Loading...

XML

Word

Printable

Type: Bug
Resolution: Can't Do
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.2.0
Component/s: librhsm
Labels:
- MigratedToJIRA
- Triaged

Regression:
None
Severity:
Medium

Pool Team:

sst_cs_software_management
Sub-System Group:

ssg_core_services

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2214451

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

The issue is for entitlement build on OCP, and the workaround is to remove `/etc/rhsm-host`, see https://docs.openshift.com/container-platform/4.13/cicd/builds/running-entitled-builds.html#builds-running-entitled-builds-with-sharedsecret-objects_running-entitled-builds

For rhel-coreos base image we ship `subscription-manager-rhsm-certificates` (but not subscription-manager), if running in container the config file will be set by default `/etc/rhsm-host/rhsm.conf`(which does not exist), then we get the repo ca cert file is `/etc/rhsm-host/ca/redhat-uep.pem` (this file is existed).

According to code(https://github.com/rpm-software-management/librhsm/blob/5e0674cf389f14174208641ec411ba7be448d5e3/rhsm/rhsm-context.c#L542), check conf is under `/etc/rhsm-host`, will update ca cert dir from `/etc/rhsm` to `/etc/rhsm-host`, and finally get `/etc/rhsm-host-host/ca/redhat-uep.pem`, the path is not correct and fail.

Before replace:
conf=/etc/rhsm-host/rhsm.conf, ca=/etc/rhsm-host/ca, repo=/etc/rhsm-host/ca/redhat-uep.pem
After replace:
conf=/etc/rhsm-host/rhsm.conf, ca=/etc/rhsm-host-host/ca, repo=/etc/rhsm-host-host/ca/redhat-uep.pem

Version-Release number of selected component (if applicable):
RHEL 9.2

How reproducible:
100%

Steps to Reproduce:
See https://issues.redhat.com/browse/OCPBUGS-11181?focusedId=22365428&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-22365428

Actual results:
bash-5.1# rpm-ostree install libreswan
error: Updating rpm-md repo 'rhel-9-for-x86_64-baseos-rpms': cannot update repo 'rhel-9-for-x86_64-baseos-rpms': Cannot download repomd.xml: Curl error (77): Problem with the SSL CA cert (path? access rights?) for https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/repodata/repomd.xml [error setting certificate file: /etc/rhsm-host-host/ca/redhat-uep.pem]

Expected results:
Install libreswan successfully.

Additional info:

For latest ubi9 container image, the issue is gone as fixed with BZ#2108549 (from subscription-manager side).
See Derrick's comment https://issues.redhat.com/browse/OCPBUGS-11181?focusedId=22181117&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-22181117

For ubi8 container image, the issue is existed.

blocks

OCPBUGS-11181 add entitlement symlinks

Closed

relates to

RHEL-14224 Stop replacing /etc/rhsm-host/ca to /etc/rhsm-host-host/ca if ca cert dir is already under /etc/rhsm-host

Closed

external trackers

Red Hat Issue Tracker RHELPLAN-159685

links to

entitlement symlinks

openshift/os#1372: rhsm: add `rhsm.conf` which is from `subscription-manager`

Assignee:: packaging-team-maint

Reporter:: Huijing Hei

Developer:: packaging-team-maint

QA Contact:: Software Management QE

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2023/08/17 11:58 AM

Updated:: 2024/09/06 12:33 AM

Resolved:: 2023/09/20 6:58 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates