Description of problem: Related to bug 842768 which discusses the use of the new --serverurl option, there is also a new --serverurl option about to appear in rhn-migrate-classic-to-rhsm. The problem I have with this feature/design for both subscription-manager and rhn-migrate-classic-to-rhsm is that it neglects the likelyhood that the server CA certificate corresponding to the --serverurl specified by the user will probably not be on the system and therefore communication will fail. If we are going to raise the ability to set the rhsm.conf values for hostname/port/prefix by using a new --serverurl option, then we should also raise the ability to set the insecure configuration by introducing a new --insecure option too. Note that implementation can be tricky. While it would be nice to automatically set the insecure for serverurl's whose CA certificate is not on the system, it would probably be better to error out the attempt to register/migrate with a message like: Error: There is no server ca certificate installed for serverurl "foo:443/bar". Try specifying --insecure=1 In this manner the user is making a conscious decision to be insecure. Version-Release number of selected component (if applicable): subscription-manager-1.0.11
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
moving out one release.
commit 182019d0b5b197c9227c62559dc73adddb4069f9 Author: Alex Wood <awood> Date: Sat Dec 22 22:27:04 2012 -0500 844411: Add an --insecure option to subscription-manager. Please note that this option is persisted if you run a register command, but not persisted if you run a environments, org, or service-level command.
Fixed in the 1.8.2 version of subscription-manager or python-rhsm
# rpm -qa | egrep "subscription-manager|python-rhsm" python-rhsm-1.8.3-1.el7.x86_64 subscription-manager-gui-1.8.3-1.el7.x86_64 subscription-manager-migration-1.8.3-1.el7.x86_64 subscription-manager-debuginfo-1.8.3-1.el7.x86_64 subscription-manager-1.8.3-1.el7.x86_64 subscription-manager-firstboot-1.8.3-1.el7.x86_64 python-rhsm-debuginfo-1.8.3-1.el7.x86_64 # subscription-manager unregister System has been unregistered. # subscription-manager clean All local data removed # cat /etc/rhsm/rhsm.conf |grep insecure insecure = 0 # subscription-manager register --insecure Username: testuser1 Password: Organization: snowwhite The system has been registered with id: 1d017182-5e98-434c-b777-077cb0a14e6b # cat /etc/rhsm/rhsm.conf |grep insecure insecure = 1 VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1332.html