This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
*** Bug 853857 has been marked as a duplicate of this bug. ***
commit 476d17a29088e9cc9d6a5094bd2cd586f3f49c44 Author: Adrian Likins <alikins> Date: Wed Sep 5 11:40:07 2012 -0400 Add test cases for certmgr.py (and make certlib testable) 852706 needed tests cases, and there was almost no coverage of certmgr.py The various *Lib and *Action classes create a ActionLock() during at class parse time (ie, before the init runs) so we can't really mock out ActionLock. So change certlib to pass in it's own lock to it's invocation of CertLib. Note: Those ActionLock() invocations need to go away, or at least, lock should be a class attribute populated with a ActionLock(), at least that way we would have a reference to it. commit 69be79cdb26a2a1a2b4ea792d27c1a851af9f2fb Author: Adrian Likins <alikins> Date: Wed Sep 5 11:37:55 2012 -0400 852706: Fix server side certs not being deleted client side On a candlepin side consumer cert deletion, we return a 410/GoneException, which certmgr was catching and swallowing. Let that exception bubble up so we handle the GoneException properly.
Verifying Version... [root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm subscription-manager-1.0.23-1.el5 python-rhsm-1.0.10-1.el5 [root@jsefler-rhel59 ~]# subscription-manager register --username=testuser1 --org=admin --serverurl=jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin Password: The system has been registered with id: 37da6f5a-43ed-4940-9f07-fd86563ca009 [root@jsefler-rhel59 ~]# subscription-manager list --avail | grep "Pool Id" | head -2 Pool Id: 8a90f81d3a713d64013a7384365e7973 Pool Id: 8a90f81d3a713d64013a713faa5704cc [root@jsefler-rhel59 ~]# subscription-manager subscribe --pool 8a90f81d3a713d64013a7384365e7973 --pool 8a90f81d3a713d64013a713faa5704cc Successfully consumed a subscription for: The "Ultimate SLA" service level subscription Successfully consumed a subscription for: Shared File System [root@jsefler-rhel59 ~]# subscription-manager identity Current identity is: 37da6f5a-43ed-4940-9f07-fd86563ca009 name: jsefler-rhel59.usersys.redhat.com org name: Admin Owner org id: admin [root@jsefler-rhel59 ~]# ls -l /etc/pki/entitlement/ total 32 -rw------- 1 root root 1679 Oct 18 13:58 5867571267558982210-key.pem -rw-r--r-- 1 root root 1944 Oct 18 13:58 5867571267558982210.pem -rw------- 1 root root 1679 Oct 18 13:58 7098429472854166482-key.pem -rw-r--r-- 1 root root 1956 Oct 18 13:58 7098429472854166482.pem [root@jsefler-rhel59 ~]# curl --stderr /dev/null --insecure --user admin:*** --request DELETE https://jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin/consumers/37da6f5a-43ed-4940-9f07-fd86563ca009 [root@jsefler-rhel59 ~]# subscription-manager identity Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted [root@jsefler-rhel59 ~]# service rhsmcertd restart Stopping rhsmcertd... [ OK ] Starting rhsmcertd... [ OK ] [root@jsefler-rhel59 ~]# subscription-manager identity Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# ************************************* IMPORTANT: Notice that immediately after we restarted rhsmcertd above, subscription-manager identity continues to report that the consumer has been deleted. Due to a change in bug 818978, we must now wait 2 minutes for rhsmcertd to trigger the first cert check. Waiting 2 minutes... ************************************* [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# subscription-manager identity This system is not yet registered. Try 'subscription-manager register --help' for more information. [root@jsefler-rhel59 ~]# ls /etc/pki/consumer ls: /etc/pki/consumer: No such file or directory [root@jsefler-rhel59 ~]# ls /etc/pki/consumer.old/ cert.pem key.pem [root@jsefler-rhel59 ~]# ls /etc/pki/entitlement/ [root@jsefler-rhel59 ~]# VERIFIED: After restarting rhsmcertd and waiting 2 minutes, rhsmcertd handles a GoneException and then moves /etc/pki/consumer to /etc/pki/consumer.old/ and the /etc/pki/entitlement/ is emptied.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0033.html