Katello-4.2.0.rc1-1 Registering a CentOS 8 content host results in Build:"Pending" Status/Unkown Subscription

Problem:

Here’s a picture of the issue:

build772×199 34.3 KB

After successfully kickstarting a new host, I tried to register it as a content host and found that the registration process changed the “Build:” status from “Installed” to “Pending Installation”

I spent some time looking at what happens when you run the registration script, i.e the one that is generated via “Hosts > Register Host” in the GUI.

Here is what I found: (Followed by a poor workaround I would like to improve)

So I generate my registration script, looks something like this

btw, I’m unconcerned about these credentials this is a lab

curl -sS  'https://lab0l25.virtual.home.arpa:9090/register?activation_keys=CentOS8&lifecycle_environment_id=2&location_id=2&operatingsystem_id=2&organization_id=1&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MzE3NzQ5OTksImp0aSI6Ijc5OWYyYjYwZGFlMDk2YmM1ODMxOGM5MDYwZDI4Zjc4MjkxYWQ5N2I2NzUzYjI4OWYyNmE4NWFjZTBhMGM2NGUiLCJleHAiOjE2MzE3ODkzOTksInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.0O1fyi0YWzLCz4yiRGmDqePTx9tBpPWxjA60aWSz-Ro' | bash

I run the above on the host that I’m registering as a content host.

At the point in the script that this function:

   register_katello_host(){
        UUID=$(subscription-manager identity | head -1 | awk '{print $3}')
        curl --silent --show-error --cacert $SSL_CA_CERT --request POST "https://lab0l25.virtual.home.arpa:9090/register" \
             --data "uuid=$UUID" \
             -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MzE3NDgyNDgsImp0aSI6IjFmNWNkMDBhZGVjZjFkNWY1NDQwYTEwZDZkMjY2ZTE2NGYzMDAwNDc3NDVhOWFlMTk0YzM4Nzk0ZjYxMDI1ZDUiLCJleHAiOjE2MzE3NjI2NDgsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9._up0suoZrVH0n2MYRl4o55lAdAxcx3c93GVpS4-gvSg' \
          --data 'host[organization_id]=1' \
          --data 'host[location_id]=2' \
          --data 'host[lifecycle_environment_id]=2' \
          --data 'update_packages=false' \

}

Is piped into bash here:

register_katello_host | bash

The build status changes from “Installed” to “Pending Installation”

Which should be fine, as long as it gets set back.

Well, unfortunately it doesn’t

This function:

foreman_curl() {
  curl --silent --show-error --cacert $SSL_CA_CERT -o /dev/null --noproxy \* "$@"
}

Is called here:

foreman_curl 'https://lab0l25.virtual.home.arpa:9090/unattended/built?token=467dfb68-aef9-4ef3-8ec1-25ae5de19e24'

But the problem is the API that is listening on port 9090 doesn’t handle /unattended/built?token=xxx

It instead just responds with:

Requested url was not found

If i clone/modify the “Linux host_init_config default” template:

From:

foreman_curl '<%= foreman_url('built') %>'

To:

foreman_curl '<%= foreman_server_url %>/unattended/built?token=<%= @host.token %>'

This fixes the issue because it is no longer using port 9090 and instead uses port 443

I’m guessing the reason <%= foreman_url(‘built’) %>’ returns a URL with 9090 is related to the fact that that the curl that initially changed the build status from installed to pending was pointed at port 9090, but i don’t really know.

curl --silent --show-error --cacert $SSL_CA_CERT --request POST "https://lab0l25.virtual.home.arpa:9090/register" \

ok, on to my second issue.

At the same time the build status was changed from installed to pending, the Subscription Status changed from “Fully Entitled” to “Unkown Subsctiption Status”

In the “Linux host_init_config default” I see where it’s trying to do something with the subscription status

echo "Refreshing subscription data"
subscription-manager refresh

This does run without errors but it doesn’t fix the Subscription status

I ended up going with a drastic solution and adding this to the “Linux host_init_config default”

echo "Resetting Activation Key"
organizationid=$(subscription-manager identity | grep "^org ID:")
organizationid="${organizationid#org ID: }"
organizationid=$(echo "$organizationid" | awk '{ sub(/^[ \t]+/, ""); print }')

activationkey=$(subscription-manager list --consumed | grep "^Subscription Name:")
activationkey="${activationkey#Subscription Name:}"
activationkey=$(echo "$activationkey" | awk '{ sub(/^[ \t]+/, ""); print }')

subscription-manager register --force --org="$organizationid" --activationkey="$activationkey"

This fixed the “Unkown Subsctiption Status” and coupled with the other fix, all my immediate problems were solved.

That being said, are these bugs?

Should port 9090 be able to accept /unattended/built?
Is there a better way to resolve Foreman seeing the status of my content hosts as “Unkown Subsctiption Status”

Disclaimer: This hacks were suited for my lab, this is not advice to run these fixes in a production environment.

Expected outcome:

I expected the content host registration to not leave my Content Host with a build status of “Pending Installation”
I expected the content host registration to not leave my Content Hist with a subscription status of “Unknown Subscription Status”

Foreman and Proxy versions:

katello-4.2.0.rc1-1.el8.noarch
foreman-3.0.0-1.el8.noarch

Foreman and Proxy plugin versions:
Default install, no extra plugins

foreman-installer --scenario katello --foreman-proxy-tftp true --foreman-proxy-dhcp true --foreman-proxy-dhcp-nameservers 192.168.122.1

Distribution and version:

Foreman Host: CentOS Linux release 8.4.2105
Content Host: CentOS Linux release 8.4.2105

Other relevant data:

Interestingly Rocky 8 Content Hosts do not have their build status set to pending when this runs:

register_katello_host | bash

I did have to change a line in the global_registration.erb to get to a point where I could test rocky builds, but that aside it’s strange that the “pending installation” issue doesn’t manifest on rocky hosts.

The port 9090 issue didn’t disappear though, but since the build status wasn’t changed it doesn’t matter.
Furthermore the “Subscription:” remained at “Fully Entitled” so no issue there either.

So for the first issue, since you seem to be assigning the content smart proxy to the host, it tries to use that to proxy the registration request. For that to work, you must enable the registration feature on that proxy. Check /etc/foreman-proxy/settings.d/registration.yml and see if it has enabled: https. You may also need to enable the templates module, again check /etc/foreman-proxy/settings.d/templates.yml.

cc @lstejskal

@Marek_Hulan

I can confirm that I am now able to curl port 9090 and set the build as installed using the default templates. Thank you.

/etc/foreman-proxy/settings.d/registration.yml, No change was needed it was as you described

/etc/foreman-proxy/settings.d/templates.yml
I set:

 :enabled: true

then restarted foreman

Now it’s just the “Unknown subscription status” problem, any ideas on that one?

Unsurprisingly, since Rocky’s Build status flag isn’t changed when the register_katello_host scripts runs I get:

Failed to proxy /built for {"token"=>"8816f5c0-6117-481d-a286-59a2c62c5d1f", "kind"=>"built"}: Error retrieving unattended/built for {"token"=>"8816f5c0-6117-481d-a286-59a2c62c5d1f", "url"=>"http://lab0l25.virtual.home.arpa:8000"} from lab0l25.virtual.home.arpa: Net::HTTPNotFound

Since Rocky isn’t officially supported, I guess I’m on my own for figuring out why the flag isn’t set like CentOS 8s.

Again, let me know if you have any ideas on the “Subscription” status changing without me having to run that workaround.

Thanks again

My guess would be the activation key & synced repositories that you used for registering CentOS machine. Could you share output of terminal when you ran the registration command? Maybe there will be some useful messages from subscription-manager.

Build status is changed for every machine registered to the Foreman, including Rocky Linux. If the status is still Pending installation after host is registered, there have been some problem with reporting the status back to Foreman.
This have been fixed in this PR: https://github.com/theforeman/foreman/pull/8448

You shouldn’t need to restart after changing foreman-proxy. It’s actually foreman-proxy you need to restart. However, I’d strongly recommend to use the installer to make changes. In this case foreman-installer --foreman-proxy-templates true. That will also refresh the features on Foreman.

Providing that output you had asked for

I will be running through the registration process manually, so that I can take Screenshots at the various stages of the registration, to hopefully properly demonstrate what I’m trying to describe.

First the CentOS 8 host:

The repo I’ve synced from has not been modified in any way, it’s a normal public mirror.

The content view contains BaseOS and Appstream,

The activation key is created and I’ve attached the subscription to the content view.

I’ll pick up just after performing the kickstart to a new CentOS 8 host.

CentOS_8-Before-Registration725×154 16.5 KB

First I navigated to “Hosts” > “Register Host”, filled out the menu and generated the registration script.

# Rendered with following template parameters:
# User: [admin]
# Organization: [Default Organization]
# Location: [Default Location]
# Operating system: [CentOS_Linux 8]
# Update packages: [false]
# Lifecycle environment id: [2]
# Activation keys: [CentOS8]

Will be running through the registration script manually to capture what happens

[root@lab0l40 ~]# curl -sS --insecure 'https://lab0l25.virtual.home.arpa:9090/register?activation_keys=CentOS8&lifecycle_environment_id=2&location_id=2&operatingsystem_id=2&organization_id=1&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MzE5MjQ4ODEsImp0aSI6Ijg0ZWQzOWUxZTRlYmIyZjdlOWUyYjIxZDc1ZGM3NDU1MDE4MWEzMmUwNWMzMGE2MWYzZjU3ZDkzZTJjYzI3YTQiLCJleHAiOjE2MzE5MzkyODEsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.TIi0HGQmSuHgpMqPa2uDndIVNrpRosiJUENYFSqj0Jc' > Script-1.sh

[root@lab0l40 ~]# if ! [ $(id -u) = 0 ]; then
>     echo "Please run as root"
>     exit 1
> fi
[root@lab0l40 ~]# 
[root@lab0l40 ~]# if [ -f /etc/os-release ] ; then
>   . /etc/os-release
> fi
[root@lab0l40 ~]# 
[root@lab0l40 ~]# SSL_CA_CERT=$(mktemp)
[root@lab0l40 ~]# cat << EOF > $SSL_CA_CERT
> -----BEGIN CERTIFICATE-----
> MIIHCDCCBPCgAwIBAgIUGEUFe2k+B4C64AjdigHqT6mBC7IwDQYJKoZIhvcNAQEL
> BQAwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
> A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
> Z1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFycGEwHhcNMjEw
> OTE3MTMzNjM1WhcNMzgwMTE4MTMzNjM1WjCBhDELMAkGA1UEBhMCVVMxFzAVBgNV
> BAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdL
> YXRlbGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEiMCAGA1UEAwwZbGFiMGwyNS52
> aXJ0dWFsLmhvbWUuYXJwYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
> ALeQ1N/cc7zOLo+nMB7oYtzBtfBX0Czf2DsqsayqEjrn259P42tBzKRaXIh16jsO
> qsaCUMyR4j9PaJUM/V2voc0sczPpmHhXRfjNF42ilUEcOaeOlpJtIzJOiC+GTEz5
> O3sh4Qg9dvA2CKiPnBO6nzgZizXu1MoxdsqgKUVU3pDS6b/HaOQykem5TZ0pUzjw
> s9NzMXxauz/PkwfnyxyE3v58FjWaReYTWG2dDe7bAFf2QMP6qnA7FXzvH7BXxGr5
> BMGYNwB7k4nBc1vnJzSWlcGbmRuXe1wvm+9nt6nNAI1RKPzyXR+LrUjRAMJ0pOqD
> 8rtRQzTFnKrFUnLlIY6HG4exs+vIkLdyt5n/F0PgvWIovqoQIbZQKha3xQFQHSXb
> aFGPRatxuSYsG9PG3sDH1tKeAQOgAmxBas4PGp1APw450rRr5YPE6HqYqfqX2UDM
> PvEwtkAUIHVR+Ns+O1yIoN7WaTPhCZMBK1R29/sgZDo/JBnTHX3IQZPTVMI6dvBA
> KkN7WvQaKh7zzpVtdYmJ80iplIjx1AzvGs6bMqH5W+zLrCtnDRhwGkcKHop/vGO4
> Mw+LpBVAUzeu6cEI09FFUEi3WPtpQrCigSHEH/MFf1mfPeFR86O+io6xMhFGB7CH
> M8+pwkSneBRagm9S4AMECoFLlO9CkDWI9G9seFo99DohAgMBAAGjggFuMIIBajAM
> BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
> KwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRl
> bGxvIFNTTCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtP6E
> rnj12F97EfWEmlwzn+uZCGQwgcQGA1UdIwSBvDCBuYAUtP6Ernj12F97EfWEmlwz
> n+uZCGShgYqkgYcwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJv
> bGluYTEQMA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UE
> CwwLU29tZU9yZ1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFy
> cGGCFBhFBXtpPgeAuuAI3YoB6k+pgQuyMA0GCSqGSIb3DQEBCwUAA4ICAQBH+2W4
> gAQtEgsjsK2SbL7V51qaLZcfqRNgzpwv0sPFl18ieGN/NxRcJ0lhyGFq2dApTevu
> y7i/2CIALxYXK4nlFjHZqr9gYXw4T1MBDKSS0kxG+pWqkcXeGJ/Z2YjoeeZ+yFSd
> 7DZtJbEymQ9ltDqMkJHHtv1pqsHHF/6Y6sc6YCcyS+9YxXXC77gEOgV+rJToHSHJ
> eaJ6a+MAoT/uleh4CyyNvzdUdqejnl0tjpsAK3968Uo5YznFaeivV2jrX9a3iDmm
> B+RSBV3RIirsSinuXG+0s8RLHrEqwXxvzysenV1AHq2fpbx4ebL3pc8NzRndMQDD
> uAH5boMGzBC7Z5QPIHtWhmz87/mdRRteWOKqDtKCDomDYWIYB4swmcBcPm690iDI
> YGmSd7FGjG+dnOAtZ1VqYlIaCn+B01E/WQ3vGly5LHC1WQGzb0MCDGLXZpRCryxf
> Ncntq6Fwu1QfaDvuTY+HQbJTq3WzLbKHNcojPqjdpo/LstiFJBh6qLXA18kZR73B
> vF7U+aaDuJjd5M+6GMA7DqFdtum5GU/iZvCRpBNiDTSdDCe5r8nF78PahxHJ4kl7
> cm62EEFoJdTW4O4tYTfKCDOQLVXI7r7zlFB1CmoVu0ODvhtI2zYZd4c+b6D4C7yU
> VwFi+zVpo7zqQVXHdxcLMSUEWdF0LLgD9yJ9tg==
> -----END CERTIFICATE-----
> 
> EOF
[root@lab0l40 ~]#     register_katello_host(){
>         UUID=$(subscription-manager identity | head -1 | awk '{print $3}')
>         curl --silent --show-error --cacert $SSL_CA_CERT --request POST "https://lab0l25.virtual.home.arpa:9090/register" \
>              --data "uuid=$UUID" \
>              -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MzE5MjQ5MDgsImp0aSI6IjMwY2I1M2ZmMjYyMzgzMDUyOTRmNjU1MDM2YTY1NDg2YmE5OTk5YWQ3N2I3NWIzYmRlY2NkNjM2MDQyYTJiMjEiLCJleHAiOjE2MzE5MzkzMDgsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.OGT8SP2DT90GASeA4_gDVNfzO4H45B2SmNIO9J2zwEg' \
>           --data 'host[organization_id]=1' \
>           --data 'host[location_id]=2' \
>           --data 'host[lifecycle_environment_id]=2' \
>           --data 'update_packages=false' \
> 
> }
[root@lab0l40 ~]# CONSUMER_RPM=$(mktemp --suffix .rpm)
[root@lab0l40 ~]# curl --silent --show-error --output $CONSUMER_RPM http://lab0l25.virtual.home.arpa/pub/katello-ca-consumer-latest.noarch.rpm
[root@lab0l40 ~]# yum localinstall $CONSUMER_RPM -y
Last metadata expiration check: 1:29:02 ago on Fri 17 Sep 2021 11:01:55 PM UTC.
Dependencies resolved.
=============================================================================================================================================
 Package                                                   Architecture       Version                         Repository                Size
=============================================================================================================================================
Installing:
 katello-ca-consumer-lab0l25.virtual.home.arpa             noarch             1.0-1                           @commandline              10 k
Installing dependencies:
 dnf-plugin-subscription-manager                           x86_64             1.28.13-3.el8_4                 baseos                   292 k
 python3-chardet                                           noarch             3.0.4-7.el8                     baseos                   195 k
 python3-dmidecode                                         x86_64             3.12.2-15.el8                   baseos                    94 k
 python3-ethtool                                           x86_64             0.14-3.el8                      baseos                    45 k
 python3-idna                                              noarch             2.5-5.el8                       baseos                    97 k
 python3-iniparse                                          noarch             0.4-31.el8                      baseos                    49 k
 python3-inotify                                           noarch             0.9.6-13.el8                    baseos                    57 k
 python3-librepo                                           x86_64             1.12.0-3.el8                    baseos                    52 k
 python3-libxml2                                           x86_64             2.9.7-9.el8_4.2                 baseos                   237 k
 python3-pysocks                                           noarch             1.6.8-3.el8                     baseos                    34 k
 python3-requests                                          noarch             2.20.0-2.1.el8_1                baseos                   123 k
 python3-subscription-manager-rhsm                         x86_64             1.28.13-3.el8_4                 baseos                   366 k
 python3-urllib3                                           noarch             1.24.2-5.el8                    baseos                   177 k
 subscription-manager                                      x86_64             1.28.13-3.el8_4                 baseos                   1.1 M
 subscription-manager-rhsm-certificates                    x86_64             1.28.13-3.el8_4                 baseos                   260 k
 usermode                                                  x86_64             1.113-1.el8                     baseos                   202 k

