Bug 1590405

Summary: [GSS] RHGSWA ansible playbook runs yum update
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Cal Calhoun <ccalhoun>
Component: web-admin-tendrl-ansibleAssignee: Nishanth Thomas <nthomas>
Status: CLOSED ERRATA QA Contact: Daniel Horák <dahorak>
Severity: medium Docs Contact:
Priority: medium    
Version: rhgs-3.3CC: bkunal, dahorak, mbukatov, nthomas, rghatvis, rhs-bugs, sankarshan
Target Milestone: ---   
Target Release: RHGS 3.4.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: tendrl-ansible-1.6.3-5.el7rhgs Doc Type: Bug Fix
Doc Text:
Cause: tendrl-ansible runs "yum update" by default and all involved systems were updated with latest packages Consequence: unintentional patching of OS/service occurs which not desirable for production systems Fix: Drop the "yum update" from ansible playbooks Result: tendrl-ansible does not perform unintentional package updates
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-04 07:07:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1503138    

Description Cal Calhoun 2018-06-12 14:50:49 UTC 
During installation of Red Hat Gluster Storage Web Administration per [1] it was noticed that all involved systems were updated even if it was not explicitly mentioned in the documentation.

It appears that "yum update" is a part of the site.yml.

That is undesirable for production systems because OS/service patching is treated differently.  I don't think we really want to perform unintentional patching of production systems during installation of "just" monitoring console (tendrl).

It would be better to remove the yum update from the playbook, spell it out as a prerequisite if it really is, or make it a configurable option that is clearly spelled out in the docs.

[1] https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/quick_start_guide/#web_administration_installation
Comment 2 Martin Bukatovic 2018-06-12 15:45:19 UTC 
This yum update task has been removed in upstream[1], so that next RHGS WA
version will address the problem.

Also note that the playbook is just an example, as it's stated in the file:

# This is an example of a ansible playbook to install Tendrl, automating steps
# from upstream *Tendrl Package Installation Reference*. You need to review it
# and either tweak it or use it as a starting point before installing
# Tendrl.

So the obvious tweak here is to drop the yum update. But I agree that the
yum update part should have been at least commented out in downstream.

That said, this approach with playbook example file which one needs to tweak
first *clearly failed*, so in upstream, we moved to a playbook which is both
minimal and doesn't require to be edited[2]. This change will arrive in next RHGS
WA as well.

[1] https://github.com/Tendrl/tendrl-ansible/commit/12d5cc9f41d7383557c8151fbe77103026f409d0
[2] https://github.com/Tendrl/tendrl-ansible/blob/release/1.6.3/site.yml
Comment 8 Daniel Horák 2018-07-11 12:32:48 UTC 
No "general" yum update (or equivalent command) is called neither in site.yml[1]
neither in any other playbook or role included in tendrl-ansible package.

Tested with version:
# rpm -q tendrl-ansible
  tendrl-ansible-1.6.3-5.el7rhgs.noarch

[1] /usr/share/doc/tendrl-ansible-1.6.3/site.yml

>> VERIFIED
Comment 12 errata-xmlrpc 2018-09-04 07:07:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2616