-
Bug
-
Resolution: Done
-
Normal
-
None
-
None
-
image-builder-2
-
Content Upcoming priorities
-
3
-
None
When building an image in stage set to auto register on boot to insights, the step fails because the config isn't set properly. We need to manually set the baseurl, proxy_hostname, and proxy_port via subman config. The baseurl, proxy_hostname, and proxy_port should be set automatically in the registration step:
subscription-manager config --server.proxy_hostname=squid.corp.redhat.com --server.proxy_port=3128 --rhsm.baseurl=https://stagecdn.redhat.com/
auto registration failure:
[bhouse@rhel-ib ~]$ sudo journalctl -u osbuild-subscription-register.service Oct 28 15:42:58 rhel-ib.test.com systemd[1]: Starting osbuild-subscription-register.service - First-boot service for registering with Red Hat subscription manager and/or insigh> Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: Connecting rhel-ib.test.com to Red Hat. Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: This might take a few seconds. Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: Features preferences: [✓]content, [✓]analytics, [✓]remote-management Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: [𐄂] Cannot connect to Red Hat Subscription Management Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: [𐄂] Skipping generation of Red Hat repository file Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: [𐄂] Skipping connection to Red Hat Insights Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: [𐄂] Skipping activation of yggdrasil service Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: Successfully connected to Red Hat! Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: Manage your connected systems: https://red.ht/connector Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: The following errors were encountered during connect: Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: TYPE STEP ERROR Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: ERROR rhsm cannot connect to Red Hat Subscription Management: error: Server error attempting a POST to /subscription/consumers?owner=18939491&activation_keys=bhouse-test returned status 403 Oct 28 15:42:59 rhel-ib.test.com rhc[1147]: Forbidden: Invalid credentials for request. Oct 28 15:42:59 rhel-ib.test.com systemd[1]: osbuild-subscription-register.service: Main process exited, code=exited, status=1/FAILURE Oct 28 15:42:59 rhel-ib.test.com systemd[1]: osbuild-subscription-register.service: Failed with result 'exit-code'. Oct 28 15:42:59 rhel-ib.test.com systemd[1]: Failed to start osbuild-subscription-register.service - First-boot service for registering with Red Hat subscription manager and/or insights.
/etc/rhsm/rhsm.conf from an image built in stage:
# Red Hat Subscription Manager Configuration File: # Unified Entitlement Platform Configuration [server] # Server hostname: hostname = subscription.rhsm.stage.redhat.com # Server prefix: prefix = /subscription # Server port: port = 443 # Set to 1 to disable certificate validation: insecure = 0 # an http proxy server to use proxy_hostname = # The scheme to use for the proxy when updating repo definitions, if needed # e.g. http or https proxy_scheme = http # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = # host/domain suffix blocklist for proxy, if needed no_proxy = [rhsm] # Content base URL: baseurl = https://cdn.redhat.com # Repository metadata GPG key URL: repomd_gpg_url = # Server CA certificate location: ca_cert_dir = /etc/rhsm/ca/ # Default CA cert to use when generating yum repo configs: repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem # Where the certificates should be stored productCertDir = /etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer # Manage generation of yum repositories for subscribed content: manage_repos = 1 # Refresh repo files with server overrides on every yum command full_refresh_on_yum = 0 # If set to zero, the client will not report the package profile to # the subscription management service. report_package_profile = 1 # The directory to search for subscription manager plugins pluginDir = /usr/share/rhsm-plugins # The directory to search for plugin configuration files pluginConfDir = /etc/rhsm/pluginconf.d # Manage automatic enabling of yum/dnf plugins (product-id, subscription-manager) auto_enable_yum_plugins = 1 # Run the package profile on each yum/dnf transaction package_profile_on_trans = 0 # Inotify is used for monitoring changes in directories with certificates. # Currently only the /etc/pki/consumer directory is monitored by the # rhsm.service. When this directory is mounted using a network file system # without inotify notification support (e.g. NFS), then disabling inotify # is strongly recommended. When inotify is disabled, periodical directory # polling is used instead. inotify = 1 # Write progress messages when waiting for API response. progress_messages = 1 [rhsmcertd] # Interval to run cert check (in minutes): certCheckInterval = 240 # If set to zero, the checks done by the rhsmcertd daemon will not be splayed (randomly offset) splay = 1 # If set to 1, rhsmcertd will not execute. disable = 0 # Set to 1 when rhsmcertd should attempt automatic registration. # Setting this option makes sense only on machines running on public # clouds. Currently only AWS, Azure and GCP are supported auto_registration = 0 # Interval to run auto-registration (in minutes): auto_registration_interval = 60 [logging] default_log_level = INFO # subscription_manager = DEBUG # subscription_manager.managercli = DEBUG # rhsm = DEBUG # rhsm.connection = DEBUG # rhsm-app = DEBUG # rhsmcertd = DEBUG