Transaction Summary
=============================================================================================================================================
Install  17 Packages

Total size: 3.4 M
Total download size: 3.4 M
Installed size: 10 M
Downloading Packages:
(1/16): python3-chardet-3.0.4-7.el8.noarch.rpm                                                               273 kB/s | 195 kB     00:00    
(2/16): python3-ethtool-0.14-3.el8.x86_64.rpm                                                                500 kB/s |  45 kB     00:00    
(3/16): python3-idna-2.5-5.el8.noarch.rpm                                                                    1.0 MB/s |  97 kB     00:00    
(4/16): python3-iniparse-0.4-31.el8.noarch.rpm                                                               607 kB/s |  49 kB     00:00    
(5/16): python3-inotify-0.9.6-13.el8.noarch.rpm                                                              641 kB/s |  57 kB     00:00    
(6/16): python3-librepo-1.12.0-3.el8.x86_64.rpm                                                              590 kB/s |  52 kB     00:00    
(7/16): python3-libxml2-2.9.7-9.el8_4.2.x86_64.rpm                                                           1.3 MB/s | 237 kB     00:00    
(8/16): python3-pysocks-1.6.8-3.el8.noarch.rpm                                                               392 kB/s |  34 kB     00:00    
(9/16): python3-requests-2.20.0-2.1.el8_1.noarch.rpm                                                         1.3 MB/s | 123 kB     00:00    
(10/16): python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64.rpm                                        2.0 MB/s | 366 kB     00:00    
(11/16): python3-urllib3-1.24.2-5.el8.noarch.rpm                                                             1.7 MB/s | 177 kB     00:00    
(12/16): python3-dmidecode-3.12.2-15.el8.x86_64.rpm                                                           48 kB/s |  94 kB     00:01    
(13/16): subscription-manager-1.28.13-3.el8_4.x86_64.rpm                                                     4.4 MB/s | 1.1 MB     00:00    
(14/16): usermode-1.113-1.el8.x86_64.rpm                                                                     415 kB/s | 202 kB     00:00    
(15/16): dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64.rpm                                           92 kB/s | 292 kB     00:03    
(16/16): subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64.rpm                                   132 kB/s | 260 kB     00:01    
---------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                        784 kB/s | 3.4 MB     00:04     
warning: /var/cache/dnf/baseos-929b586ef1f72f69/packages/dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - BaseOS                                                                                      1.6 MB/s | 1.6 kB     00:00    
Importing GPG key 0x8483C65D:
 Userid     : "CentOS (CentOS Official Signing Key) <security@centos.org>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                     1/1 
  Installing       : python3-iniparse-0.4-31.el8.noarch                                                                                 1/17 
  Installing       : usermode-1.113-1.el8.x86_64                                                                                        2/17 
  Installing       : subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64                                                      3/17 
  Installing       : python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64                                                           4/17 
  Installing       : python3-pysocks-1.6.8-3.el8.noarch                                                                                 5/17 
  Installing       : python3-urllib3-1.24.2-5.el8.noarch                                                                                6/17 
  Installing       : python3-libxml2-2.9.7-9.el8_4.2.x86_64                                                                             7/17 
  Installing       : python3-dmidecode-3.12.2-15.el8.x86_64                                                                             8/17 
  Installing       : python3-librepo-1.12.0-3.el8.x86_64                                                                                9/17 
  Installing       : dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64                                                            10/17 
  Installing       : python3-inotify-0.9.6-13.el8.noarch                                                                               11/17 
  Installing       : python3-idna-2.5-5.el8.noarch                                                                                     12/17 
  Installing       : python3-ethtool-0.14-3.el8.x86_64                                                                                 13/17 
  Installing       : python3-chardet-3.0.4-7.el8.noarch                                                                                14/17 
  Installing       : python3-requests-2.20.0-2.1.el8_1.noarch                                                                          15/17 
  Installing       : subscription-manager-1.28.13-3.el8_4.x86_64                                                                       16/17 
  Running scriptlet: subscription-manager-1.28.13-3.el8_4.x86_64                                                                       16/17 
chmod: cannot access '/etc/pki/entitlement/*.pem': No such file or directory

  Installing       : katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                        17/17 
  Running scriptlet: katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                        17/17 

WARNING

The yum/dnf plugins: /etc/dnf/plugins/subscription-manager.conf were automatically enabled for the benefit of Red Hat Subscription Management. If not desired, use "subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior.


