Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 890000 - Can not auto-subscribe against SAM-20121221.n.1 server
Can not auto-subscribe against SAM-20121221.n.1 server
Status: CLOSED ERRATA
Product: Subscription Asset Manager
Classification: Red Hat
Component: candlepin (Show other bugs)
1.2
Unspecified Linux
unspecified Severity high
: rc
: ---
Assigned To: Jordan OMara
SAM QE List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-24 05:09 EST by xingge
Modified: 2016-09-19 22:27 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 14:21:12 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The manifest that the SAM server use (161.77 KB, application/zip)
2012-12-24 05:11 EST, xingge
no flags Details
subscribe via sam web ui (238.47 KB, image/png)
2012-12-24 22:29 EST, gaoshang
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0544 normal SHIPPED_LIVE Important: Subscription Asset Manager 1.2 update 2013-02-25 23:08:04 EST

  None (edit)
Description xingge 2012-12-24 05:09:17 EST
Description of problem:
After register to the SAM-20121221.n.1 server, auto-subscribe failed

Version-Release number of selected component (if applicable):
katello-cli-common-1.2.1-11h.el6_3.noarch
katello-selinux-1.2.1-1h.el6_3.noarch
katello-headpin-all-1.2.1-10h.el6_3.noarch
katello-headpin-1.2.1-10h.el6_3.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-candlepin-1.2.1-10h.el6_3.noarch
katello-common-1.2.1-10h.el6_3.noarch
katello-configure-1.2.3-1h.el6_3.noarch
katello-cli-1.2.1-11h.el6_3.noarch
katello-certs-tools-1.2.1-1h.el6_3.noarch
candlepin-tomcat6-0.7.23-1.el6_3.noarch
candlepin-0.7.23-1.el6_3.noarch
thumbslug-selinux-0.0.28-1.el6_3.noarch
thumbslug-0.0.28-1.el6_3.noarch
subscription-manager-1.1.14-1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.register to the SAM server
#subscribe-manager register --username=admin
password:
The system has been registered with id: aafa57dc-bd1c-47c5-88c0-9c67f3bd7a6d
2.auto-subscribe some subscription
#subscription-manager subscribe --auto
Installed Product Current Status:
Product Name:         	Red Hat Enterprise Linux Server
Status:               	Not Subscribed

Actual results:
auto-subscribe failed

Expected results:
auto-subscribe should be success

Additional info:
When list available subscriptions it shows:

[root@virtlab-66-84-79 ~]# subscription-manager list --available
+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+
Subscription Name:    	Red Hat Employee Subscription
SKU:                  	SYS0395
Pool Id:              	8ac28c703bcaee4d013bcaf3e76500a1
Quantity:             	50
Service Level:        	None
Service Type:         	None
Multi-Entitlement:    	No
Ends:                 	09/27/2013
System Type:          	Physical

Subscription Name:    	60 Day Supported CloudForms Evaluation
SKU:                  	SER0408
Pool Id:              	8ac28c703bcaee4d013bcaf3e7f600b6
Quantity:             	30
Service Level:        	Premium
Service Type:         	L1-L3
Multi-Entitlement:    	No
Ends:                 	01/01/2013
System Type:          	Physical

Subscription Name:    	Resilient Storage (8 sockets)
SKU:                  	RH1316844
Pool Id:              	8ac28c703bcaee4d013bcaf3e6ab0081
Quantity:             	18
Service Level:        	Layered
Service Type:         	L1-L3
Multi-Entitlement:    	No
Ends:                 	02/24/2013
System Type:          	Physical

Subscription Name:    	Scalable File System (8 sockets)
SKU:                  	RH1416373
Pool Id:              	8ac28c703bcaee4d013bcaf3e86d00c3
Quantity:             	10
Service Level:        	Layered
Service Type:         	L1-L3
Multi-Entitlement:    	No
Ends:                 	02/24/2013
System Type:          	Physical

And when register the Red Hat Employee Subscription which can be autosubscribed at the former sam version with Pool ID it shows:
[root@virtlab-66-84-79 ~]# subscription-manager subscribe --pool=8ac28c703bcaee4d013bcaf3e76500a1
The support of V3 certificates is not enabled on the server and is required for large content set subscription: Red Hat Employee Subscription

It seems that the SAM server doesn't enable V3 certificates.
Comment 1 xingge 2012-12-24 05:11:34 EST
Created attachment 668428 [details]
The manifest that the SAM server use
Comment 2 gaoshang 2012-12-24 22:29:52 EST
Created attachment 668670 [details]
subscribe via sam web ui
Comment 3 gaoshang 2012-12-24 22:31:28 EST
When attach Red Hat Employee Subscription via SAM Web UI, following error message pop up:

    Resources::Candlepin::Consumer: 500 Internal Server Error {"displayMessage":"The support of V3 certificates is not enabled on the server and is required for large content set subscription: Red Hat Employee Subscription"} (POST /candlepin/consumers/803c5e73-014a-4ef1-b718-a730773c579f/entitlements?pool=8ac28c703bcaee4d013bcaf3e76500a1&quantity=1) (RestClient::InternalServerError)
    {"displayMessage":"The support of V3 certificates is not enabled on the server and is required for large content set subscription: Red Hat Employee Subscription"}
    Click here for more details.

see pic attached above.
Comment 4 Michael Stead 2013-01-07 09:59:05 EST
I believe that this is behaving as expected.

