Bug 838113 - subscription-manager unregister leaves redhat.repo dirty which causes yum repolist traceback
subscription-manager unregister leaves redhat.repo dirty which causes yum rep...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: subscription-manager (Show other bugs)
5.9
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Adrian Likins
Entitlement Bugs
: Regression
Depends On:
Blocks: 771748
  Show dependency treegraph
 
Reported: 2012-07-06 12:13 EDT by John Sefler
Modified: 2013-01-07 22:56 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-07 22:56:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Sefler 2012-07-06 12:13:18 EDT
Description of problem:
After unregistering, the redhat.repo remains dirty which causes the next yum transaction to throw a M2Crypto.SSL.SSLError: No such file or directory since it is trying to load the entitlement certs referenced by sslclientcerts which are no longer there.

Version-Release number of selected component (if applicable):
[root@jsefler-59server ~]# rpm -q subscription-manager python-rhsm
subscription-manager-1.0.8-1.git.8.b51785c.el5
python-rhsm-1.0.3-1.git.0.583d26c.el5

How reproducible:


Steps to Reproduce:
[root@jsefler-59server ~]# subscription-manager register --username=testuser1 --force --org admin
Password: 
The system has been registered with id: 5e57811a-db83-4be0-9ca0-531e74729530 

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.

[root@jsefler-59server ~]# subscription-manager list --avail | grep "Pool Id" | head -1
Pool Id:              	8a90f8753859805a0138598161e70245

[root@jsefler-59server ~]# subscription-manager subscribe --pool 8a90f8753859805a0138598161e70245
Successfully consumed a subscription for: Awesome OS Server Bundled

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/always/5Server/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.

[root@jsefler-59server ~]# subscription-manager unregister
System has been un-registered.

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 349, in doCommands
    return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds)
  File "/usr/share/yum-cli/yumcommands.py", line 788, in doCommand
    base.repos.populateSack()
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
    self._loadRepoXML(text=self)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
    return self._groupLoadRepoXML(text, ["primary"])
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
    result = self._getFileRepoXML(local, text)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
    cache=self.http_caching == 'all')
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 805, in _getFile
    result = self.grab.urlgrab(misc.to_utf8(relative), local,
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 511, in <lambda>
    grab = property(lambda self: self._getgrab())
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 506, in _getgrab
    self._setupGrab()
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 474, in _setupGrab
    ugopts = self._default_grabopts()
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 486, in _default_grabopts
    opts = { 'keepalive': self.keepalive,
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 656, in _getSslContext
    sslCtx.load_cert(self.sslclientcert, self.sslclientkey)
  File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Context.py", line 74, in load_cert
    m2.ssl_ctx_use_cert(self.ctx, certfile)
M2Crypto.SSL.SSLError: No such file or directory

[root@jsefler-59server ~]# cat /etc/yum.repos.d/redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[content-label-empty-gpg]
name = content-emptygpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[content-label]
name = content
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/gpg/
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[content-label-no-gpg]
name = content-nogpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[always-enabled-content]
name = always-enabled-content
baseurl = https://cdn.redhat.com/foo/path/always/$releasever
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/always/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 200

[never-enabled-content]
name = never-enabled-content
baseurl = https://cdn.redhat.com/foo/path/never
enabled = 0
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/never/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 600
[root@jsefler-59server ~]# 




  
Actual results:
look up


Expected results:
There should be no traceback (and redhat.repo cleared) when running yum repolist after unregistering from subscription-manager.

Additional info:
This looks like a re-occurance of Bug 674652
Comment 2 Adrian Likins 2012-08-01 16:07:14 EDT
commit 441f13b5d656f5caf3d93609444c280fd82ec7d8
Author: Adrian Likins <alikins@redhat.com>
Date:   Wed Aug 1 15:23:01 2012 -0400

    838113: 'unregister' was not cleaning up repos
    
    After unregistering, we were running IdentityCertLib update
    actions, which assumed consumer cert existed, and were
    raising exceptions. certmgt.update was not handling
    exceptions there well, and raised them up into
    the UnRegister.do_command, where it was ignored.
    This prevented the rest of the update methods from
    running, which included repolib, so repo's were
    not being cleaned up.
    
    Try to handle exceptions in the update actions
    better (and log them). Also make IdentityCertLib.update
    not fail on unregistered systems.

(patch out for review)
Comment 3 Adrian Likins 2012-08-02 11:26:57 EDT
merged
Comment 5 Shwetha Kallesh 2012-08-07 03:31:27 EDT
Verified!!

RPM used:

[root@dhcp201-115 ~]# rpm -qa | grep subscription-manager
subscription-manager-migration-data-1.11.2.2-1.git.2.c3c8e22.el5
subscription-manager-firstboot-1.0.12-1.git.36.cb30843.el5
subscription-manager-migration-1.0.12-1.git.36.cb30843.el5
subscription-manager-1.0.12-1.git.36.cb30843.el5
subscription-manager-gui-1.0.12-1.git.36.cb30843.el5


[root@dhcp201-115 ~]# subscription-manager register --username=testuser1 --force --org admin
The system with UUID ad74a2b6-79cb-42c0-96aa-5e8fb062ae42 has been unregistered
Password: 
The system has been registered with id: d60411fe-1e48-416d-91fc-fc7e1918d52f 
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/never/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.
[root@dhcp201-115 ~]# subscription-manager list --avail | grep "Pool Id" | head -1
Pool Id:              	8ac1493438fc33ee0138fc34ba0a0253
[root@dhcp201-115 ~]# subscription-manager subscribe --pool 8a90f8753859805a0138598161e70245
Subscription pool 8a90f8753859805a0138598161e70245 does not exist.
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/never/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.

[root@dhcp201-115 ~]# subscription-manager unregister
System has been un-registered.
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
[root@dhcp201-115 ~]# cat /etc/yum.repos.d/redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#
Comment 7 errata-xmlrpc 2013-01-07 22:56:30 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0033.html

Note You need to log in before you can comment on or make changes to this bug.