  Verifying        : dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64                                                             1/17 
  Verifying        : python3-chardet-3.0.4-7.el8.noarch                                                                                 2/17 
  Verifying        : python3-dmidecode-3.12.2-15.el8.x86_64                                                                             3/17 
  Verifying        : python3-ethtool-0.14-3.el8.x86_64                                                                                  4/17 
  Verifying        : python3-idna-2.5-5.el8.noarch                                                                                      5/17 
  Verifying        : python3-iniparse-0.4-31.el8.noarch                                                                                 6/17 
  Verifying        : python3-inotify-0.9.6-13.el8.noarch                                                                                7/17 
  Verifying        : python3-librepo-1.12.0-3.el8.x86_64                                                                                8/17 
  Verifying        : python3-libxml2-2.9.7-9.el8_4.2.x86_64                                                                             9/17 
  Verifying        : python3-pysocks-1.6.8-3.el8.noarch                                                                                10/17 
  Verifying        : python3-requests-2.20.0-2.1.el8_1.noarch                                                                          11/17 
  Verifying        : python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64                                                          12/17 
  Verifying        : python3-urllib3-1.24.2-5.el8.noarch                                                                               13/17 
  Verifying        : subscription-manager-1.28.13-3.el8_4.x86_64                                                                       14/17 
  Verifying        : subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64                                                     15/17 
  Verifying        : usermode-1.113-1.el8.x86_64                                                                                       16/17 
  Verifying        : katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                        17/17 

Installed:
  dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64             katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch             
  python3-chardet-3.0.4-7.el8.noarch                                 python3-dmidecode-3.12.2-15.el8.x86_64                                 
  python3-ethtool-0.14-3.el8.x86_64                                  python3-idna-2.5-5.el8.noarch                                          
  python3-iniparse-0.4-31.el8.noarch                                 python3-inotify-0.9.6-13.el8.noarch                                    
  python3-librepo-1.12.0-3.el8.x86_64                                python3-libxml2-2.9.7-9.el8_4.2.x86_64                                 
  python3-pysocks-1.6.8-3.el8.noarch                                 python3-requests-2.20.0-2.1.el8_1.noarch                               
  python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64           python3-urllib3-1.24.2-5.el8.noarch                                    
  subscription-manager-1.28.13-3.el8_4.x86_64                        subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64          
  usermode-1.113-1.el8.x86_64                                       

Complete!
[root@lab0l40 ~]# rm -f $CONSUMER_RPM

This next command changes to the “Subscription:” state

[root@lab0l40 ~]# subscription-manager register  \
>         --org='Default_Organization' \
>         --activationkey=CentOS8 || exit 1
The system has been registered with ID: 7ea6a1b8-1abf-4027-9456-cc9162d7675b
The registered system name is: lab0l40.virtual.home.arpa
No products installed.

CentOS_8-First Subscribed735×160 20.3 KB

The next command will change the subscription state from “Fully Entitled” to “Unknown Subscription Status”

Again I will running the script by hand to capture changes.

register_katello_host > register_katello_host_script.sh

As you can see the Subscription state is now changed

CentOS_8-Starting-Registration722×178 25.6 KB

[root@lab0l40 ~]# set -e
[root@lab0l40 ~]# 
[root@lab0l40 ~]# echo "# Running [lab0l40.virtual.home.arpa] host initial configuration"
# Running [lab0l40.virtual.home.arpa] host initial configuration
[root@lab0l40 ~]# 
[root@lab0l40 ~]# SSL_CA_CERT=$(mktemp)
[root@lab0l40 ~]# cat << EOF > $SSL_CA_CERT
> -----BEGIN CERTIFICATE-----
> MIIHCDCCBPCgAwIBAgIUGEUFe2k+B4C64AjdigHqT6mBC7IwDQYJKoZIhvcNAQEL
> BQAwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
> A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
> Z1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFycGEwHhcNMjEw
> OTE3MTMzNjM1WhcNMzgwMTE4MTMzNjM1WjCBhDELMAkGA1UEBhMCVVMxFzAVBgNV
> BAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdL
> YXRlbGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEiMCAGA1UEAwwZbGFiMGwyNS52
> aXJ0dWFsLmhvbWUuYXJwYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
> ALeQ1N/cc7zOLo+nMB7oYtzBtfBX0Czf2DsqsayqEjrn259P42tBzKRaXIh16jsO
> qsaCUMyR4j9PaJUM/V2voc0sczPpmHhXRfjNF42ilUEcOaeOlpJtIzJOiC+GTEz5
> O3sh4Qg9dvA2CKiPnBO6nzgZizXu1MoxdsqgKUVU3pDS6b/HaOQykem5TZ0pUzjw
> s9NzMXxauz/PkwfnyxyE3v58FjWaReYTWG2dDe7bAFf2QMP6qnA7FXzvH7BXxGr5
> BMGYNwB7k4nBc1vnJzSWlcGbmRuXe1wvm+9nt6nNAI1RKPzyXR+LrUjRAMJ0pOqD
> 8rtRQzTFnKrFUnLlIY6HG4exs+vIkLdyt5n/F0PgvWIovqoQIbZQKha3xQFQHSXb
> aFGPRatxuSYsG9PG3sDH1tKeAQOgAmxBas4PGp1APw450rRr5YPE6HqYqfqX2UDM
> PvEwtkAUIHVR+Ns+O1yIoN7WaTPhCZMBK1R29/sgZDo/JBnTHX3IQZPTVMI6dvBA
> KkN7WvQaKh7zzpVtdYmJ80iplIjx1AzvGs6bMqH5W+zLrCtnDRhwGkcKHop/vGO4
> Mw+LpBVAUzeu6cEI09FFUEi3WPtpQrCigSHEH/MFf1mfPeFR86O+io6xMhFGB7CH
> M8+pwkSneBRagm9S4AMECoFLlO9CkDWI9G9seFo99DohAgMBAAGjggFuMIIBajAM
> BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
> KwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRl
> bGxvIFNTTCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtP6E
> rnj12F97EfWEmlwzn+uZCGQwgcQGA1UdIwSBvDCBuYAUtP6Ernj12F97EfWEmlwz
> n+uZCGShgYqkgYcwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJv
> bGluYTEQMA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UE
> CwwLU29tZU9yZ1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFy
> cGGCFBhFBXtpPgeAuuAI3YoB6k+pgQuyMA0GCSqGSIb3DQEBCwUAA4ICAQBH+2W4
> gAQtEgsjsK2SbL7V51qaLZcfqRNgzpwv0sPFl18ieGN/NxRcJ0lhyGFq2dApTevu
> y7i/2CIALxYXK4nlFjHZqr9gYXw4T1MBDKSS0kxG+pWqkcXeGJ/Z2YjoeeZ+yFSd
> 7DZtJbEymQ9ltDqMkJHHtv1pqsHHF/6Y6sc6YCcyS+9YxXXC77gEOgV+rJToHSHJ
> eaJ6a+MAoT/uleh4CyyNvzdUdqejnl0tjpsAK3968Uo5YznFaeivV2jrX9a3iDmm
> B+RSBV3RIirsSinuXG+0s8RLHrEqwXxvzysenV1AHq2fpbx4ebL3pc8NzRndMQDD
> uAH5boMGzBC7Z5QPIHtWhmz87/mdRRteWOKqDtKCDomDYWIYB4swmcBcPm690iDI
> YGmSd7FGjG+dnOAtZ1VqYlIaCn+B01E/WQ3vGly5LHC1WQGzb0MCDGLXZpRCryxf
> Ncntq6Fwu1QfaDvuTY+HQbJTq3WzLbKHNcojPqjdpo/LstiFJBh6qLXA18kZR73B
> vF7U+aaDuJjd5M+6GMA7DqFdtum5GU/iZvCRpBNiDTSdDCe5r8nF78PahxHJ4kl7
> cm62EEFoJdTW4O4tYTfKCDOQLVXI7r7zlFB1CmoVu0ODvhtI2zYZd4c+b6D4C7yU
> VwFi+zVpo7zqQVXHdxcLMSUEWdF0LLgD9yJ9tg==
> -----END CERTIFICATE-----
> 
> EOF
[root@lab0l40 ~]# foreman_curl() {
>   curl --silent --show-error --cacert $SSL_CA_CERT -o /dev/null --noproxy \* "$@"
> }
[root@lab0l40 ~]# 
[root@lab0l40 ~]# exit_and_cancel_build() {
>   echo 'Host [lab0l40.virtual.home.arpa] initial configuration failed'
>   foreman_curl --request POST 'https://lab0l25.virtual.home.arpa:9090/unattended/failed?token=ac017e1e-cbd3-460e-8bfb-7299b713608c' \
>        --data 'Host initial configuration failed, please see the registration log for more details.'
>   exit 1
> }
[root@lab0l40 ~]# 
[root@lab0l40 ~]# set +e
[root@lab0l40 ~]# trap 'exit_and_cancel_build' ERR
[root@lab0l40 ~]# echo "Refreshing subscription data"
Refreshing subscription data
[root@lab0l40 ~]# subscription-manager refresh
All local data refreshed
[root@lab0l40 ~]# trap - ERR
[root@lab0l40 ~]# foreman_curl 'https://lab0l25.virtual.home.arpa:9090/unattended/built?token=ac017e1e-cbd3-460e-8bfb-7299b713608c'

This is the final state, you’ll notice the Build has been set to Installed, which is great however the subscription state is “Unknown”

Ok, I’ll do Rocky 8 as well.

Freshly built

Rocky_8-Before Registration726×171 20.2 KB

Registration

# Rendered with following template parameters:
# User: [admin]
# Organization: [Default Organization]
# Location: [Default Location]
# Operating system: [Rocky_Linux 8]
# Update packages: [false]
# Lifecycle environment id: [3]
# Activation keys: [Rocky8]

