Description of problem: The feed certs for our repositories imported from a manifest are never updated, even when a new manifest is imported. Thus the certificates from the first ever imported manifest within an org are always used. We need to simply update the Repository object with the new feed and cert from the product when importing a new manifest. Version-Release number of selected component (if applicable): CFSE 1.0, 1.1 Katello ALL How reproducible: Always Steps to Reproduce: 1. Create a distributor within the support portal and download manifest 2. Import the manifest 3. From support portal, delete all subscriptions for that distributor 4. Add same subscriptions back 5. Download and import new manifest into the same org Actual results: Certificates in /etc/pki/pulp/content/ should have been updated from the new manifest. Expected results: Certificates in /etc/pki/pulp/content/ are left over from initial manifest Additional info: This was originally found when someone imported a manifest from ~a year ago and could not sync content even after importing a new manifest. All the certs in /etc/pki/pulp/content/ were expired because they were from the year old manifest. (Expiration time on certs by default from customer portal is 1 year)
https://github.com/Katello/katello/pull/2354
Moving to ON_QA for drop 2.
In the original description I believe i misunderstood where the certs were stored. They are actually stored within the mongodb. The easiest way to look them: # mongo > use pulp_database list the repoids: > db.repos.find({}, {'id':1}) print the private key for the correct repo id: > db.repo_importers.find({'repo_id':'ACME_Corporation-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_6_Server_RPMs_x86_64_6Server'})[0]['config']['ssl_client_key']
as well as under: /var/lib/pulp/working/repos/AwesomeOrg-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_6_Server_RPMs_x86_64_6_4/importers/yum_importer --- they are: ssl_ca_cert; ssl_client_cert; ssl_client_key
requesting sat-6.0.2 as the blocker one is decided to have fixed on sat-6.0.2 it is not a real blocker as worst case the org can be removed and the same scenario could be repeated with the new manifest :)
As per comment #9 and chat with DEV, removing 6.0.1 flag.
getting rid of 6.0.0 version since that doesn't exist
# VERIFIED performing all the steps in comment#0 i was able to see the certificate info updated: ssl_client_cert considering the issue fixed at: --- candlepin-0.8.25-1.el6sam.noarch candlepin-scl-1-5.el6_4.noarch candlepin-scl-quartz-2.1.5-5.el6_4.noarch candlepin-scl-rhino-1.7R3-1.el6_4.noarch candlepin-scl-runtime-1-5.el6_4.noarch candlepin-selinux-0.8.25-1.el6sam.noarch candlepin-tomcat6-0.8.25-1.el6sam.noarch createrepo-0.9.9-21.2.pulp.el6sat.noarch elasticsearch-0.19.9-8.el6sat.noarch katello-1.4.6-21.el6sat.noarch katello-all-1.4.6-21.el6sat.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.4.4-1.el6sat.noarch katello-cli-1.4.3-18.el6sat.noarch katello-cli-common-1.4.3-18.el6sat.noarch katello-common-1.4.6-21.el6sat.noarch katello-configure-1.4.5-9.el6sat.noarch katello-configure-foreman-1.4.5-9.el6sat.noarch katello-configure-foreman-proxy-1.4.5-9.el6sat.noarch katello-foreman-all-1.4.6-21.el6sat.noarch katello-glue-candlepin-1.4.6-21.el6sat.noarch katello-glue-elasticsearch-1.4.6-21.el6sat.noarch katello-glue-pulp-1.4.6-21.el6sat.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-qpid-client-key-pair-1.0-1.noarch katello-selinux-1.4.4-4.el6sat.noarch m2crypto-0.21.1.pulp-8.el6sat.x86_64 mod_wsgi-3.4-1.pulp.el6sat.x86_64 pulp-katello-plugins-0.2-1.el6sat.noarch pulp-nodes-common-2.3.0-0.17.beta.el6sat.noarch pulp-nodes-parent-2.3.0-0.17.beta.el6sat.noarch pulp-puppet-plugins-2.3.0-0.17.beta.el6sat.noarch pulp-rpm-plugins-2.3.0-0.17.beta.el6sat.noarch pulp-selinux-2.3.0-0.17.beta.el6sat.noarch pulp-server-2.3.0-0.17.beta.el6sat.noarch python-isodate-0.5.0-1.pulp.el6sat.noarch python-oauth2-1.5.170-3.pulp.el6sat.noarch python-pulp-bindings-2.3.0-0.17.beta.el6sat.noarch python-pulp-common-2.3.0-0.17.beta.el6sat.noarch python-pulp-puppet-common-2.3.0-0.17.beta.el6sat.noarch python-pulp-rpm-common-2.3.0-0.17.beta.el6sat.noarch python-qpid-0.18-5.el6_4.noarch qpid-cpp-client-0.14-22.el6_3.x86_64 qpid-cpp-client-ssl-0.14-22.el6_3.x86_64 qpid-cpp-server-0.14-22.el6_3.x86_64 qpid-cpp-server-ssl-0.14-22.el6_3.x86_64 ruby193-rubygem-foreman-katello-engine-0.0.14-4.el6sat.noarch ruby193-rubygem-katello-foreman-engine-0.0.7-2.el6sat.noarch ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch signo-katello-0.0.20-3.el6sat.noarch
This was verified and delivered with MDP2. Closing it out.