Bug 2186765
| