Bug 908026 - Feed certs from new manifest are never updated in pulp
Summary: Feed certs from new manifest are never updated in pulp
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Content Management
Version: 6.0.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Justin Sherrill
QA Contact: Garik Khachikyan
URL:
Whiteboard:
Depends On: 971445
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-02-05 17:03 UTC by Justin Sherrill
Modified: 2019-09-25 21:10 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-24 17:07:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Justin Sherrill 2013-02-05 17:03:47 UTC
Description of problem:
The feed certs for our repositories imported from a manifest are never updated, even when a new manifest is imported.  Thus the certificates from the first ever imported manifest within an org are always used.  

We need to simply update the Repository object with the new feed and cert from the product when importing a new manifest.


Version-Release number of selected component (if applicable):
CFSE 1.0, 1.1   Katello ALL

How reproducible:
Always

Steps to Reproduce:
1.  Create a distributor within the support portal and download manifest
2.  Import the manifest
3.  From support portal, delete all subscriptions for that distributor
4.  Add same subscriptions back
5.  Download and import new manifest into the same org
  
Actual results:
Certificates in /etc/pki/pulp/content/  should have been updated from the new manifest.

Expected results:
Certificates in /etc/pki/pulp/content/ are left over from initial manifest

Additional info:
This was originally found when someone imported a manifest from ~a year ago and could not sync content even after importing a new manifest.  All the certs in /etc/pki/pulp/content/  were expired because they were from the year old manifest.  (Expiration time on certs by default from customer portal is 1 year)

Comment 3 Justin Sherrill 2013-05-23 13:28:40 UTC
https://github.com/Katello/katello/pull/2354

Comment 5 Sam Kottler 2013-05-23 23:41:11 UTC
Moving to ON_QA for drop 2.

Comment 7 Justin Sherrill 2013-06-06 13:33:07 UTC
In the original description I believe i misunderstood where the certs were stored.  They are actually stored within the mongodb.  

The easiest way to look them:

# mongo
> use pulp_database

list the repoids:
> db.repos.find({}, {'id':1})


print the private key for the correct repo id:
> db.repo_importers.find({'repo_id':'ACME_Corporation-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_6_Server_RPMs_x86_64_6Server'})[0]['config']['ssl_client_key']

Comment 8 Garik Khachikyan 2013-06-06 13:39:51 UTC
as well as under:
/var/lib/pulp/working/repos/AwesomeOrg-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_6_Server_RPMs_x86_64_6_4/importers/yum_importer

---
they are: ssl_ca_cert; ssl_client_cert; ssl_client_key

Comment 9 Garik Khachikyan 2013-06-18 14:06:08 UTC
requesting sat-6.0.2 as the blocker one is decided to have fixed on sat-6.0.2

it is not a real blocker as worst case the org can be removed and the same scenario could be repeated with the new manifest :)

Comment 10 Og Maciel 2013-06-18 19:12:24 UTC
As per comment #9 and chat with DEV, removing 6.0.1 flag.

Comment 11 Mike McCune 2013-08-16 17:52:31 UTC
getting rid of 6.0.0 version since that doesn't exist

Comment 12 Garik Khachikyan 2013-10-09 14:24:48 UTC
# VERIFIED

performing all the steps in comment#0 i was able to see the certificate info updated: ssl_client_cert

considering the issue fixed at:
---
candlepin-0.8.25-1.el6sam.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.8.25-1.el6sam.noarch
candlepin-tomcat6-0.8.25-1.el6sam.noarch
createrepo-0.9.9-21.2.pulp.el6sat.noarch
elasticsearch-0.19.9-8.el6sat.noarch
katello-1.4.6-21.el6sat.noarch
katello-all-1.4.6-21.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-cli-1.4.3-18.el6sat.noarch
katello-cli-common-1.4.3-18.el6sat.noarch
katello-common-1.4.6-21.el6sat.noarch
katello-configure-1.4.5-9.el6sat.noarch
katello-configure-foreman-1.4.5-9.el6sat.noarch
katello-configure-foreman-proxy-1.4.5-9.el6sat.noarch
katello-foreman-all-1.4.6-21.el6sat.noarch
katello-glue-candlepin-1.4.6-21.el6sat.noarch
katello-glue-elasticsearch-1.4.6-21.el6sat.noarch
katello-glue-pulp-1.4.6-21.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
m2crypto-0.21.1.pulp-8.el6sat.x86_64
mod_wsgi-3.4-1.pulp.el6sat.x86_64
pulp-katello-plugins-0.2-1.el6sat.noarch
pulp-nodes-common-2.3.0-0.17.beta.el6sat.noarch
pulp-nodes-parent-2.3.0-0.17.beta.el6sat.noarch
pulp-puppet-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-selinux-2.3.0-0.17.beta.el6sat.noarch
pulp-server-2.3.0-0.17.beta.el6sat.noarch
python-isodate-0.5.0-1.pulp.el6sat.noarch
python-oauth2-1.5.170-3.pulp.el6sat.noarch
python-pulp-bindings-2.3.0-0.17.beta.el6sat.noarch
python-pulp-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-puppet-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-rpm-common-2.3.0-0.17.beta.el6sat.noarch
python-qpid-0.18-5.el6_4.noarch
qpid-cpp-client-0.14-22.el6_3.x86_64
qpid-cpp-client-ssl-0.14-22.el6_3.x86_64
qpid-cpp-server-0.14-22.el6_3.x86_64
qpid-cpp-server-ssl-0.14-22.el6_3.x86_64
ruby193-rubygem-foreman-katello-engine-0.0.14-4.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.7-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch
signo-katello-0.0.20-3.el6sat.noarch

Comment 13 Bryan Kearney 2014-04-24 17:07:43 UTC
This was verified and delivered with MDP2. Closing it out.


Note You need to log in before you can comment on or make changes to this bug.