But there is problem.
On newly installed server /usr/bin/katello-rhsm-consumer script works as expected.
If i am going to reinstall on already registered servers, it replace our pr0mgm01.blabla.com server in /etc/rhsm/rhsm.conf with cdn.redhat.com from /etc/rhsm/rhsm.conf.kat-backup, so i need to re-run /usr/bin/katello-rhsm-consumer one more time and it fix it.
… or remove /etc/rhsm/rhsm.conf.kat-backup before reinstall katello-ca-consumer-latest.noarch.rpm
I do not know how cdn.redhat server appeared in this configuration, that server was CentOS all the time.
No i did not uninstall that package. I tried to reinstall it.
I removed rhsm.conf.kat-backup on 300 servers and updated katello-ca-consumer-latest.noarch.rpm .
Configuration is fine with proper Foreman hostname.
Do I have to uninstall and install every package i need to reinstall ?
Should not be done it with pre and post steps during rpm installation ?
# yum info katello-ca-consumer-centos7-devel.virbr0.akofink-desktop-1.0-1.noarch
Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
Loading mirror speeds from cached hostfile
* base: mirror.siena.edu
* epel: ewr.edge.kernel.org
* extras: mirror.siena.edu
* updates: centos.servint.com
Name : katello-ca-consumer-centos7-devel.virbr0.akofink-desktop
Arch : noarch
Version : 1.0
Release : 1
Size : 16 k
Repo : installed
Summary : Subscription-manager consumer certificate for Katello instance centos7-devel.virbr0.akofink-desktop
License : GPL
Description : Consumer certificate and post installation script that configures rhsm.
When you install the katello-ca-consumer rpm, it runs cp /etc/rhsm/rhsm.conf /etc/rhsm/rhsm.conf.kat-backup. When you uninstall the rpm, it might copy the file back (though I’m not positive). So this file is not guaranteed to be the same for every user, and it’s not used by Katello at all (it’s just a backup so we don’t completely throw out the old file).
I am updating katello-ca-consumer-latest.rpm , this package contain only script /usr/bin/katello-rhsm-consumer . After first update it has wrong rhsm.conf. Then it is possible reinstall for second time, and it is correct rhsm.conf or run manually updated /usr/bin/katello-rhsm-consumer and it fix it too. (or third possibility is remove rhsm.conf.kat-backup before update)
Our foreman is running for 2 years, we upgraded it from 1.13 to 1.18.3 (not at once)
Week ago i wanted to add SSL certificates signed by our corporate CA.
All went smooth and i understand that already registered clients does not know signed authority.
So we had roll out katello-ca-consumer-latest.rpm to clients.
It contain script /usr/bin/katello-rhsm-consumer which update /etc/pki/ca-trust/source/anchors with new certificates. But after update i found, that reinstall of package changed /etc/rhsm/rhsm.conf with server from /etc/rhsm/rhsm.conf.kat-backup .
I found 3 workarounds how to set correct /etc/rhsm/rhsm.conf
reinstall same katello-ca-consumer-latest.rpm
manually run updated /usr/bin/katello-rhsm-consumer
delete /etc/rhsm/rhsm.conf.kat-backup with wrong hostname before reinstalling katello-ca-consumer-latest.rpm
When you first install subscription-manager, /etc/rhsm/rhsm.conf is created with the Red Hat hostname. This is the typical configuration for talking to RHSM. The following is on a fresh centos 7 box:
$ cat /etc/rhsm/rhsm.conf
cat: /etc/rhsm/rhsm.conf: No such file or directory
$ yum install -y subscription-manager
$ cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:
# Unified Entitlement Platform Configuration
# Server hostname:
hostname = subscription.rhsm.redhat.com
# Server prefix:
prefix = /subscription
# Server port:
port = 443
# Set to 1 to disable certificate validation:
insecure = 0
# Set the depth of certs which should be checked
# when validating a certificate
ssl_verify_depth = 3
# an http proxy server to use
# port for http proxy server
# user name for authenticating to an http proxy, if needed
# password for basic http proxy auth, if needed
# host/domain suffix blacklist for proxy, if needed
# Content base URL:
baseurl = https://cdn.redhat.com
# Repository metadata GPG key URL:
# Server CA certificate location:
ca_cert_dir = /etc/rhsm/ca/
# Default CA cert to use when generating yum repo configs:
repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
# Where the certificates should be stored
productCertDir = /etc/pki/product
entitlementCertDir = /etc/pki/entitlement
consumerCertDir = /etc/pki/consumer
# Manage generation of yum repositories for subscribed content:
manage_repos = 1
# Refresh repo files with server overrides on every yum command
full_refresh_on_yum = 0
# If set to zero, the client will not report the package profile to
# the subscription management service.
report_package_profile = 1
# The directory to search for subscription manager plugins
pluginDir = /usr/share/rhsm-plugins
# The directory to search for plugin configuration files
pluginConfDir = /etc/rhsm/pluginconf.d
# Manage automatic enabling of yum/dnf plugins (product-id, subscription-manager)
auto_enable_yum_plugins = 1
# Inotify is used for monitoring changes in directories with certificates.
# Currently only the /etc/pki/consumer directory is monitored by the
# rhsm.service. When this directory is mounted using a network file system
# without inotify notification support (e.g. NFS), then disabling inotify
# is strongly recommended. When inotify is disabled, periodical directory
# polling is used instead.
inotify = 1
# Interval to run cert check (in minutes):
certCheckInterval = 240
# Interval to run auto-attach (in minutes):
autoAttachInterval = 1440
# If set to zero, the checks done by the rhsmcertd daemon will not be splayed (randomly offset)
splay = 1
default_log_level = INFO
# subscription_manager = DEBUG
# subscription_manager.managercli = DEBUG
# rhsm = DEBUG
# rhsm.connection = DEBUG
# rhsm-app = DEBUG
# rhsm-app.rhsmd = DEBUG
This is expected behavior of subscription-manager.
This might be a bug. It should move rhsm.conf.kat-backup to rhsm.conf after uninstall and move rhsm.conf to rhsm.conf.kat-backup on install. When I run yum reinstall ./katello-ca-consumer-latest.noarch.rpm, the /etc/rhsm/ folder remains unchanged. Is that what you’re running as well? I believe this behavior comes from the postun script here.