Project

General

Profile

Actions
Copy link

Bug #24771

closed

Bad Signatures for EL5 Katello 3.5 client packages

Added by Simon Thomson over 6 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
Justin Sherrill
Category:
Repositories
Target version:
Katello Recycle Bin
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Katello 3.5.2
Red Hat JIRA:

Description

When attempting to migrate CentOS 5.11 x86_64 servers to Foreman Katello the katello-client-bootstrap script errors with "Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef" and exits at the installation of subscription-manger. This causes migration to fail.

Ansible log output from migration attempt:

When attempting to migrate CentOS 5.11 x86_64 servers to Foreman Katello the katello-client-bootstrap script errors with "Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef" and exits at the installation of subscription-manger. This causes migration to fail.

Ansible log output from migration attempt:

{
"_ansible_parsed": true,
"stderr_lines": [],
"changed": true,
"end": "2018-08-31 13:41:50.929256",
"_ansible_no_log": false,
"stdout": "Foreman Bootstrap Script\nThis script is designed to register new systems or to migrate an existing system to a Foreman server with Katello\nHOSTNAME - test-centos5-01\nDOMAIN - domain.internal\nFQDN - test-centos5-01.domain.internal\nOS RELEASE - 5.11\nMAC - 00:50:56:98:1F:AC\nIP - 10.5.12.101\nforeman_fqdn - katello.domain.internal\nLOGIN - foreman.migrate.user\nPASSWORD - ************************\nHOSTGROUP - hg-common/dev/centos-5\nLOCATION - central_office\nOPERATINGSYSTEM - None\nPARTITIONTABLE - None\nORG - OUR ORG Linux\nACTIVATIONKEY - ak-dev-os-centos-5-x86_64\nCONTENT RELEASE - None\nUPDATE - None\nLEGACY LOGIN - admin\nLEGACY PASSWORD - None\nDOWNLOAD METHOD - http\nSKIP - set(['migration'])\nTIMEOUT - 900\nPUPPET SERVER - puppet.domain.internal\nPUPPET CA SERVER - puppetca.domain.internal\nPUPPET CA PORT - None\n[NOTIFICATION], [2018-08-31 13:41:48], [Checking subscription manager prerequisites] \n[NOTIFICATION], [2018-08-31 13:41:48], [Enabling http://katello.domain.internal/pulp/repos/ens_linux/Library/custom/Foreman-Katello/el5-katello_agent-latest-x86_64-rpms/ as a repository for dependency RPMs] \n[NOTIFICATION], [2018-08-31 13:41:48], [Building yum metadata cache. This may take a few minutes] \n[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y makecache ] \nLoaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\nMetadata Cache Created\n[\u001b[92mSUCCESS\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y makecache ], completed successfully.\n\nLoaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y remove subscription-manager-gnome] \nLoaded plugins: fastestmirror, security\nSetting up Remove Process\nNo Match for argument: subscription-manager-gnome\nLoading mirror speeds from cached hostfile\nNo Packages marked for removal\n[\u001b[92mSUCCESS\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y remove subscription-manager-gnome], completed successfully.\n\n[NOTIFICATION], [2018-08-31 13:41:48], [subscription-manager NOT installed. Installing.] \n[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y install subscription-manager] \n[\u001b[91mERROR\u001b[0m], [2018-08-31 13:41:50], EXITING: [/usr/bin/yum -y install subscription-manager] failed to execute properly.\nLoaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package subscription-manager.x86_64 0:1.11.3-11.el5 set to be updated\n--> Processing Dependency: python-rhsm >= 1.11.3-5 for package: subscription-manager\n--> Running transaction check\n---> Package python-rhsm.x86_64 0:1.11.3-5.el5 set to be updated\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n subscription-manager x86_64 1.11.3-11.el5 kt-bootstrap 1.1 M\nInstalling for dependencies:\n python-rhsm x86_64 1.11.3-5.el5 kt-bootstrap 148 k\n\nTransaction Summary\n================================================================================\nInstall 2 Package(s)\nUpgrade 0 Package(s)\n\nTotal download size: 1.3 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 22 MB/s | 1.3 MB 00:00 \nRunning rpm_check_debug\nRunning Transaction Test\nFinished Transaction Test\nTransaction Test Succeeded\nRunning Transaction\nerror: python-rhsm-1.11.3-5.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef\nerror: subscription-manager-1.11.3-11.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef\n\nInstalled:\n subscription-manager.x86_64 0:1.11.3-11.el5 \n\nDependency Installed:\n python-rhsm.x86_64 0:1.11.3-5.el5 \n\nComplete!",
"cmd": [
"sudo",
"python",
"/tmp/bootstrap.py",
"--server",
"katello.domain.internal",
"--organization",
"OUR ORG Linux",
"--location",
"central_office",
"--activationkey",
"ak-dev-os-centos-5-x86_64",
"--download-method",
"http",
"--login",
"foreman.migrate.user",
"--password",
"************************",
"--hostgroup",
"hg-common/dev/centos-5",
"-v",
"--rex",
"--puppet-server",
"puppet.domain.internal",
"--puppet-ca-server",
"puppetca.domain.internal",
"--unmanaged",
"--skip",
"migration",
"--add-domain",
"--deps-repository-url",
"http://katello.domain.internal/pulp/repos/ens_linux/Library/custom/Foreman-Katello/el5-katello_agent-latest-x86_64-rpms/",