By default, candlepin disables cert v3 support. This was done so that candlepin could be released before v3 certificate support was ready, and eliminated the need to disable v3 support on any new deployments.

*The enable/disable v3 support option will eventually be removed, and v3 support will be the norm.*

A check was added to candlepin to not allow attaching a subscription with a large number of content sets. This was because there are issues with using very large certificates on the CDN. This is likely why you could subscribe on older versions of SAM.

Adding the following property to candlepin's config file and restarting tomcat should resolve the issue you are seeing.

candlepin.enable_cert_v3=true


I suggest closing this BZ as NOTABUG.
Comment 5 gaoshang 2013-01-11 01:43:21 EST
(In reply to comment #4)
> I believe that this is behaving as expected.
> 
> By default, candlepin disables cert v3 support. This was done so that
> candlepin could be released before v3 certificate support was ready, and
> eliminated the need to disable v3 support on any new deployments.
> 
> *The enable/disable v3 support option will eventually be removed, and v3
> support will be the norm.*
> 
> A check was added to candlepin to not allow attaching a subscription with a
> large number of content sets. This was because there are issues with using
> very large certificates on the CDN. This is likely why you could subscribe
> on older versions of SAM.
> 
> Adding the following property to candlepin's config file and restarting
> tomcat should resolve the issue you are seeing.
> 
> candlepin.enable_cert_v3=true
> 
> 
> I suggest closing this BZ as NOTABUG.

Thanks Michael, we can enable cert v3 support now on SAM server following your instruction.

1. Add candlepin.enable_cert_v3=true to /etc/candlepin/candlepin.conf 
[root@samserv ~]# cat /etc/candlepin/candlepin.conf 
#
# WARNING: THIS CONFIGURATION WAS GENERATED BY KATELLO-CONFIGURE TOOL,
# CHANGES WILL LIKELY BE OVERWRITTEN.
#

jpa.config.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
jpa.config.hibernate.connection.driver_class=org.postgresql.Driver
jpa.config.hibernate.connection.url=jdbc:postgresql:candlepin
jpa.config.hibernate.hbm2ddl.auto=validate
jpa.config.hibernate.connection.username=candlepin

jpa.config.hibernate.connection.password=$1$6eXPhiSNbY2FDHGNinLamQ==
candlepin.consumer_system_name_pattern = .+
candlepin.environment_content_filtering=false
module.config.katello=org.candlepin.katello.KatelloModule
candlepin.auth.oauth.enabled = true
candlepin.auth.oauth.consumer.katello.secret = 7nfvOrPVyMBRdgi8t3aunBlp27GIj8YZ
candlepin.crl.file = /var/lib/candlepin/candlepin-crl.crl
candlepin.enable_cert_v3=true

candlepin.auth.oauth.consumer.thumbslug.secret = 7nfvOrPVyMBRdgi8t3aunBlp27GIj8YZ

2. restart tomcat
service tomcat6 restart

After cert v3 enable, autosubscribe succeed.
Comment 6 Tom McKay 2013-01-11 09:31:08 EST
katello-configure will be updated to enable cert v3 in SAM installations
Comment 8 gaoshang 2013-01-14 00:51:51 EST
Since katello-configure will be updated to enable cert v3 in SAM installations, I'll verify this bug when new SAM build comes out.
Comment 9 Og Maciel 2013-01-16 16:33:37 EST
Verified:

* candlepin-0.7.23-1.el6_3.noarch
* candlepin-tomcat6-0.7.23-1.el6_3.noarch
* elasticsearch-0.19.9-5.el6_3.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.2.1-1h.el6_3.noarch
* katello-cli-1.2.1-12h.el6_3.noarch
* katello-cli-common-1.2.1-12h.el6_3.noarch
* katello-common-1.2.1-14h.el6_3.noarch
* katello-configure-1.2.3-2h.el6_3.noarch
* katello-glue-candlepin-1.2.1-14h.el6_3.noarch
* katello-headpin-1.2.1-14h.el6_3.noarch
* katello-headpin-all-1.2.1-14h.el6_3.noarch
* katello-selinux-1.2.1-2h.el6_3.noarch
* thumbslug-0.0.28-1.el6_3.noarch
* thumbslug-selinux-0.0.28-1.el6_3.noarch
Comment 11 errata-xmlrpc 2013-02-21 14:21:12 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0544.html

Note You need to log in before you can comment on or make changes to this bug.