Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-105912

Fix redhat-cloud-client-configuration to support the new autoregistration v2 flow

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • redhat-cloud-client-configuration-1-14.el9
    • Yes
    • Critical
    • subs-client-tools
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      The rhsmcertd from subscription-manager RPM uses new autoregistration v2 flow and it introduced new configuration options in rhsm.conf. It is necessary to set these options according new flow. Otherwise, customers will not have access to Red Hat content after start of the VM on supported public cloud.

      What is the impact of this issue to you?

      If this goes live, that means customers will not have access to content from the CDN for up to 1 hours (in the worst case), and would have to manually remove the redhat-cloud-client-configuration-cdn package, and re-enable RHUI as a workaround to be able to access content. This is obviously an issue for users that may want
      to run automation (e.g. kickstarts) that needs access to content almost immediately after booting.

      Please provide the package NVR for which the bug is seen:

      redhat-cloud-client-configuration-cdn-1-13.el10

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. Spin up a RHEL10 3rd party image VM from Azure or AWS.
      2. After a few seconds (maximum 2 minutes), look at the /var/log/rhsm/rhsm.log and /etc/yum.repos.d/redhat.repo

      Expected results

      There is no/minimal delay (a few seconds) between when the VM got autoregistered, and when the SCA cert got updated (fetched for the first time). E.g.:

      2025-05-08 09:04:24,249 [INFO] rhsmcertd-worker:10478:MainThread @rhsmcertd_worker.py:230 - Standard automatic registration was successful.
2025-05-08 09:04:30,646 [INFO] subscription-manager:11024:MainThread @entcertlib.py:108 - certs updated:
Total updates: 1
Found (local) serial# []
Expected (UEP) serial# [1233442352352352]
Added (new)
[sn:1233442352352352 ( Content Access,) @ /etc/pki/entitlement/1233442352352352.pem]
Deleted (rogue):
<NONE>

      The /etc/yum.repos.d/redhat.repo file is populated with repos after the 'certs updated'.

      Actual results

      The VM got autoregistered, but the SCA cert did not get fetched. E.g.:

      2025-05-08T09:06:07.313+00:00 [INFO] rhsmcertd-worker:11406:MainThread @rhsmcertd_worker.py:230 - Standard automatic registration was successful.

      The /etc/yum.repos.d/redhat.repo file is not populated. In this case the 'certs updated' action may happen in up to 4 hours after the registration.

              jhnidek@redhat.com Jiri Hnidek
              jhnidek@redhat.com Jiri Hnidek
              CSI Client Tools Bugs Bot CSI Client Tools Bugs Bot
              Craig Donnelly Craig Donnelly
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: