm/rhsm.conf file.  However in the upgrade scenario where we upgrade subscription manager from rhel62 to rhel63, a default value for manage_repos does not appear to get set. 


Version-Release number of selected component (if applicable):
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.99.12-1.el6.x86_64


How reproducible:


Steps to Reproduce:
Start with an install of subscription-manager from rhel62..
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.96.17.2-2.el6.x86_64
[root@jsefler-r63-server ~]# subscription-manager config --server.insecure 1
^^ THIS SIMPLY CHANGES A CONFIG IN rhsm.log TO A NON-DEFAULT VALUE
[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf
[root@jsefler-r63-server ~]# 
^^ THIS SIMPLY SHOW THAT THE manage_repos CONFIG DID NOT EXIST DURING RHEL62
[root@jsefler-r63-server ~]# rpm -Uvh http://download.devel.redhat.com/brewroot/packages/subscription-manager/0.99.12/1.el6/x86_64/subscription-manager-0.99.12-1.el6.x86_64.rpm http://download.devel.redhat.com/brewroot/packages/python-rhsm/0.99.7/1.el6/noarch/python-rhsm-0.99.7-1.el6.noarch.rpm
Retrieving http://download.devel.redhat.com/brewroot/packages/subscription-manager/0.99.12/1.el6/x86_64/subscription-manager-0.99.12-1.el6.x86_64.rpm
Retrieving http://download.devel.redhat.com/brewroot/packages/python-rhsm/0.99.7/1.el6/noarch/python-rhsm-0.99.7-1.el6.noarch.rpm
Preparing...                ########################################### [100%]
   1:python-rhsm            ########################################### [ 50%]
   2:subscription-manager   warning: /etc/rhsm/rhsm.conf created as /etc/rhsm/rhsm.conf.rpmnew
########################################### [100%]

^^^ THE WARNING IS GOOD TO SHOW THAT A NEW rhsm.conf IS LAID DOWN BUT WILL EXIST FOR INFORMATION ONLY.

[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf
[root@jsefler-r63-server ~]# grep manage_repos /etc/rhsm/rhsm.conf.rpmnew 
manage_repos = 1
[root@jsefler-r63-server ~]#

^^^ NOTICE THAT THE NEW manage_repos CONFIG IS PRESENT IN THE rhsm.conf.rpmnew FILE BUT NOT rhsm.conf.  THIS MAKES SENSE AND IS EXPECTED.

[root@jsefler-r63-server ~]# subscription-manager config --list
[server]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = subscription.rhn.redhat.com
   insecure = 1
   port = 443
   prefix = /subscription
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = https://cdn.redhat.com
   ca_cert_dir = [/etc/rhsm/ca/]
   consumercertdir = /etc/pki/consumer
   entitlementcertdir = /etc/pki/entitlement
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = /etc/pki/product
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = 240
   healfrequency = 1440
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use

^^^ BANG! THERE IS NO DEFAULT VALUE FOR rhsm.manage_repos.  EXPECTED TO SEE:
   manage_repos = [1]
Comment 1 John Sefler 2012-03-28 11:07:56 EDT
Upon further review, this problem has nothing to do with the upgrade scenario.  Instead, there are several configurations (including manage_repos) for which no default value appears to exist....


[root@jsefler-r63-workstation ~]# cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:

# Unified Entitlement Platform Configuration
[server]
# Server hostname:
#hostname=jsefler-f14-candlepin.usersys.redhat.com
#hostname=subscription.rhn.stage.redhat.com

# Server prefix:
#prefix=/candlepin
#prefix=/subscription

# Server port:
#port=443

# Set to 1 to disable certificate validation:
#insecure=0

# Set the depth of certs which should be checked
# when validating a certificate
#ssl_verify_depth = 3

# Server CA certificate location:
#ca_cert_dir = /etc/rhsm/ca/

# an http proxy server to use
#proxy_hostname =

# port for http proxy server
#proxy_port =

# user name for authenticating to an http proxy, if needed
#proxy_user =

# password for basic http proxy auth, if needed
#proxy_password =

[rhsm]
# Content base URL:
#baseurl= https://cdn.redhat.com

# Default CA cert to use when generating yum repo configs:
#repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem

# Where the certificates should be stored
productCertDir=/etc/pki/product
entitlementCertDir=/etc/pki/entitlement
consumerCertDir=/etc/pki/consumer

# Manage generation of yum repositories for subscribed content:
#manage_repos = 1

[rhsmcertd]
# Frequency of certificate refresh (in minutes):
#certFrequency = 240
# Frequency of autoheal check (1440 min = 1 day):
#healFrequency = 1440


[root@jsefler-r63-workstation ~]# subscription-manager config --list
[server]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   ca_cert_dir = [/etc/rhsm/ca/]
   consumercertdir = /etc/pki/consumer
   entitlementcertdir = /etc/pki/entitlement
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = /etc/pki/product
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   ca_cert_dir = [/etc/rhsm/ca/]
   hostname = [localhost]
   insecure = [0]
   port = [8443]
   prefix = [/candlepin]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use


