RHEL7: computers with no internet access, certificat downloaded in 2017 december, but expired now

Latest response

Hello;

I work with the contract number xxxxxx816.

In 2017, December, I have recorded on RedHat portal the 18 VM .
Then, I have downloaded the 18 pem files on a USB key.
And, with this USB key, I have install these certificate on a private network with the command :

subscription-manager import --certificat=1SIMDTPXXXXX.pem

This process was successful , the yum command was successful (no warning messages..)

But, today , the system, at local computer say me that I have no license as response to the command : #yum list

*** WARNING ***
The subscription for following product(s) has expired:
...................
- Red Hat Enterprise Linux Server
...
(full text is provided in attached text file)

Also, on the RedHat Customer portal, for all systems, the field status is : " Partiellement abonné" with "an orange star" (see also attached "screen shot")

What is the step I have missed.
I suppose , I should produced a file in my local system, and then, this file should be probably recorded on the RedHat portal.

Thank you for your anwer;
Best regard;

Pierre Soubeille
Airbus Defence & Sapce

Attachments

PS
Log in to join the conversation

Responses

R. Hinton.'s picture Guru 10133 points
17 January 2018 9:14 PM

Hello Pierre Soubeille,

I recommend you remove your email address, the contract number from the public discussion forum, & company name as well from the post you started here (above).

Pierre, it looks like from what you say, you have a private network with 18 Red Hat servers. I'm not certain, but without direct knowledge of your network constraints, I get the impression these 18 systems on a private network are not able to reach the public Internet, and therefore can not directly access Red Hat, or Red Hat's networks in order to attain updates. (I do not mean to be master of the obvious here).

Generally, when a company, or some entity has the need to provide updates for an isolated network of some form, they often select a solution such as Red Hat Satellite server, and there's a number of methods either "connected" or "disconnected" a company/agency can then provision the updates necessary for systems on a private network. Perhaps you can have the Red Hat Satellite server (nothing to do with satellites in the sky, it is the name of a product) face both the public Internet to acquire updates, and then maybe have a another network interface facing the 18 systems you speak of. Or the use of a "capsule" server. Much of what I describe here goes into the case use of a Red Hat Satellite server and it's features.

However, maybe your company/agency will allow you the freedom to let the 18 systems you speak of face the public Internet, and then you could subscribe them directly to Red Hat, and acquire updates/patches directly without the need of a Red Hat Satellite server. This will depend of course on the layout, intentions and security policies of your company. Remember this is a public forum, and keep security in mind with any details you provide. (see next paragraph).

All of the above said, please start with opening a case with Red Hat to at least initially settle the matter of the software channel expirations you've noticed, because based on what you have said in this discussion you have opened, it seems likely (I do not know definitively) that you probably have active subscriptions for these 18 systems.

So please start with opening a case with Red Hat https://access.redhat.com/support/cases/.

Regards, RJ

PS Community Member 25 points
18 January 2018 7:29 AM

Thank you very much for your detailed answer. Effectively, for security/ confidentiality of my project, my VM are not able to join RedHat Internet portal. I have not any more devices on this very-very private network. As you suggest, I have opened the CASE 02014840 Thank You Pierre S

ir. Jan Gerrit Kootstra's picture Guru 6222 points
18 January 2018 8:33 AM

All,

Are you aware that the subscription name for Oracle Java rpm's has changed to "Oracle Java Add-On". So it might be that Pierre and other in the Discussion forum need to request this new subscription and afterwards have to add a new yum repository to get Erratta. I found an article by accident.

https://access.redhat.com/solutions/732883

Regards,

Jan Gerrit Kootstra

PS Community Member 25 points
18 January 2018 8:53 AM

Hello, Thank you for your quick reply. BUT, I have mentioned Oracle, ONLY because it is the FIRST line of the WARNING message displayed by YUM LIST. It is question here of RHEL 7.3 ONLY. I have erase these line (Oracle...)

Regards; Pierre Soubeille.

R. Hinton.'s picture Guru 10133 points
18 January 2018 4:43 PM

Thanks - yeah, Pierre, it may be more efficient to contact Red Hat sales if your subscriptions have expired. (I had pointed him to RH support thinking they'd point him in the right direction.) If you merely need the Oracle Packages, see the link Jan provided https://access.redhat.com/solutions/732883.

ADDED/EDITED: however, since he mentioned (in the title of the thread) he has no internet access (with these servers it seems), I didn't suspect channels were the primary thing to initially focus on.

Thanks Jan Gerrit Kootstra

RJ

ir. Jan Gerrit Kootstra's picture Guru 6222 points
18 January 2018 9:03 AM

Hello Pierre,

Have you checked the status of your subscriptions? The error message states that the subscriptions expired.

So either you need to choose different subscription numbers to create your certificate or your internal sales people need to buy subscription renewals.

Regards,

Jan Gerrit Kootstra

PS Community Member 25 points
18 January 2018 2:37 PM

Hello;

I hare recorded the license files on the VM's on 2017-dec-20 And I have "seen" the problem yesterday. The validity of license is not of 31 days! The expiration date is at minimum 2018-dec-20 , this is displayed on my "space" into RedHat Customer portal. Thank you Pierre Soubeille.

R. Hinton.'s picture Guru 10133 points
18 January 2018 4:47 PM

Pierre,

It might be worthwhile to contact Red Hat sales as Jan Gerrit Kootstra mentioned above, to settle any issue with subscriptions. If you are doing development work, you can acquire a development license (non-production use, and you have to agree to development-use agreement with Red Hat). This might give you more time than 31 days if you are working with an evaluation. That being said, if you have a 30 day evaluation with Red Hat, you can often get it extended if you contact your sales person ( at least we have been able to do so when we are testing a product).

ADDED/EDITED: I suspect from the title of the thread these systems are not connected to the Internet (see some things I mentioned in my initial post), so if you wish to provide software channels from Red Hat or Oracle, you might have to figure a means for this.

Hope it goes well Pierre,

Thanks Jan Gerrit Kootstra

RJ

PS Community Member 25 points
21 January 2018 7:13 AM

Thank you, an Gerrit Kootstra;

My System is fully OFFLINE; It cannot reach any Internet site; It is completly isolated from any network. Imagine an HP Proliant VMWARE ESX with 2 x 8 VM inside , and it's all. No Eth cable, or Fiber or other . I have only an USB port in order to tranfer file from RedHat Custom Portal to my system.

Also, if I resume:

1/ On RedHat portal, I record a new subsription for the first system, and I download certificate from RedHat Portal to USB Key

2/ On my private system, I put the USB key and load the certificate . And then, I made the root command "subscription-manager import --certificate = / tmp / 5520565677347554457.pem"

3/ I THINK now I must recover a file frrom my system to put it on the site RedHat. How to do this "feed-back" step that goes in case, replace the automatic system login to the RedHat Customer site. is this case (no internet connection) between my site and the Redhat portal planned?

it's still very simple!

Thank You

R. Hinton.'s picture Guru 10133 points
22 January 2018 4:22 AM

HI Pierre,

Read my last paragraph first. These solution ID links I've provided seem to be for those who are facing the issue you are facing. However, it may be more efficient to sort this out with Red Hat support directly.

Sorry you're having trouble with this. I found this possible solution https://access.redhat.com/solutions/60702 that you might have already done. And here is another solution like it https://access.redhat.com/solutions/492323, but wait there's yet another link https://access.redhat.com/solutions/3121571.

One thought, as you are performing your commands to register the certificates, in a separate window run (as root)

tail -f /var/log/messages

And see if anything that might relate to the issue you're facing appears.

I think you can probably contact Red Hat support directly, and they have support people in France - and they might be able to help you sort this out more efficiently. I have never once in my life registered an offline system with PEM certificates. Make an "sosreport" (after a registration subscription-manager import attempt) -- an "sosreport" is something that helps Red Hat diagnose your system and attach it (the file) to your case. It will be located in /var/tmp/sosreport-name.number.tar.xz

Kind Regards, -RJ

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.