Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-101911

Version number reported by /pki/rest/info incorrect and reports the package version of the old RHCS release

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-8.8.0, rhel-8.10
    • pki-core
    • None
    • None
    • Low
    • rhel-idm-cs
    • None
    • None
    • None
    • None
    • None
    • None

      The customer reported (SF support case 04174606) an inconsistency in the version numbers reported by two API endpoints in their upgraded Red Hat Certificate System (RHCS) test environment. The version reported by the /ca/admin/ca/getStatus endpoint matches the expected version (11.6.1-2) for RHCS 10.8, while the version reported by the /pki/rest/info endpoint incorrectly displays the package version of the old RHCS release (10.6). This discrepancy is also observed in the new "v2" API version. The business impact is a potential delay in upgrades due to confusion caused by the incorrect version reporting.

      Actual Issue: The root cause identified by the engineer is that the CS.cfg configuration file is not being updated correctly during the upgrade process, leading to the incorrect version information being reported by the /pki/rest/info endpoint.

       

      After upgrading RHCS environment:

      RHEL 8.8 to 8.10

      RHCS 10.6 to 10.8

      RHDS 11.7 to 11.9

       

      The version numbers reported by two API endpoints differ:

      $ curl -s -k
https://<rhcs-host>:8443/ca/admin/ca/getStatus
{ "Response" : \{ "State" : "1", "Type" : "CA", "Status" : "running", "Version" : "11.6.1-2", "ProductVersion" : "Red Hat Certificate System 10.8.0" }
}

      $ curl -s -k https://<rhcs-host>:8443/pki/rest/info
{"Name":"Red Hat Certificate System 10.8.0","Version":"10.13.0","Attributes":{"Attribute":[]}}

      The version reported by /pki/rest/info is the package version of the old release, RHCS 10.6.

      The same occurs with the new "v2" API version:

      $ curl -s -k https://<rhcs-host>:8443/pki/v2/info
{ "Name" : "Red Hat Certificate System 10.8.0", "Version" : "10.13.0" "Attributes" : \{ "Attribute" : [ ] }
}

      The file where version number is set is /etc/sysconfig/pki-tomcat:

      Proved with the following test:

      1. systemctl stop pki-tomcatd@pki-tomcat.service
      2. vi /etc/sysconfig/pki-tomcat
        set PKI_VERSION=xx.yy.zz
      3. systemctl start pki-tomcatd@pki-tomcat.service
      4. curl -s -k https://<rhcs-host>:8443/pki/rest/info
        {"Name":"Red Hat Certificate System 10.8.0","Version":"xx.yy.zz","Attributes":{"Attribute":[]}}
         

              rhcs-maint RHCS Maintenance
              rhn-support-jramondi Javier Ramon Diaz
              RHCS Maintenance RHCS Maintenance
              IdM CS QE IdM CS QE
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: