Bug 809811 - s-m register --autosubscribe granting access to too much content
s-m register --autosubscribe granting access to too much content
Status: CLOSED NOTABUG
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Subscription Management (Show other bugs)
6.0.1
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: --
Assigned To: Devan Goodwin
Katello QA List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-04 08:44 EDT by James Laska
Modified: 2014-01-27 08:25 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-04 10:52:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Laska 2012-04-04 08:44:05 EDT
Description of problem:

On RHEL6.2 deployments, the 'subscription-manager register --autosubscribe' command is granting access to more than the expected content.  For example, it appears to be granting access to Server, Workstation, CLoudForms and a few other channels.

Version-Release number of selected component (if applicable):
 * subscription-manager-0.96.17-1.el6

How reproducible:
 * Seems like I see this only on RHEL6 (RHEL5 appears to do the right thing)

Steps to Reproduce:
1. # subscription-manager register --org redhat --env Dev --username sa_dev --password sa_dev --autosubscribe
2. # subscription-manager list --installed
3. # subscription-manager list --consumed
4. # yum repolist
5. # yum install vte
  
Actual results:

# subscription-manager register --org redhat --env Dev --username sa_dev --password sa_dev --autosubscribe
The system has been registered with id: 1df63a40-aa6b-459a-b505-c7802805c00f 
Installed Product Current Status:
ProductName:          	Red Hat Enterprise Linux Server
Status:               	Subscribed      

# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+

ProductName:        	Red Hat Enterprise Linux Server
Version:            	6.2                      
Arch:               	i386                     
Status:             	Subscribed               
Starts:             	02/22/2012               
Expires:            	02/22/2013

# subscription-manager list --consumed 
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+


ProductName:        	Red Hat Enterprise Linux High Availability (for RHEL Server)
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat CloudForms       
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat Enterprise Linux Workstation
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat Enterprise Linux Server
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat Enterprise Linux Resilient Storage (for RHEL Server)
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat Enterprise Linux Load Balancer (for RHEL Server)
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013               


ProductName:        	Red Hat Enterprise Linux Scalable File System (for RHEL Server)
ContractNumber:     	2750372                  
AccountNumber:      	477931                   
SerialNumber:       	7941653071572540256      
Active:             	True                     
QuantityUsed:       	1                        
Begins:             	02/22/2012               
Expires:            	02/22/2013         


# yum repolist
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
https://qeblade31.rhq.lab.eng.bos.redhat.com/pulp/repos/redhat/Dev/content/dist/rhel/server/6/6Server/i386/cf-ce/1.0/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404"
Trying other mirror.
repo id                       repo name                                   status
rhel-6-server-cf-ce-1-rpms    Red Hat CloudForms Cloud Engine (RPMs)      0
rhel-6-server-cf-se-1-rpms    Red Hat CloudForms System Engine (RPMs)     0
rhel-6-server-cf-tools-1-rpms Red Hat CloudForms Tools for RHEL 6 (RPMs)  0
rhel-6-server-rpms            Red Hat Enterprise Linux 6 Server (RPMs)    0
repolist: 0



Expected results:

I was expecting *ONLY* the following repositories to be enabled on this system.

# yum repolist
repo id                          repo name                                      status
rhel-5-server-cf-tools-1-rpms    Red Hat CloudForms Tools for RHEL 5 (RPMs)          0
rhel-5-server-rpms               Red Hat Enterprise Linux 5 Server (RPMs)       13,437

Additional info:

 * MANIFEST used - http://file.rdu.redhat.com/~jlaska/manifests_accessqa.zip
Comment 1 Devan Goodwin 2012-04-04 10:03:35 EDT
The manifest contains an entitlement for this product:

    "productId": "SYS0395",
    "productName": "Red Hat Employee Subscription",

Which is what autosubscribe found to be the best fit for the system, and it provides access to the products you listed above.

RHEL 5 could be picking up a different subscription (you can tell by checking the contract ID in list --consumed), or the repos are not appearing there because they are only relevant to RHEL 6. (we do some tagging of product certs, which will prevent some repos from being used)

Either way though, this appears to be behaving as expected to me if we're just seeing different repos on RHEL 5 / 6, I would check the contract ID on a RHEL 5 system, but otherwise might need more info on why this is unexpected.

Thanks!
Comment 2 James Laska 2012-04-04 10:32:28 EDT
(In reply to comment #1)
> The manifest contains an entitlement for this product:
> 
>     "productId": "SYS0395",
>     "productName": "Red Hat Employee Subscription",
> 
> Which is what autosubscribe found to be the best fit for the system, and it
> provides access to the products you listed above.
> 
> RHEL 5 could be picking up a different subscription (you can tell by checking
> the contract ID in list --consumed), or the repos are not appearing there
> because they are only relevant to RHEL 6. (we do some tagging of product certs,
> which will prevent some repos from being used)
> 
> Either way though, this appears to be behaving as expected to me if we're just
> seeing different repos on RHEL 5 / 6, I would check the contract ID on a RHEL 5
> system, but otherwise might need more info on why this is unexpected.

Oddly enough, 'subscription-manager list --consumed' shows the same output on a RHEL-5 system (http://pastebin.test.redhat.com/84156).  Yet somehow, 'yum repolist' shows only the Server and tools channel (which is what I want in the end).

How do I check the contract ID?
Comment 3 James Laska 2012-04-04 10:33:17 EDT
(In reply to comment #2)
> How do I check the contract ID?

# subscription-manager list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+

ProductName:          	Red Hat Enterprise Linux Workstation
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat CloudForms       
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat Enterprise Linux Server
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat Enterprise Linux Resilient Storage (for RHEL Server)
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat Enterprise Linux Load Balancer (for RHEL Server)
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat Enterprise Linux Scalable File System (for RHEL Server)
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013               

ProductName:          	Red Hat Enterprise Linux High Availability (for RHEL Server)
ContractNumber:       	2750372                  
AccountNumber:        	477931                   
SerialNumber:         	7399729712934044098      
Active:               	True                     
QuantityUsed:         	1                        
Begins:               	02/22/2012               
Expires:              	02/22/2013
Comment 4 Devan Goodwin 2012-04-04 10:52:13 EDT
Confirmed that this is just the way the content is set up on the Red Hat Employee Subscription. 

If you look at the entitlement certs in the manifest: ~/temp/export/entitlement_certificates) $ openssl x509 -text -in 7470122332792627778.pem| less

You can see all the content data being sent to the client. The interesting oid's here are .1.10 (which lists "tags" that are required from product certs on the machine before that repo will be enabled), and .1.8 (whether the repo should be enabled or not by default)

A RHEL 6 system will provide the rhel-6-server tag, RHEL 5 the rhel-5-server tag. In this product definition we can see there are more repos that will be available by default for RHEL 6, for example "Red Hat CloudForms System Engine (RPMs)". There is no RHEL 5 version of this repo included.

Going to close this as NOTABUG as we're basically seeing more on RHEL 6 because the product for employee subscriptions is set up that way. If this is a concern and we expect RHEL 5 to include these, or the employee subscription to NOT provide these for RHEL 6, please re-open and we will try to track down someone who has control over this product data.
Comment 5 Mike McCune 2013-08-16 14:01:29 EDT
getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.