Running through the script manually

[root@lab0l41 ~]# if ! [ $(id -u) = 0 ]; then
>     echo "Please run as root"
>     exit 1
> fi
[root@lab0l41 ~]# 
[root@lab0l41 ~]# if [ -f /etc/os-release ] ; then
>   . /etc/os-release
> fi
[root@lab0l41 ~]# 
[root@lab0l41 ~]# SSL_CA_CERT=$(mktemp)
[root@lab0l41 ~]# cat << EOF > $SSL_CA_CERT
> -----BEGIN CERTIFICATE-----
> MIIHCDCCBPCgAwIBAgIUGEUFe2k+B4C64AjdigHqT6mBC7IwDQYJKoZIhvcNAQEL
> BQAwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
> A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
> Z1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFycGEwHhcNMjEw
> OTE3MTMzNjM1WhcNMzgwMTE4MTMzNjM1WjCBhDELMAkGA1UEBhMCVVMxFzAVBgNV
> BAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdL
> YXRlbGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEiMCAGA1UEAwwZbGFiMGwyNS52
> aXJ0dWFsLmhvbWUuYXJwYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
> ALeQ1N/cc7zOLo+nMB7oYtzBtfBX0Czf2DsqsayqEjrn259P42tBzKRaXIh16jsO
> qsaCUMyR4j9PaJUM/V2voc0sczPpmHhXRfjNF42ilUEcOaeOlpJtIzJOiC+GTEz5
> O3sh4Qg9dvA2CKiPnBO6nzgZizXu1MoxdsqgKUVU3pDS6b/HaOQykem5TZ0pUzjw
> s9NzMXxauz/PkwfnyxyE3v58FjWaReYTWG2dDe7bAFf2QMP6qnA7FXzvH7BXxGr5
> BMGYNwB7k4nBc1vnJzSWlcGbmRuXe1wvm+9nt6nNAI1RKPzyXR+LrUjRAMJ0pOqD
> 8rtRQzTFnKrFUnLlIY6HG4exs+vIkLdyt5n/F0PgvWIovqoQIbZQKha3xQFQHSXb
> aFGPRatxuSYsG9PG3sDH1tKeAQOgAmxBas4PGp1APw450rRr5YPE6HqYqfqX2UDM
> PvEwtkAUIHVR+Ns+O1yIoN7WaTPhCZMBK1R29/sgZDo/JBnTHX3IQZPTVMI6dvBA
> KkN7WvQaKh7zzpVtdYmJ80iplIjx1AzvGs6bMqH5W+zLrCtnDRhwGkcKHop/vGO4
> Mw+LpBVAUzeu6cEI09FFUEi3WPtpQrCigSHEH/MFf1mfPeFR86O+io6xMhFGB7CH
> M8+pwkSneBRagm9S4AMECoFLlO9CkDWI9G9seFo99DohAgMBAAGjggFuMIIBajAM
> BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
> KwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRl
> bGxvIFNTTCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtP6E
> rnj12F97EfWEmlwzn+uZCGQwgcQGA1UdIwSBvDCBuYAUtP6Ernj12F97EfWEmlwz
> n+uZCGShgYqkgYcwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJv
> bGluYTEQMA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UE
> CwwLU29tZU9yZ1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFy
> cGGCFBhFBXtpPgeAuuAI3YoB6k+pgQuyMA0GCSqGSIb3DQEBCwUAA4ICAQBH+2W4
> gAQtEgsjsK2SbL7V51qaLZcfqRNgzpwv0sPFl18ieGN/NxRcJ0lhyGFq2dApTevu
> y7i/2CIALxYXK4nlFjHZqr9gYXw4T1MBDKSS0kxG+pWqkcXeGJ/Z2YjoeeZ+yFSd
> 7DZtJbEymQ9ltDqMkJHHtv1pqsHHF/6Y6sc6YCcyS+9YxXXC77gEOgV+rJToHSHJ
> eaJ6a+MAoT/uleh4CyyNvzdUdqejnl0tjpsAK3968Uo5YznFaeivV2jrX9a3iDmm
> B+RSBV3RIirsSinuXG+0s8RLHrEqwXxvzysenV1AHq2fpbx4ebL3pc8NzRndMQDD
> uAH5boMGzBC7Z5QPIHtWhmz87/mdRRteWOKqDtKCDomDYWIYB4swmcBcPm690iDI
> YGmSd7FGjG+dnOAtZ1VqYlIaCn+B01E/WQ3vGly5LHC1WQGzb0MCDGLXZpRCryxf
> Ncntq6Fwu1QfaDvuTY+HQbJTq3WzLbKHNcojPqjdpo/LstiFJBh6qLXA18kZR73B
> vF7U+aaDuJjd5M+6GMA7DqFdtum5GU/iZvCRpBNiDTSdDCe5r8nF78PahxHJ4kl7
> cm62EEFoJdTW4O4tYTfKCDOQLVXI7r7zlFB1CmoVu0ODvhtI2zYZd4c+b6D4C7yU
> VwFi+zVpo7zqQVXHdxcLMSUEWdF0LLgD9yJ9tg==
> -----END CERTIFICATE-----
> 
> EOF
[root@lab0l41 ~]#     register_katello_host(){
>         UUID=$(subscription-manager identity | head -1 | awk '{print $3}')
>         curl --silent --show-error --cacert $SSL_CA_CERT --request POST "https://lab0l25.virtual.home.arpa:9090/register" \
>              --data "uuid=$UUID" \
>              -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MzE5MjQ5NTIsImp0aSI6IjM5NDFmNmQ3MTM5NmEyNzZhMjEzYzM5NzU0NzE1ZGNlM2MxY2M1NTk3MmZiOTUwNzIwZDVjNjJlYjgwYWRhZjgiLCJleHAiOjE2MzE5MzkzNTIsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.M-W1TcG6x_9mT4gmFtkXFVPlgmfR8sj_V7ZLjF-ujSc' \
>           --data 'host[organization_id]=1' \
>           --data 'host[location_id]=2' \
>           --data 'host[lifecycle_environment_id]=3' \
>           --data 'update_packages=false' \
> 
> }
[root@lab0l41 ~]# CONSUMER_RPM=$(mktemp --suffix .rpm)
[root@lab0l41 ~]# curl --silent --show-error --output $CONSUMER_RPM http://lab0l25.virtual.home.arpa/pub/katello-ca-consumer-latest.noarch.rpm
[root@lab0l41 ~]# yum localinstall $CONSUMER_RPM -y
Last metadata expiration check: 1:21:50 ago on Fri 17 Sep 2021 11:18:34 PM UTC.
Dependencies resolved.
=========================================================================================================================================
 Package                                                  Architecture      Version                        Repository               Size
=========================================================================================================================================
Installing:
 katello-ca-consumer-lab0l25.virtual.home.arpa            noarch            1.0-1                          @commandline             10 k
Installing dependencies:
 dnf-plugin-subscription-manager                          x86_64            1.28.13-3.el8_4                baseos                  291 k
 python3-chardet                                          noarch            3.0.4-7.el8                    baseos                  194 k
 python3-dmidecode                                        x86_64            3.12.2-15.el8                  baseos                   92 k
 python3-ethtool                                          x86_64            0.14-3.el8                     baseos                   44 k
 python3-idna                                             noarch            2.5-5.el8                      baseos                   96 k
 python3-iniparse                                         noarch            0.4-31.el8                     baseos                   48 k
 python3-inotify                                          noarch            0.9.6-13.el8                   baseos                   56 k
 python3-librepo                                          x86_64            1.12.0-3.el8                   baseos                   51 k
 python3-libxml2                                          x86_64            2.9.7-9.el8_4.2                baseos                  236 k
 python3-pysocks                                          noarch            1.6.8-3.el8                    baseos                   33 k
 python3-requests                                         noarch            2.20.0-2.1.el8_1               baseos                  122 k
 python3-subscription-manager-rhsm                        x86_64            1.28.13-3.el8_4                baseos                  365 k
 python3-urllib3                                          noarch            1.24.2-5.el8                   baseos                  176 k
 subscription-manager                                     x86_64            1.28.13-3.el8_4                baseos                  1.1 M
 subscription-manager-rhsm-certificates                   x86_64            1.28.13-3.el8_4                baseos                  259 k
 usermode                                                 x86_64            1.113-1.el8                    baseos                  201 k

Transaction Summary
=========================================================================================================================================
Install  17 Packages

Total size: 3.4 M
Total download size: 3.3 M
Installed size: 10 M
Downloading Packages:
(1/16): python3-chardet-3.0.4-7.el8.noarch.rpm                                                           107 kB/s | 194 kB     00:01    
(2/16): python3-dmidecode-3.12.2-15.el8.x86_64.rpm                                                        50 kB/s |  92 kB     00:01    
(3/16): python3-ethtool-0.14-3.el8.x86_64.rpm                                                            569 kB/s |  44 kB     00:00    
(4/16): dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64.rpm                                       152 kB/s | 291 kB     00:01    
(5/16): python3-idna-2.5-5.el8.noarch.rpm                                                                1.2 MB/s |  96 kB     00:00    
(6/16): python3-iniparse-0.4-31.el8.noarch.rpm                                                           625 kB/s |  48 kB     00:00    
(7/16): python3-inotify-0.9.6-13.el8.noarch.rpm                                                          771 kB/s |  56 kB     00:00    
(8/16): python3-librepo-1.12.0-3.el8.x86_64.rpm                                                          673 kB/s |  51 kB     00:00    
(9/16): python3-pysocks-1.6.8-3.el8.noarch.rpm                                                           426 kB/s |  33 kB     00:00    
(10/16): python3-requests-2.20.0-2.1.el8_1.noarch.rpm                                                    1.5 MB/s | 122 kB     00:00    
(11/16): python3-libxml2-2.9.7-9.el8_4.2.x86_64.rpm                                                      1.6 MB/s | 236 kB     00:00    
(12/16): python3-urllib3-1.24.2-5.el8.noarch.rpm                                                         1.5 MB/s | 176 kB     00:00    
(13/16): python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64.rpm                                    2.0 MB/s | 365 kB     00:00    
(14/16): usermode-1.113-1.el8.x86_64.rpm                                                                 1.2 MB/s | 201 kB     00:00    
(15/16): subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64.rpm                               1.0 MB/s | 259 kB     00:00    
(16/16): subscription-manager-1.28.13-3.el8_4.x86_64.rpm                                                 3.3 MB/s | 1.1 MB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                    1.2 MB/s | 3.3 MB     00:02     
warning: /var/cache/dnf/baseos-3e608afeebc9a90b/packages/dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 6d745a60: NOKEY
Rocky Linux 8 - BaseOS                                                                                   1.6 MB/s | 1.6 kB     00:00    
Importing GPG key 0x6D745A60:
 Userid     : "Release Engineering <infrastructure@rockylinux.org>"
 Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                 1/1 
  Installing       : python3-iniparse-0.4-31.el8.noarch                                                                             1/17 
  Installing       : usermode-1.113-1.el8.x86_64                                                                                    2/17 
  Installing       : subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64                                                  3/17 
  Installing       : python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64                                                       4/17 
  Installing       : python3-pysocks-1.6.8-3.el8.noarch                                                                             5/17 
  Installing       : python3-urllib3-1.24.2-5.el8.noarch                                                                            6/17 
  Installing       : python3-libxml2-2.9.7-9.el8_4.2.x86_64                                                                         7/17 
  Installing       : python3-dmidecode-3.12.2-15.el8.x86_64                                                                         8/17 
  Installing       : python3-librepo-1.12.0-3.el8.x86_64                                                                            9/17 
  Installing       : dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64                                                        10/17 
  Installing       : python3-inotify-0.9.6-13.el8.noarch                                                                           11/17 
  Installing       : python3-idna-2.5-5.el8.noarch                                                                                 12/17 
  Installing       : python3-ethtool-0.14-3.el8.x86_64                                                                             13/17 
  Installing       : python3-chardet-3.0.4-7.el8.noarch                                                                            14/17 
  Installing       : python3-requests-2.20.0-2.1.el8_1.noarch                                                                      15/17 
  Installing       : subscription-manager-1.28.13-3.el8_4.x86_64                                                                   16/17 
  Running scriptlet: subscription-manager-1.28.13-3.el8_4.x86_64                                                                   16/17 
chmod: cannot access '/etc/pki/entitlement/*.pem': No such file or directory

