Bug 2117489

Summary: not all dependencies are allowed by foreman-protector
Product: Red Hat Satellite Reporter: Evgeni Golov <egolov>
Component: Satellite MaintainAssignee: Amit Upadhye <aupadhye>
Status: CLOSED ERRATA QA Contact: Gaurav Talreja <gtalreja>
Severity: high Docs Contact:
Priority: high    
Version: 6.11.0CC: ahumbe, apatel, aupadhye, kgaikwad, pcreech
Target Milestone: 6.12.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-foreman_maintain-1.1.8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-16 13:35:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Evgeni Golov 2022-08-11 07:18:51 UTC 
Description of problem:
Ohai!

Recently, foreman-maintain gained dependencies on the PostgreSQL client and (on EL8) the nftables package, but these are not part of https://github.com/theforeman/foreman_maintain/blob/master/extras/foreman_protector/foreman-protector.whitelist

It's a bit of a chicken-and-egg problem, as during the upgrade, the config of the protector plugin from 0.8.31 is used (and that doesn't have those new deps), so I think ideally we would backport the fix to "all" relevant branches.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. install satellite 6.10 with external DB (so that there is no psql client on the machine)
2. try to install maintain for 6.11

Actual results:
Error, because PostgreSQL client can't be installed

Expected results:
Installable

Additional info:
Comment 3 Bryan Kearney 2022-09-05 16:04:44 UTC 
Upstream bug assigned to aupadhye
Comment 4 Bryan Kearney 2022-09-05 16:04:46 UTC 
Upstream bug assigned to aupadhye
Comment 8 Evgeni Golov 2022-10-04 08:17:56 UTC 
I think this BZ should be failedQA, using the following reproducer:

- install an empty EL8 system (no satellite, no nothing)
- add Satellite repositories etc
- install rubygem-foreman_maintain-1.0.8-1.el8sat.noarch (https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1987491) - this is the first version that has working DNF version locking but does not yet pull in the PostgreSQL client
- try to upgrade to any newer foreman maintain version

I got the following error:
[root@27c6bb51f1d4 ~]# dnf upgrade
Last metadata expiration check: 0:02:19 ago on Tue Oct  4 08:05:19 2022.
Reading Foreman protector configuration
*** Excluded total: 31179

WARNING: Excluding 31179 packages due to foreman-protector. 
Use foreman-maintain packages install/update <package> 
to safely install packages without restrictions.
Use foreman-maintain upgrade run for full upgrade.

Error: 
 Problem: package rubygem-foreman_maintain-1:1.1.1-3.el8.noarch requires /usr/bin/psql, but none of the providers can be installed
  - cannot install the best update candidate for package rubygem-foreman_maintain-1:1.0.8-1.el8.noarch
  - package postgresql-10.15-1.module_el8.4.0+579+22c56897.x86_64 is filtered out by modular filtering
  - package postgresql-10.17-1.module_el8.5.0+827+770862af.x86_64 is filtered out by modular filtering
  - package postgresql-10.17-2.module_el8.5.0+865+7313c562.x86_64 is filtered out by modular filtering
  - package postgresql-10.17-3.module_el8.6.0+1010+2420cadb.x86_64 is filtered out by modular filtering
  - package postgresql-10.19-1.module_el8.6.0+1047+4202cf9a.x86_64 is filtered out by modular filtering
  - package postgresql-12.11-2.module_el8.6.0+1153+eb826827.x86_64 is filtered out by exclude filtering
  - package postgresql-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 is filtered out by exclude filtering
  - package postgresql-12.7-1.module_el8.5.0+824+97f05ace.x86_64 is filtered out by exclude filtering
  - package postgresql-12.7-1.module_el8.5.0+842+bf20b04a.x86_64 is filtered out by exclude filtering
  - package postgresql-12.7-2.module_el8.5.0+864+9657bf3a.x86_64 is filtered out by exclude filtering
  - package postgresql-12.7-3.module_el8.6.0+1011+54cac4e8.x86_64 is filtered out by exclude filtering
  - package postgresql-12.9-3.module_el8.6.0+1043+60b632d3.x86_64 is filtered out by exclude filtering
  - package postgresql-13.2-1.module_el8.4.0+701+c3c42fce.x86_64 is filtered out by modular filtering
  - package postgresql-13.3-1.module_el8.5.0+825+b0b60c92.x86_64 is filtered out by modular filtering
  - package postgresql-13.3-1.module_el8.5.0+843+2fa7d82b.x86_64 is filtered out by modular filtering
  - package postgresql-13.3-2.module_el8.5.0+866+90b85912.x86_64 is filtered out by modular filtering
  - package postgresql-13.3-3.module_el8.6.0+1012+fa58b3a3.x86_64 is filtered out by modular filtering
  - package postgresql-13.5-2.module_el8.6.0+1044+ed943ce5.x86_64 is filtered out by modular filtering
  - package postgresql-13.7-2.module_el8.6.0+1152+d0162c0a.x86_64 is filtered out by modular filtering
  - package postgresql-9.6.20-1.module_el8.4.0+596+7b942f86.x86_64 is filtered out by modular filtering
  - package postgresql-9.6.22-1.module_el8.5.0+826+29c1ad77.x86_64 is filtered out by modular filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Next we update /etc/dnf/plugins/foreman-protector.whitelist with the contents of https://github.com/theforeman/foreman_maintain/pull/639/files to simulate the fix being back-ported to 0.8 and 1.0 series and re-try the upgrade.
Same error occurs, as the PR allowed nftables for EL8 and psql for EL7 but not psql for EL8

Adding the following lines fixed the issue for me:
# el8 postgres
postgresql
libpq
Comment 9 Evgeni Golov 2022-10-04 08:19:57 UTC 
I posted a patch in https://github.com/theforeman/foreman_maintain/pull/647
Comment 11 Brad Buckingham 2022-10-06 12:56:01 UTC 
The patch posted in comment 9 is now merged.  Thanks Evgeni!
Comment 12 Gaurav Talreja 2022-10-10 19:15:55 UTC 
Verified.

Tested on Satellite 6.12.0 Snap 14.0
Version: rubygem-foreman_maintain-1.1.8-1.el8sat.noarch

Steps:
For EL7, followed steps as mentioned in description or in comment10,
For EL8, followed steps as mentioned in comment8, Setup empty EL8 system machine where installed mentioned old f-m version from upstream repo of foreman 3.1 (as brew is down due to outage), and applied patch of foreman-protector.whitelist from 6.12 f-m rpm, Enable 6.12 repos and try to upgrade to any newer foreman maintain version

Observation:
foreman maintain package upgrade to any newer version works perfectly without --disableplugin=foreman-protector for both EL7/EL8

In comment10, In wget command earlier, I mentioned wrong path for applying patch of foreman-protector.whitelist, correcting here,
# wget -O /etc/yum/pluginconf.d/foreman-protector.whitelist https://raw.githubusercontent.com/theforeman/foreman_maintain/master/extras/foreman_protector/foreman-protector.whitelist

Evgeni, Amit, Thank you for all your assistance with this BZ.


Thanks,
Gaurav
Comment 16 errata-xmlrpc 2022-11-16 13:35:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8506