957218 – system.certificate_version bump to 3.2 is needed

Bug 957218 - system.certificate_version bump to 3.2 is needed

Summary: system.certificate_version bump to 3.2 is needed

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	5.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Michael Stead
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhsm-rhel510
TreeView+	depends on / blocked

Reported:	2013-04-26 16:14 UTC by John Sefler
Modified:	2013-09-30 23:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	No description necessary
Clone Of:
Environment:
Last Closed:	2013-09-30 23:07:09 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	888866	0	high	CLOSED	[RFE] Customers should be able to use subscriptions with new attributes on old clients	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2013:1332	0	normal	SHIPPED_LIVE	subscription-manager bug fix and enhancement update	2013-09-30 22:49:24 UTC

Internal Links: 888866

Description John Sefler 2013-04-26 16:14:11 UTC

Description of problem:
I believe the new support for core based subscriptions (and possibly stackable RAM subscriptions?) requires that the system.certificate_version fact on subscription-manager 1.8 be bumped from 3.1 to 3.2.

Moreover, the newer candlepin server that will be granting these core based subscriptions (and stackable RAM subscriptions?) also needs to update its check on the system's certificate_version and restrict consumption by systems with  system.certificate_version >= 3.2.


Version-Release number of selected component (if applicable):
[root@rhsm-compat-rhel64 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.8.4-1
subscription-manager: 1.8.6-1.git.4.b3f4bbf.el6
python-rhsm: 1.8.9-1.git.7.214419e.el6
[root@candlepin-compat-rhel64 candlepin]# git show-ref | grep master
fa847bee879571e0e4d14dd59e42ab94b3479bef refs/heads/master

How reproducible:


SUBSCRIPTION-MANAGER BUG:
Steps to Reproduce:
[root@rhsm-compat-rhel64 ~]# subscription-manager facts --list | grep cert
system.certificate_version: 3.1

Expected:
system.certificate_version: 3.2
  

CANDLEPIN BUG:
Steps to Reproduce:
[root@rhsm-compat-rhel64 ~]# echo '{"system.certificate_version":"1.0"}' > /etc/rhsm/facts/override.facts
[root@rhsm-compat-rhel64 ~]# subscription-manager facts --list | grep certsystem.certificate_version: 1.0
[root@rhsm-compat-rhel64 ~]# subscription-manager facts --update
Successfully updated the system facts.
[root@rhsm-compat-rhel64 ~]# subscription-manager list --avail | grep cores-26 -B1 -A1
Subscription Name: Cores Package (26 cores)
SKU:               cores-26
Pool ID:           8a90f8fd3e434291013e434479670653
--
Subscription Name: Cores Package (26 cores)
SKU:               cores-26
Pool ID:           8a90f8fd3e434291013e434479aa065b
[root@rhsm-compat-rhel64 ~]# subscription-manager subscribe --pool 8a90f8fd3e434291013e434479670653
The client must support at least v3.1 certificates in order to use subscription: Cores Package (26 cores). A newer client may be available to address this problem.
[root@rhsm-compat-rhel64 ~]# 

Expected:
The client must support at least v3.2 certificates ....

Comment 1 RHEL Program Management 2013-04-26 16:27:23 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 2 Michael Stead 2013-05-08 15:02:46 UTC

Fixed in master branch.
Commit: c570316b210152a636424aa6bf39f99161b0441a
Available in candlepin-0.8.6-1+

Comment 4 Sharath Dwaral 2013-05-22 19:12:41 UTC

BREW build
# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.8.7-1
subscription-manager: 1.8.8-1.el5
python-rhsm: 1.8.11-1.el5_9


Verification:

# subscription-manager facts --list | grep cert
system.certificate_version: 3.2

Forcing version change to check the error message from candlepin

# echo '{"system.certificate_version":"1.0"}' > /etc/rhsm/facts/override.facts

# subscription-manager facts --update
Successfully updated the system facts.

# subscription-manager facts --list | grep cert
system.certificate_version: 1.0

# subscription-manager list --avail | grep cores-26 -B1 -A1
Subscription Name: Cores Package (26 cores)
SKU:               cores-26
Pool ID:           8a90f8333eccde1f013eccdf656a0486
--
Subscription Name: Cores Package (26 cores)
SKU:               cores-26
Pool ID:           8a90f8333eccde1f013eccdf6553047e

# subscription-manager subscribe --pool 8a90f8333eccde1f013eccdf661904bd
The client must support at least v3.1 certificates in order to use subscription: RAM Limiting Package (2GB stackable). A newer client may be available to address this problem.
                                 ^^^^^^^^^^^^^^^^^                               ^^^^^^^^^^^^^^^^^^^^

# subscription-manager subscribe --pool 8a90f8333eccde1f013eccdf65a40496
The client must support at least v3.2 certificates in order to use subscription: RAM/Cores Package (8GB, 4 cores). A newer client may be available to address this problem.
                                 ^^^^^^^^^^^^^^^^^                               ^^^^^^^^^^^^^^^^^

VERIFIED

Comment 5 Sharath Dwaral 2013-05-22 19:15:23 UTC

Please ignore the misplaced " ^^^^^^^^ "

attempted to highlight the following:

1.   v3.1 displayed when only RAM subscriptions are used
2.   v3.2 displayed when Core based subscriptions are used

Comment 6 John Sefler 2013-07-15 18:58:22 UTC

Note: The expected result verifications displayed in comment 4 have effectively been trumped as irrelevant by the solution for bug 888866.

Comment 9 errata-xmlrpc 2013-09-30 23:07:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1332.html

Note You need to log in before you can comment on or make changes to this bug.