  Installing       : katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                    17/17 
  Running scriptlet: katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                    17/17 

WARNING

The yum/dnf plugins: /etc/dnf/plugins/subscription-manager.conf were automatically enabled for the benefit of Red Hat Subscription Management. If not desired, use "subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior.


  Verifying        : dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64                                                         1/17 
  Verifying        : python3-chardet-3.0.4-7.el8.noarch                                                                             2/17 
  Verifying        : python3-dmidecode-3.12.2-15.el8.x86_64                                                                         3/17 
  Verifying        : python3-ethtool-0.14-3.el8.x86_64                                                                              4/17 
  Verifying        : python3-idna-2.5-5.el8.noarch                                                                                  5/17 
  Verifying        : python3-iniparse-0.4-31.el8.noarch                                                                             6/17 
  Verifying        : python3-inotify-0.9.6-13.el8.noarch                                                                            7/17 
  Verifying        : python3-librepo-1.12.0-3.el8.x86_64                                                                            8/17 
  Verifying        : python3-libxml2-2.9.7-9.el8_4.2.x86_64                                                                         9/17 
  Verifying        : python3-pysocks-1.6.8-3.el8.noarch                                                                            10/17 
  Verifying        : python3-requests-2.20.0-2.1.el8_1.noarch                                                                      11/17 
  Verifying        : python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64                                                      12/17 
  Verifying        : python3-urllib3-1.24.2-5.el8.noarch                                                                           13/17 
  Verifying        : subscription-manager-1.28.13-3.el8_4.x86_64                                                                   14/17 
  Verifying        : subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64                                                 15/17 
  Verifying        : usermode-1.113-1.el8.x86_64                                                                                   16/17 
  Verifying        : katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch                                                    17/17 

Installed:
  dnf-plugin-subscription-manager-1.28.13-3.el8_4.x86_64           katello-ca-consumer-lab0l25.virtual.home.arpa-1.0-1.noarch           
  python3-chardet-3.0.4-7.el8.noarch                               python3-dmidecode-3.12.2-15.el8.x86_64                               
  python3-ethtool-0.14-3.el8.x86_64                                python3-idna-2.5-5.el8.noarch                                        
  python3-iniparse-0.4-31.el8.noarch                               python3-inotify-0.9.6-13.el8.noarch                                  
  python3-librepo-1.12.0-3.el8.x86_64                              python3-libxml2-2.9.7-9.el8_4.2.x86_64                               
  python3-pysocks-1.6.8-3.el8.noarch                               python3-requests-2.20.0-2.1.el8_1.noarch                             
  python3-subscription-manager-rhsm-1.28.13-3.el8_4.x86_64         python3-urllib3-1.24.2-5.el8.noarch                                  
  subscription-manager-1.28.13-3.el8_4.x86_64                      subscription-manager-rhsm-certificates-1.28.13-3.el8_4.x86_64        
  usermode-1.113-1.el8.x86_64                                     

Complete!
[root@lab0l41 ~]# rm -f $CONSUMER_RPM

About to run subscription-manager for the first time

[root@lab0l41 ~]# subscription-manager register  \
>         --org='Default_Organization' \
>         --activationkey=Rocky8 || exit 1
The system has been registered with ID: cc546cdb-cb5d-43bd-9ab3-b45d1cdb260f
The registered system name is: lab0l41.virtual.home.arpa
No products installed.

Rocky_8-First Subscribed719×169 23.5 KB

About to run register_katello_host

[root@lab0l41 ~]# register_katello_host > register_katello_host.sh

Rocky_8-Starting Registration698×162 23.4 KB

Notice how the Build: state did not change, it should be “Pending Installation” and it’s not

Running through the rest of the script.

