Bug 1341760

Summary: docker should require package subscription-manager-plugin-container, not subscription-manager
Product: Red Hat Enterprise Linux 7 Reporter: John Sefler <jsefler>
Component: dockerAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: dgoodwin, dwalsh, khowell, lsm5, lsu
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: docker-1.12.2-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1367854 1454371 (view as bug list) Environment:
Last Closed: 2017-01-17 20:43:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1454371    

Description John Sefler 2016-06-01 17:32:41 UTC 
Description of problem:
I noticed that package docker now requires package subscription-manager.
Technically docker should require subscription-manager-plugin-container (which in turn already requires subscription-manager).  Package subscription-manager-plugin-container is where the magic is done to share entitlements from the docker host with its running containers.


Version-Release number of selected component (if applicable):
[root@jsefler-rhel7 ~]# rpm -q docker
docker-1.8.2-8.el7.x86_64


How reproducible:


Steps to Reproduce:
[root@jsefler-rhel7 ~]# rpm --query docker --requires
/bin/bash
/bin/sh
/bin/sh
/bin/sh
/bin/sh
config(docker) = 1.8.2-8.el7
device-mapper-libs >= 7:1.02.90-1
docker-selinux >= 1.8.2-8.el7
libc.so.6()(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.9)(64bit)
libdevmapper.so.1.02()(64bit)
libdevmapper.so.1.02(Base)(64bit)
libpthread.so.0()(64bit)
libpthread.so.0(GLIBC_2.2.5)(64bit)
libsqlite3.so.0()(64bit)
lvm2 >= 2.02.112
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
selinux-policy >= 3.13.1-23
subscription-manager
systemd
systemd
systemd
xfsprogs
xz
rpmlib(PayloadIsXz) <= 5.2-1



Actual results:
  above

Expected results:
  replace "subscription-manager" with "subscription-manager-plugin-container"




Additional info:
subscription-manager-plugin-container in turn requires subscription-manager
[root@jsefler-rhel7 ~]# rpm --query subscription-manager-plugin-container --requires
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PartialHardlinkSets) <= 4.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
subscription-manager = 1.15.9-15.el7
rpmlib(PayloadIsXz) <= 5.2-1
Comment 2 Daniel Walsh 2016-06-01 19:39:59 UTC 
Lokesh can you update this.
Comment 3 John Sefler 2016-08-17 12:45:33 UTC 
I am having some second thoughts on this and would like an opinion from one of the original sub-man developers to determine if docker should require subscription-manager or subscription-manager-plugin-container.

After some experimenting, subscription-manager-plugin-container package does not appear to be a requirement for an entitled host to share it's entitlement with a running docker container.

So what is the purpose of package subscription-manager-plugin-container?  Is it only needed to pull docker images from a red hat registry?
Comment 4 Devan Goodwin 2016-08-17 15:19:19 UTC 
To the best of my recollection, the container plugin configures Docker to be able to pull from our registry, however last I heard we do not currently enforce authentication, so today it may not seem required and would make no difference. I don't know where efforts stand on enabling cert auth in the prod registry. However it's probably a good idea to get that dep in there if possible.

Then there's the question of being able to use yum in the containers themselves, but I think this is implemented externally to the plugin as an actual patch to Docker itself? (memory is getting a little fuzzy here, but I think the plugin is just for configuring Docker to be able to pull from the registry)
Comment 5 John Sefler 2016-08-17 16:02:53 UTC 
Thank you Devan for confirming my observations and understanding.

Therfore, updating docker to require subscription-manager-plugin-container would be making a proactive future fix for enabling cert auth to the production registry that is not immediately necessary today.
Comment 6 Lokesh Mandvekar 2016-08-17 16:19:51 UTC 
This change will go in for 7.3.0 for docker, and I'm cloning this bug for docker-latest in 7.2.7 extras
Comment 7 Daniel Walsh 2016-08-19 21:02:20 UTC 
Lokesh can we move this to the modified state?
Comment 9 Luwen Su 2016-11-10 09:07:58 UTC 
This is fixed in docker-1.12.3-4.el7.x86_64, move to verified
Comment 11 errata-xmlrpc 2017-01-17 20:43:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0116.html
Comment 13 Daniel Walsh 2017-02-20 18:26:28 UTC 
Lokesh, looks like subscription-manager-plugin-container is not required, can you fix this in the docker we are about to ship?
Comment 14 Kevin Howell 2017-05-15 15:59:10 UTC 
We were reviewing bug 1422196 (related to this bug), and noted that this one (bug 1341760) is still in a confusing state... Lokesh, can you clarify whether this has been fixed, and in what version if it has?
Comment 15 Red Hat Bugzilla 2023-09-14 03:26:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days