Description of problem: For the past several releases, the subscription-manager config module has allowed you to set and remove parameters in all three sections (server,rhsm,rhsmcertd) of the rhsm.conf file even though the parameter is only used in one section. I have see this lead to confusion for the user. The user thinks she has set the hostname, but in reality she set the rhsm.hostname when she should have set the server.hostname. Please remove the extraneous configurations. Version-Release number of selected component (if applicable): [root@jsefler-5 ~]# rpm -q subscription-manager subscription-manager-1.8.14-1.el5 [root@jsefler-5 ~]# rpm -q subscription-manager subscription-manager-1.8.14-1.el5 [root@jsefler-5 ~]# subscription-manager config --list [server] autoattachinterval = [1440] <====== REMOVE baseurl = [https://cdn.redhat.com] <====== REMOVE ca_cert_dir = [/etc/rhsm/ca/] certcheckinterval = [240] <====== REMOVE consumercertdir = [/etc/pki/consumer] <====== REMOVE entitlementcertdir = [/etc/pki/entitlement] <====== REMOVE hostname = subscription.rhn.redhat.com insecure = [0] manage_repos = [1] <====== REMOVE pluginconfdir = [/etc/rhsm/pluginconf.d/] <====== REMOVE plugindir = [/usr/share/rhsm-plugins] <====== REMOVE port = 443 prefix = /subscription productcertdir = [/etc/pki/product] <====== REMOVE proxy_hostname = [] proxy_password = [] proxy_port = [] proxy_user = [] repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] <====== REMOVE report_package_profile = [1] <====== REMOVE ssl_verify_depth = [3] [rhsm] autoattachinterval = [1440] <====== REMOVE baseurl = [https://cdn.redhat.com] ca_cert_dir = [/etc/rhsm/ca/] <====== REMOVE certcheckinterval = [240] <====== REMOVE consumercertdir = [/etc/pki/consumer] entitlementcertdir = [/etc/pki/entitlement] hostname = [localhost] <====== REMOVE insecure = [0] <====== REMOVE manage_repos = [1] pluginconfdir = /etc/rhsm/pluginconf.d plugindir = [/usr/share/rhsm-plugins] port = [8443] <====== REMOVE prefix = [/candlepin] <====== REMOVE productcertdir = [/etc/pki/product] proxy_hostname = [] <====== REMOVE proxy_password = [] <====== REMOVE proxy_port = [] <====== REMOVE proxy_user = [] <====== REMOVE repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] report_package_profile = [1] ssl_verify_depth = [3] <====== REMOVE [rhsmcertd] autoattachinterval = [1440] baseurl = [https://cdn.redhat.com] <====== REMOVE ca_cert_dir = [/etc/rhsm/ca/] <====== REMOVE certcheckinterval = [240] consumercertdir = [/etc/pki/consumer] <====== REMOVE entitlementcertdir = [/etc/pki/entitlement] <====== REMOVE hostname = [localhost] <====== REMOVE insecure = [0] <====== REMOVE manage_repos = [1] <====== REMOVE pluginconfdir = [/etc/rhsm/pluginconf.d/] <====== REMOVE plugindir = [/usr/share/rhsm-plugins] <====== REMOVE port = [8443] <====== REMOVE prefix = [/candlepin] <====== REMOVE productcertdir = [/etc/pki/product] <====== REMOVE proxy_hostname = [] <====== REMOVE proxy_password = [] <====== REMOVE proxy_port = [] <====== REMOVE proxy_user = [] <====== REMOVE repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] <====== REMOVE report_package_profile = [1] <====== REMOVE ssl_verify_depth = [3] <====== REMOVE [] - Default value in use Here are the list of configurations that really matter: [root@jsefler-5 ~]# cat /etc/rhsm/rhsm.conf # Red Hat Subscription Manager Configuration File: # Unified Entitlement Platform Configuration [server] # Server hostname: hostname=subscription.rhn.redhat.com # Server prefix: prefix=/subscription # Server port: port=443 # Set to 1 to disable certificate validation: insecure = 0 # Set the depth of certs which should be checked # when validating a certificate ssl_verify_depth = 3 # Server CA certificate location: ca_cert_dir = /etc/rhsm/ca/ # an http proxy server to use proxy_hostname = # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = [rhsm] # Content base URL: baseurl=https://cdn.redhat.com # Default CA cert to use when generating yum repo configs: repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem # Where the certificates should be stored productCertDir=/etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer # Manage generation of yum repositories for subscribed content: manage_repos = 1 # If set to zero, the client will not report the package profile to # the subscription management service. report_package_profile = 1 # The directory to search for subscription manager plugins pluginDir = /usr/share/rhsm-plugins # The directory to search for plugin configuration files pluginConfDir = /etc/rhsm/pluginconf.d [rhsmcertd] # Interval to run cert check (in minutes): certCheckInterval = 240 # Interval to run auto-attach (in minutes): autoAttachInterval = 1440
commit 4761f79238e0181333296d43beef3cd79e765fb8 Author: ckozak <ckozak> Date: Thu Jul 25 10:46:59 2013 -0400 988476, 988085: fix default hostname, remove excess config list output commit ccb343c6330e16694b0ab9450c216ba3fa42f0cb Author: ckozak <ckozak> Date: Wed Jul 31 12:08:11 2013 -0400 fix config failure
Moving these to ON_QA. The tooling must have missed moving these.