[root@lab0l41 ~]# set -e
[root@lab0l41 ~]# 
[root@lab0l41 ~]# echo "# Running [lab0l41.virtual.home.arpa] host initial configuration"
# Running [lab0l41.virtual.home.arpa] host initial configuration
[root@lab0l41 ~]# 
[root@lab0l41 ~]# SSL_CA_CERT=$(mktemp)
[root@lab0l41 ~]# cat << EOF > $SSL_CA_CERT
> -----BEGIN CERTIFICATE-----
> MIIHCDCCBPCgAwIBAgIUGEUFe2k+B4C64AjdigHqT6mBC7IwDQYJKoZIhvcNAQEL
> BQAwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
> A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
> Z1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFycGEwHhcNMjEw
> OTE3MTMzNjM1WhcNMzgwMTE4MTMzNjM1WjCBhDELMAkGA1UEBhMCVVMxFzAVBgNV
> BAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdL
> YXRlbGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEiMCAGA1UEAwwZbGFiMGwyNS52
> aXJ0dWFsLmhvbWUuYXJwYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
> ALeQ1N/cc7zOLo+nMB7oYtzBtfBX0Czf2DsqsayqEjrn259P42tBzKRaXIh16jsO
> qsaCUMyR4j9PaJUM/V2voc0sczPpmHhXRfjNF42ilUEcOaeOlpJtIzJOiC+GTEz5
> O3sh4Qg9dvA2CKiPnBO6nzgZizXu1MoxdsqgKUVU3pDS6b/HaOQykem5TZ0pUzjw
> s9NzMXxauz/PkwfnyxyE3v58FjWaReYTWG2dDe7bAFf2QMP6qnA7FXzvH7BXxGr5
> BMGYNwB7k4nBc1vnJzSWlcGbmRuXe1wvm+9nt6nNAI1RKPzyXR+LrUjRAMJ0pOqD
> 8rtRQzTFnKrFUnLlIY6HG4exs+vIkLdyt5n/F0PgvWIovqoQIbZQKha3xQFQHSXb
> aFGPRatxuSYsG9PG3sDH1tKeAQOgAmxBas4PGp1APw450rRr5YPE6HqYqfqX2UDM
> PvEwtkAUIHVR+Ns+O1yIoN7WaTPhCZMBK1R29/sgZDo/JBnTHX3IQZPTVMI6dvBA
> KkN7WvQaKh7zzpVtdYmJ80iplIjx1AzvGs6bMqH5W+zLrCtnDRhwGkcKHop/vGO4
> Mw+LpBVAUzeu6cEI09FFUEi3WPtpQrCigSHEH/MFf1mfPeFR86O+io6xMhFGB7CH
> M8+pwkSneBRagm9S4AMECoFLlO9CkDWI9G9seFo99DohAgMBAAGjggFuMIIBajAM
> BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
> KwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRl
> bGxvIFNTTCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtP6E
> rnj12F97EfWEmlwzn+uZCGQwgcQGA1UdIwSBvDCBuYAUtP6Ernj12F97EfWEmlwz
> n+uZCGShgYqkgYcwgYQxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJv
> bGluYTEQMA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UE
> CwwLU29tZU9yZ1VuaXQxIjAgBgNVBAMMGWxhYjBsMjUudmlydHVhbC5ob21lLmFy
> cGGCFBhFBXtpPgeAuuAI3YoB6k+pgQuyMA0GCSqGSIb3DQEBCwUAA4ICAQBH+2W4
> gAQtEgsjsK2SbL7V51qaLZcfqRNgzpwv0sPFl18ieGN/NxRcJ0lhyGFq2dApTevu
> y7i/2CIALxYXK4nlFjHZqr9gYXw4T1MBDKSS0kxG+pWqkcXeGJ/Z2YjoeeZ+yFSd
> 7DZtJbEymQ9ltDqMkJHHtv1pqsHHF/6Y6sc6YCcyS+9YxXXC77gEOgV+rJToHSHJ
> eaJ6a+MAoT/uleh4CyyNvzdUdqejnl0tjpsAK3968Uo5YznFaeivV2jrX9a3iDmm
> B+RSBV3RIirsSinuXG+0s8RLHrEqwXxvzysenV1AHq2fpbx4ebL3pc8NzRndMQDD
> uAH5boMGzBC7Z5QPIHtWhmz87/mdRRteWOKqDtKCDomDYWIYB4swmcBcPm690iDI
> YGmSd7FGjG+dnOAtZ1VqYlIaCn+B01E/WQ3vGly5LHC1WQGzb0MCDGLXZpRCryxf
> Ncntq6Fwu1QfaDvuTY+HQbJTq3WzLbKHNcojPqjdpo/LstiFJBh6qLXA18kZR73B
> vF7U+aaDuJjd5M+6GMA7DqFdtum5GU/iZvCRpBNiDTSdDCe5r8nF78PahxHJ4kl7
> cm62EEFoJdTW4O4tYTfKCDOQLVXI7r7zlFB1CmoVu0ODvhtI2zYZd4c+b6D4C7yU
> VwFi+zVpo7zqQVXHdxcLMSUEWdF0LLgD9yJ9tg==
> -----END CERTIFICATE-----
> 
> EOF
[root@lab0l41 ~]# foreman_curl() {
>   curl --silent --show-error --cacert $SSL_CA_CERT -o /dev/null --noproxy \* "$@"
> }
[root@lab0l41 ~]# 
[root@lab0l41 ~]# exit_and_cancel_build() {
>   echo 'Host [lab0l41.virtual.home.arpa] initial configuration failed'
>   foreman_curl --request POST 'https://lab0l25.virtual.home.arpa:9090/unattended/failed?token=ba991e4e-8bb2-49f4-883e-00c0c78a57cb' \
>        --data 'Host initial configuration failed, please see the registration log for more details.'
>   exit 1
> }
[root@lab0l41 ~]# 
[root@lab0l41 ~]# set +e
[root@lab0l41 ~]# trap 'exit_and_cancel_build' ERR
[root@lab0l41 ~]# echo "Refreshing subscription data"
Refreshing subscription data
[root@lab0l41 ~]# subscription-manager refresh
All local data refreshed
[root@lab0l41 ~]# trap - ERR
[root@lab0l41 ~]# foreman_curl 'https://lab0l25.virtual.home.arpa:9090/unattended/built?token=ba991e4e-8bb2-49f4-883e-00c0c78a57cb'

Obviously if it wasn’t doing a “-o /dev/null” we would have seen an error on that foreman_curl, because the build status is not pending.

And here is the final state

Rocky_8-Registration Complete706×167 23.4 KB

So it’s not doing the same thing that CentOS 8 is, something is defnitely buggy here. I hope this helps someone track down what might be going on.

So it’s not doing the same thing that CentOS 8 is, something is defnitely buggy here.

I can confirm that there is a problem, I can reproduce it on my setup too. So far I don’t understand why it’s changing the status, need to see what subscription-manager is doing there.

I’ll let you know when I’ll have some update.

So I did some investigation and found this answer [0], quoting here:

Why do I see my host registered in Satellite is in ‘warning state’ when using Simple Content Access?
Why is the subscription status for my host showing: “Unknown subscription status” ?

A:
This is the expected behaviour. In Simple Content Access, hosts actually wouldn’t consume any subscriptions to get the content. You just have to register the host to the Foreman and start consuming content.

So I tried on my CentOS 8 machine:

yum update -y
subscription-manager refresh

Then checked status in Foreman: Subscription: Simple Content Access & all green.

TBH I don’t know much about subscriptions so I don’t want to make some any resolutions here, but it seems that you need to start consume content first to have some subscription status.

[0] Unknown subscription status when using Simple Content Access - Red Hat Customer Portal

alright cool, I will have to give that a shot.

If that works then I just need to figure out why Rocky 8 hosts don’t change from Build: Installed to Build: Pending Installation when register_katello_host runs the like CentOS 8 hosts do.

Ok, so I gave it a shot.

Looks like some of this hinges on setting either the organization or the subscription to allow Simple Content Access.

And to do that requires downloading a manifest from Redhat?

I hadn’t planned on ingesting any RHEL repositories is it still necessary to create a subscription manifest using the red hat customer portal to enable simple content access? Is there a way to just generate one with no entitlement so I can deploy CentOS hosts without having the subscription-manager get hung up on the last step?

Please see my response in the other thread. @lstejskal The “Unknown subscription status” wording referred to in that document was changed to “Simple Content Access,” so I don’t think that’s the issue. We don’t know the cause yet but are investigating. See the other thread for a workaround.