Problem with subscription-manager config command run by subscription manager

[fduranti]

I get a wrong behaviour on new server where the module try to change the SAM server to the correct pulp server for baseurl. Tested on a REDHAT 7.3 server.

In the past this error was not happening because I think you was not "removing" those configurations if those (proxy settings) was not present... now it try to remove them but don't work (it's possible it's a bug of subscription-manager or you should just run 2 commands: one for changed and one for removed variable?)

When it run the subscription-manager command, if there are any --remove it will not change the baseurl:

manually running the command i get those warning but it will not change anything

[root@server puppet]# /usr/sbin/subscription-manager config --server.hostname SAMSERVER --server.insecure 0 --server.port 443 --server.prefix /sam/api --remove=server.proxy_password --remove=server.proxy_port --remove=server.proxy_user --server.server_timeout 180 --server.ssl_verify_depth 3 --rhsm.baseurl http://pulp.domain/pulp/repos/snapshot/latest --rhsm.ca_cert_dir /etc/rhsm/ca --rhsm.consumercertdir /etc/pki/consumer --rhsm.entitlementcertdir /etc/pki/entitlement --rhsm.full_refresh_on_yum 0 --rhsm.manage_repos 1 --rhsm.pluginconfdir /etc/rhsm/pluginconf.d --rhsm.plugindir /usr/share/rhsm-plugins --rhsm.productcertdir /etc/pki/product --rhsm.repo_ca_cert /etc/rhsm/ca/candlepin-local.pem --rhsm.report_package_profile 1 --rhsmcertd.autoattachinterval 1440 --rhsmcertd.certcheckinterval 240 --logging.default_log_level INFO 
You have removed the value for section server and name proxy_password.
The default value for proxy_password will now be used.
You have removed the value for section server and name proxy_port.
The default value for proxy_port will now be used.
You have removed the value for section server and name proxy_user.
The default value for proxy_user will now be used.

[root@server puppet]# subscription-manager config
[server]
   hostname = SAMSERVER
   insecure = [0]
   port = [443]
   prefix = /sam/api
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   server_timeout = [180]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = https://SAMSERVER:8088
   ca_cert_dir = /etc/rhsm/ca
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   full_refresh_on_yum = [0]
   manage_repos = [1]
   pluginconfdir = [/etc/rhsm/pluginconf.d]
   plugindir = [/usr/share/rhsm-plugins]
   productcertdir = [/etc/pki/product]
   repo_ca_cert = /etc/rhsm/ca/candlepin-local.pem
   report_package_profile = [1]

[rhsmcertd]
   autoattachinterval = [1440]
   certcheckinterval = [240]

[logging]
   default_log_level = [INFO]

[] - Default value in use

Removing the --remove make it work correctly:

[root@server puppet]#  /usr/sbin/subscription-manager config --server.hostname SAMSERVER --server.insecure 0 --server.port 443 --server.prefix /sam/api --server.server_timeout 180 --server.ssl_verify_depth 3 --rhsm.baseurl http://pulp.domain/pulp/repos/snapshot/latest --rhsm.ca_cert_dir /etc/rhsm/ca --rhsm.consumercertdir /etc/pki/consumer --rhsm.entitlementcertdir /etc/pki/entitlement --rhsm.full_refresh_on_yum 0 --rhsm.manage_repos 1 --rhsm.pluginconfdir /etc/rhsm/pluginconf.d --rhsm.plugindir /usr/share/rhsm-plugins --rhsm.productcertdir /etc/pki/product --rhsm.repo_ca_cert /etc/rhsm/ca/candlepin-local.pem --rhsm.report_package_profile 1 --rhsmcertd.autoattachinterval 1440 --rhsmcertd.certcheckinterval 240 --logging.default_log_level INFO
[root@server puppet]# subscription-manager config
[server]
   hostname = SAMSERVER
   insecure = [0]
   port = [443]
   prefix = /sam/api
   proxy_hostname = []
   proxy_password = []
   proxy_port = []
   proxy_user = []
   server_timeout = [180]
   ssl_verify_depth = [3]

[rhsm]
   baseurl = http://pulp.domain/pulp/repos/snapshot/latest
   ca_cert_dir = /etc/rhsm/ca
   consumercertdir = [/etc/pki/consumer]
   entitlementcertdir = [/etc/pki/entitlement]
   full_refresh_on_yum = [0]
   manage_repos = [1]
   pluginconfdir = [/etc/rhsm/pluginconf.d]
   plugindir = [/usr/share/rhsm-plugins]
   productcertdir = [/etc/pki/product]
   repo_ca_cert = /etc/rhsm/ca/candlepin-local.pem
   report_package_profile = [1]

[rhsmcertd]
   autoattachinterval = [1440]
   certcheckinterval = [240]

[logging]
   default_log_level = [INFO]

[] - Default value in use

[waveclaw]

I am not clear on what you are asking.

Most of the native types in the puppet-subscription_manager module have providers that directly wrap the /usr/sbin/subscription-manager command. Any issues with this command will impact these providers.

From your log of using subscription-manager, it appears that you have encountered a bug. For the /usr/sbin/subscription-manager config command any value setting option is ignored if there are any --remove-* options present. Only the remove options are run.

I have verified this on CentOS 7.3 and for a variety of remote and value setting options. The man pages do not indicate that this is the expected behavior.

       --remove=section.name
              Deletes  the current value for the parameter without supplying a
              new parameter. A blank value tells Subscription Manager  to  use
              service  default  values  for  that  parameter.  If there are no
              defaults, then the feature is ignored.

       --section.name=VALUE
              Sets a parameter to a new, specified  value.  This  is  commonly
              used for connection settings:

              * server.hostname (subscription management service)

              * server.proxy

              * server.proxy_port

              * server.proxy_user

              * server.proxy_password

              * rhsm.baseurl (content server)

              * rhsm.certFrequency

That is clearly a bug with the command. I can work around this by running a separate command to do any --remove-* actions, but this needs to be fixed in the command itself.