One idea to track down which process is editing those certs/files would be to use auditd or systemtap https://unix.stackexchange.com/a/99091 Just a thought I wanted to share.
On Thu, May 28, 2020 at 9:18 AM Gravel Bone <[email protected]> wrote: > In this case the entitlement certs themselves aren't expired from a date > perspective, they just no longer work connecting to Red Hat. It's more > like they've been revoked because the server they are on got new > entitlement certs which is happening automatically, I just have not figured > out how to prevent that. I've tried turning of rhsmcertd, disabled > subscription management, and combinations in between. > > On Wed, May 27, 2020 at 2:23 PM Brian Bouterse <[email protected]> > wrote: > >> If the certs are short-lived, then there isn't much to do except ask the >> issuer to give you longer ones. You could inspect the certs more closely I >> believe using the `rct cat-crt` command. Pulp-certguard has some docs >> showing an example with that tool >> https://pulp-certguard.readthedocs.io/en/latest/debugging.html#checking-authorized-urls-in-rhsm-certificates >> >> On Wed, May 27, 2020 at 11:20 AM Myers, Mike <[email protected]> wrote: >> >>> We’ve faced that too. I’ve love some deeper insight, but what I’ve >>> found so far is that “rhsmcertd” process does some sort of check/update on >>> those certs. We’ve just set a process to pull those from >>> /etc/pki/entitlement into Pulp when such a failure occurs. It would be >>> nice if there were a Pulp native way to address this (short of running the >>> whole Satellite suite) >>> >>> >>> >>> Cheers, >>> >>> *Mike Myers* >>> >>> >>> >>> *From: *<[email protected]> on behalf of Gravel Bone < >>> [email protected]> >>> *Date: *Wednesday, May 27, 2020 at 5:48 AM >>> *To: *"[email protected]" <[email protected]> >>> *Subject: *<External>[Pulp-list] Syncing Red hat Repos entitlement issue >>> >>> >>> >>> This is probably something straight forward, but my searches have found >>> nothing... >>> >>> >>> >>> I pull an entitlement files from our server (well three for three >>> different subscriptions) and create repos using them to sync the >>> corresponding Red Hat repository. The problem is, the entitlements seem >>> to expire about every month. I'm sure it's something I'm missing that >>> stupid obvious, but google has not been my friend nor has the >>> documentation...help would be appreciated... >>> _______________________________________________ >>> Pulp-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/pulp-list >> >>
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