[root@jsefler-r63-workstation ~]# 


AFTER COMMENTING OUT SEVERAL rhsm.conf VALUES, NO DEFAULT VALUE APPEARS FOR THESE CONFIGURATIONS:

rhsm.baseurl
rhsm.manage_repos
rhsm.productCertDir
rhsm.entitlementCertDir
rhsm.consumerCertDir
rhsmcertd.certFrequency
rhsmcertd.healFrequency

WORSE IS THAT A TRACEBACK IS THROWN WHEN THESE CONFIGURATIONS ARE NOT SET:
rhsm.productCertDir
rhsm.entitlementCertDir
rhsm.consumerCertDir

FOR EXAMPLE...
[root@jsefler-r63-workstation ~]# subscription-manager config --list
Traceback (most recent call last):
  File "/usr/sbin/subscription-manager", line 54, in <module>
    from subscription_manager import managercli
  File "/usr/share/rhsm/subscription_manager/managercli.py", line 41, in <module>
    from subscription_manager.certlib import CertLib, ConsumerIdentity
  File "/usr/share/rhsm/subscription_manager/certlib.py", line 25, in <module>
    from subscription_manager.certdirectory import EntitlementDirectory, \
  File "/usr/share/rhsm/subscription_manager/certdirectory.py", line 179, in <module>
    class ProductDirectory(CertificateDirectory):
  File "/usr/share/rhsm/subscription_manager/certdirectory.py", line 181, in ProductDirectory
    PATH = cfg.get('rhsm', 'productCertDir')
  File "/usr/lib/python2.6/site-packages/rhsm/config.py", line 56, in get
    return SafeConfigParser.get(self, section, prop)
  File "/usr/lib/python2.6/site-packages/iniparse/compat.py", line 228, in get
    value = RawConfigParser.get(self, section, option, vars)
  File "/usr/lib/python2.6/site-packages/iniparse/compat.py", line 126, in get
    raise NoOptionError(option, section)
ConfigParser.NoOptionError: No option 'productcertdir' in section: 'rhsm'
[root@jsefler-r63-workstation ~]#
Comment 2 Michael Stead 2012-03-29 15:12:27 EDT
This bug was actually fixed in python-rhsm:
e68bc917c685b0e294a67a9bad9197685c7b44f1

It will be available in: python-rhsm-0.99.8-1+
Comment 4 John Sefler 2012-04-05 14:38:57 EDT
Verifying Version...
[root@jsefler-r63-server ~]# rpm -q python-rhsm
python-rhsm-0.99.8-1.el6.noarch
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.99.13-1.el6.x86_64


After commenting out all of the rhsm.conf values....

[root@jsefler-r63-server ~]# cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:

# Unified Entitlement Platform Configuration
[server]
# Server hostname:
#hostname=subscription.rhn.stage.redhat.com

# Server prefix:
#prefix=/subscription
#prefix=/candlepin

# Server port:
#port=443

# Set to 1 to disable certificate validation:
#insecure = 1

# Set the depth of certs which should be checked
# when validating a certificate
#ssl_verify_depth = 3

# Server CA certificate location:
#ca_cert_dir = /etc/rhsm/ca/

# an http proxy server to use
#proxy_hostname =

# port for http proxy server
#proxy_port =

# user name for authenticating to an http proxy, if needed
#proxy_user =

# password for basic http proxy auth, if needed
#proxy_password =

[rhsm]
# Content base URL:
#baseurl= https://cdn.redhat.com

# Default CA cert to use when generating yum repo configs:
#repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem

# Where the certificates should be stored
#productCertDir = /etc/pki/product
#entitlementCertDir = /etc/pki/entitlement
#consumerCertDir = /etc/pki/consumer

# Manage generation of yum repositories for subscribed content:
#manage_repos=1

[rhsmcertd]
# Frequency of certificate refresh (in minutes):
#certFrequency = 2
# Frequency of autoheal check (1440 min = 1 day):
#healFrequency = 1440


[root@jsefler-r63-server ~]# subscription-manager config --list
[server]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[rhsmcertd]
   baseurl = [https://cdn.redhat.com]
   ca_cert_dir = [/etc/rhsm/ca/]
   certfrequency = [240]
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   healfrequency = [1440]
   hostname = [localhost]
   insecure = [0]
   manage_repos = [1]
   port = [8443]
   prefix = [/candlepin]
   productcertdir = [/etc/pki/product]
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem]
   ssl_verify_depth = [3]

[] - Default value in use


[root@jsefler-r63-server ~]# 


^^^ VERIFIED That all of the rhsm.conf values now have defaults.
Moving to VERIFIED
Comment 8 errata-xmlrpc 2012-06-20 08:58:09 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0805.html

Note You need to log in before you can comment on or make changes to this bug.