[Pulp-list] <External> Syncing Red hat Repos entitlement issue
Brian Bouterse
bmbouter at redhat.com
Thu May 28 15:51:48 UTC 2020
One idea to track down which process is editing those certs/files would be
to use auditd or systemtap https://unix.stackexchange.com/a/99091 Just a
thought I wanted to share.
On Thu, May 28, 2020 at 9:18 AM Gravel Bone <gravelbone at gmail.com> wrote:
> In this case the entitlement certs themselves aren't expired from a date
> perspective, they just no longer work connecting to Red Hat. It's more
> like they've been revoked because the server they are on got new
> entitlement certs which is happening automatically, I just have not figured
> out how to prevent that. I've tried turning of rhsmcertd, disabled
> subscription management, and combinations in between.
>
> On Wed, May 27, 2020 at 2:23 PM Brian Bouterse <bmbouter at redhat.com>
> wrote:
>
>> If the certs are short-lived, then there isn't much to do except ask the
>> issuer to give you longer ones. You could inspect the certs more closely I
>> believe using the `rct cat-crt` command. Pulp-certguard has some docs
>> showing an example with that tool
>> https://pulp-certguard.readthedocs.io/en/latest/debugging.html#checking-authorized-urls-in-rhsm-certificates
>>
>> On Wed, May 27, 2020 at 11:20 AM Myers, Mike <Mike.Myers at nike.com> wrote:
>>
>>> We’ve faced that too. I’ve love some deeper insight, but what I’ve
>>> found so far is that “rhsmcertd” process does some sort of check/update on
>>> those certs. We’ve just set a process to pull those from
>>> /etc/pki/entitlement into Pulp when such a failure occurs. It would be
>>> nice if there were a Pulp native way to address this (short of running the
>>> whole Satellite suite)
>>>
>>>
>>>
>>> Cheers,
>>>
>>> *Mike Myers*
>>>
>>>
>>>
>>> *From: *<pulp-list-bounces at redhat.com> on behalf of Gravel Bone <
>>> gravelbone at gmail.com>
>>> *Date: *Wednesday, May 27, 2020 at 5:48 AM
>>> *To: *"pulp-list at redhat.com" <pulp-list at redhat.com>
>>> *Subject: *<External>[Pulp-list] Syncing Red hat Repos entitlement issue
>>>
>>>
>>>
>>> This is probably something straight forward, but my searches have found
>>> nothing...
>>>
>>>
>>>
>>> I pull an entitlement files from our server (well three for three
>>> different subscriptions) and create repos using them to sync the
>>> corresponding Red Hat repository. The problem is, the entitlements seem
>>> to expire about every month. I'm sure it's something I'm missing that
>>> stupid obvious, but google has not been my friend nor has the
>>> documentation...help would be appreciated...
>>> _______________________________________________
>>> Pulp-list mailing list
>>> Pulp-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-list
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20200528/2577323d/attachment.htm>
More information about the Pulp-list
mailing list