"--force"
],
"start": "2018-08-31 13:41:47.928335",
"delta": "0:00:03.000921",
"warnings": [
"Consider using 'become', 'become_method', and 'become_user' rather than running sudo"
],
"rc": 1,
"invocation": {
"module_args": {
"creates": null,
"executable": null,
"_uses_shell": false,
"_raw_params": "sudo python /tmp/bootstrap.py --server katello.domain.internal --organization 'OUR ORG Linux' --location 'central_office' --activationkey 'ak-dev-os-centos-5-x86_64' --download-method http --login 'foreman.migrate.user' --password '************************' --hostgroup 'hg-common/dev/centos-5' -v --rex --puppet-server puppet.domain.internal --puppet-ca-server puppetca.domain.internal --unmanaged --skip migration --add-domain --deps-repository-url http://katello.domain.internal/pulp/repos/ens_linux/Library/custom/Foreman-Katello/el5-katello_agent-latest-x86_64-rpms/ --force",
"removes": null,
"argv": null,
"warn": true,
"chdir": null,
"stdin": null
}
},
"stdout_lines": [
"Foreman Bootstrap Script",
"This script is designed to register new systems or to migrate an existing system to a Foreman server with Katello",
"HOSTNAME - test-centos5-01",
"DOMAIN - domain.internal",
"FQDN - test-centos5-01.domain.internal",
"OS RELEASE - 5.11",
"MAC - 00:50:56:XX:XX:XX",
"IP - 11.11.11.11",
"foreman_fqdn - katello.domain.internal",
"LOGIN - foreman.migrate.user",
"PASSWORD - ************************",
"HOSTGROUP - hg-common/dev/centos-5",
"LOCATION - central_office",
"OPERATINGSYSTEM - None",
"PARTITIONTABLE - None",
"ORG - OUR ORG Linux",
"ACTIVATIONKEY - ak-dev-os-centos-5-x86_64",
"CONTENT RELEASE - None",
"UPDATE - None",
"LEGACY LOGIN - admin",
"LEGACY PASSWORD - None",
"DOWNLOAD METHOD - http",
"SKIP - set(['migration'])",
"TIMEOUT - 900",
"PUPPET SERVER - puppet.domain.internal",
"PUPPET CA SERVER - puppetca.domain.internal",
"PUPPET CA PORT - None",
"[NOTIFICATION], [2018-08-31 13:41:48], [Checking subscription manager prerequisites] ",
"[NOTIFICATION], [2018-08-31 13:41:48], [Enabling http://katello.domain.internal/pulp/repos/ens_linux/Library/custom/Foreman-Katello/el5-katello_agent-latest-x86_64-rpms/ as a repository for dependency RPMs] ",
"[NOTIFICATION], [2018-08-31 13:41:48], [Building yum metadata cache. This may take a few minutes] ",
"[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y makecache ] ",
"Loaded plugins: fastestmirror, security",
"Loading mirror speeds from cached hostfile",
"Metadata Cache Created",
"[\u001b[92mSUCCESS\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y makecache ], completed successfully.",
"",
"Loaded plugins: fastestmirror",
"Loading mirror speeds from cached hostfile",
"[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y remove subscription-manager-gnome] ",
"Loaded plugins: fastestmirror, security",
"Setting up Remove Process",
"No Match for argument: subscription-manager-gnome",
"Loading mirror speeds from cached hostfile",
"No Packages marked for removal",
"[\u001b[92mSUCCESS\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y remove subscription-manager-gnome], completed successfully.",
"",
"[NOTIFICATION], [2018-08-31 13:41:48], [subscription-manager NOT installed. Installing.] ",
"[\u001b[94mRUNNING\u001b[0m], [2018-08-31 13:41:48], [/usr/bin/yum -y install subscription-manager] ",
"[\u001b[91mERROR\u001b[0m], [2018-08-31 13:41:50], EXITING: [/usr/bin/yum -y install subscription-manager] failed to execute properly.",
"Loaded plugins: fastestmirror, security",
"Loading mirror speeds from cached hostfile",
"Setting up Install Process",
"Resolving Dependencies",
"--> Running transaction check",
"---> Package subscription-manager.x86_64 0:1.11.3-11.el5 set to be updated",
"--> Processing Dependency: python-rhsm >= 1.11.3-5 for package: subscription-manager",
"--> Running transaction check",
"---> Package python-rhsm.x86_64 0:1.11.3-5.el5 set to be updated",
"--> Finished Dependency Resolution",
"",
"Dependencies Resolved",
"",
"================================================================================",
" Package Arch Version Repository Size",
"================================================================================",
"Installing:",
" subscription-manager x86_64 1.11.3-11.el5 kt-bootstrap 1.1 M",
"Installing for dependencies:",
" python-rhsm x86_64 1.11.3-5.el5 kt-bootstrap 148 k",
"",
"Transaction Summary",
"================================================================================",
"Install 2 Package(s)",
"Upgrade 0 Package(s)",
"",
"Total download size: 1.3 M",
"Downloading Packages:",
"--------------------------------------------------------------------------------",
"Total 22 MB/s | 1.3 MB 00:00 ",
"Running rpm_check_debug",
"Running Transaction Test",
"Finished Transaction Test",
"Transaction Test Succeeded",
"Running Transaction",
"error: python-rhsm-1.11.3-5.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef",
"error: subscription-manager-1.11.3-11.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef",
"",
"Installed:",
" subscription-manager.x86_64 0:1.11.3-11.el5 ",
"",
"Dependency Installed:",
" python-rhsm.x86_64 0:1.11.3-5.el5 ",
"",
"Complete!"
],
"stderr": "",
"msg": "non-zero return code"
}

Attempts to manually install subscription manager also fail:

[root@test-centos5-01 ~]# yum install subscription-manager --nogpgcheck
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package subscription-manager.x86_64 0:1.11.3-11.el5 set to be updated
--> Processing Dependency: python-rhsm >= 1.11.3-5 for package: subscription-manager
--> Running transaction check
---> Package python-rhsm.x86_64 0:1.11.3-5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size ===================================================================================================================================================================================================================================================================================================================
Installing:
subscription-manager x86_64 1.11.3-11.el5 kt-bootstrap 1.1 M
Installing for dependencies:
python-rhsm x86_64 1.11.3-5.el5 kt-bootstrap 148 k

Transaction Summary ===================================================================================================================================================================================================================================================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)

Total download size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): python-rhsm-1.11.3-5.el5.x86_64.rpm | 148 kB 00:00
(2/2): subscription-manager-1.11.3-11.el5.x86_64.rpm | 1.1 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 26 MB/s | 1.3 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
error: python-rhsm-1.11.3-5.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef
error: subscription-manager-1.11.3-11.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef

Installed:
subscription-manager.x86_64 0:1.11.3-11.el5

Dependency Installed:
python-rhsm.x86_64 0:1.11.3-5.el5

Complete!

This issue is preventing us from migrating servers into Foreman. We (thankfully) don't have many legacy EL5 hosts but those we do have need to be managed.
This looks very similar to https://projects.theforeman.org/issues/10608 and https://projects.theforeman.org/issues/14974

Attempts to manually install subscription manager also fail:

[root@test-centos5-01 ~]# yum install subscription-manager --nogpgcheck
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package subscription-manager.x86_64 0:1.11.3-11.el5 set to be updated
--> Processing Dependency: python-rhsm >= 1.11.3-5 for package: subscription-manager
--> Running transaction check
---> Package python-rhsm.x86_64 0:1.11.3-5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size ===================================================================================================================================================================================================================================================================================================================
Installing:
subscription-manager x86_64 1.11.3-11.el5 kt-bootstrap 1.1 M
Installing for dependencies:
python-rhsm x86_64 1.11.3-5.el5 kt-bootstrap 148 k

Transaction Summary ===================================================================================================================================================================================================================================================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)

Total download size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): python-rhsm-1.11.3-5.el5.x86_64.rpm | 148 kB 00:00
(2/2): subscription-manager-1.11.3-11.el5.x86_64.rpm | 1.1 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 26 MB/s | 1.3 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
error: python-rhsm-1.11.3-5.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef
error: subscription-manager-1.11.3-11.el5: Header V4 RSA/SHA1 signature: BAD, key ID 2884ecef

Installed:
subscription-manager.x86_64 0:1.11.3-11.el5

Dependency Installed:
python-rhsm.x86_64 0:1.11.3-5.el5

Complete!

This issue is preventing us from migrating servers into Foreman. We (thankfully) don't have many legacy EL5 hosts but those we do have need to be managed.
This looks very similar to https://projects.theforeman.org/issues/10608 and https://projects.theforeman.org/issues/14974

Related issues 2 (0 open2 closed)

Related to Katello - Bug #10608: 'Non-fatal POSTIN scriptlet failure in rpm package' (when installing server cert / subscription-manager)ResolvedEric Helms05/26/2015Actions
Related to Katello - Bug #14974: Multitude of bad signatures for EL5 Katello 2.4 Client packages Resolved05/09/2016Actions
Actions
Copy link

Also available in: Atom PDF