Moving back to POST. These commits were made to python-rhsm (not subscription-manager)
version: # rpm -qa | egrep "subscription-manager|python-rhsm" subscription-manager-1.8.16-1.el5 subscription-manager-debuginfo-1.8.16-1.el5 subscription-manager-migration-data-1.11.3.2-1.git.0.14f9d59.el5 subscription-manager-firstboot-1.8.16-1.el5 python-rhsm-1.8.16-1.el5 subscription-manager-migration-1.8.16-1.el5 python-rhsm-debuginfo-1.8.16-1.el5 subscription-manager-gui-1.8.16-1.el5 Verification: # subscription-manager config --list [server] ca_cert_dir = [/etc/rhsm/ca/] hostname = sharath-candlepin.usersys.redhat.com insecure = [0] port = 8443 prefix = /candlepin proxy_hostname = [] proxy_password = [] proxy_port = [] proxy_user = [] ssl_verify_depth = [3] [rhsm] baseurl = [https://cdn.redhat.com] ca_cert_dir = [/etc/rhsm/ca/] <<<<<<< TO BE REMOVED consumercertdir = [/etc/pki/consumer] entitlementcertdir = [/etc/pki/entitlement] manage_repos = [1] pluginconfdir = [/etc/rhsm/pluginconf.d] plugindir = [/usr/share/rhsm-plugins] productcertdir = [/etc/pki/product] repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] report_package_profile = [1] [rhsmcertd] autoattachinterval = [1440] certcheckinterval = [240] [] - Default value in use Moving back to NEW
This bug is fixed. The output you pointed out shows an ca_cert_dir in both server and rhsm (it is only used in the [rhsm] section), however it is wrong in your config file. If you make the config file valid, it will only appear in [rhsm] the real bug is https://bugzilla.redhat.com/show_bug.cgi?id=993202
As per Comment #6 this bug results in a misconfigured client. Moving back to ON_QA
The following confguration will be installed by a fresh install of subscription-manager (not an upgrade)... [root@jsefler-5 ~]# rpm -q subscription-manager subscription-manager-1.8.20-1.el5 [root@jsefler-5 ~]# subscription-manager config [server] hostname = [subscription.rhn.redhat.com] insecure = [0] port = [443] prefix = [/subscription] proxy_hostname = [] proxy_password = [] proxy_port = [] proxy_user = [] ssl_verify_depth = [3] [rhsm] baseurl = https://cdn.rcm-qa.redhat.com ca_cert_dir = [/etc/rhsm/ca/] consumercertdir = [/etc/pki/consumer] entitlementcertdir = [/etc/pki/entitlement] manage_repos = [1] pluginconfdir = [/etc/rhsm/pluginconf.d] plugindir = [/usr/share/rhsm-plugins] productcertdir = [/etc/pki/product] repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] report_package_profile = [1] [rhsmcertd] autoattachinterval = [1440] certcheckinterval = [240] [] - Default value in use ^ Notice that ca_cert_dir now resides in the [rhsm] section as a result of comment 6 bug 993202 However as demonstrated in comment 5 (and below), if you upgrade subscription-manager, the ca_cert_dir will appear in both [server] and [rhsm] sections of the config --list. The [server].ca_cert_dir will actually be ignored - it's a casualty of war since it remains in place from the old subscription-manager version. The [rhsm].ca_cert_dir is the actual value that now matters and will be used. Unfortunately if you inspect the rhsm.conf, it will not have been changed during the yum update and therefore will still show ca_cert_dir in the [server] section and *not* in the [rhsm] section where it belongs. Also notice below that [rhsmcertd] configuration parameters certfrequency and healfrequency are present in the rhsm.conf but are not actually used - they are also casualties of war - certcheckinterval and autoattachinterval are the names of their new replacements. [root@rhsm-accept-rhel6 ~]# rpm -q subscription-manager subscription-manager-1.8.20-1.el6_4.x86_64 [root@rhsm-accept-rhel6 ~]# subscription-manager config [server] ca_cert_dir = /etc/rhsm/ca/ hostname = subscription.rhn.stage.redhat.com insecure = [0] port = [443] prefix = [/subscription] proxy_hostname = [] proxy_password = [] proxy_port = [] proxy_user = [] ssl_verify_depth = [3] [rhsm] baseurl = [https://cdn.redhat.com] ca_cert_dir = [/etc/rhsm/ca/] consumercertdir = [/etc/pki/consumer] entitlementcertdir = [/etc/pki/entitlement] manage_repos = [1] pluginconfdir = [/etc/rhsm/pluginconf.d] plugindir = [/usr/share/rhsm-plugins] productcertdir = [/etc/pki/product] repo_ca_cert = [/etc/rhsm/ca/redhat-uep.pem] report_package_profile = [1] [rhsmcertd] autoattachinterval = [1440] certcheckinterval = [240] certfrequency = 240 healfrequency = 1440 [] - Default value in use Realize that when development changes are made to the default rhsm.conf file, an upgrade will not change the old rhsm.conf thereby creating the casualty situations described above. This can definitely be a confusing situation for the user. Moving to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1331.html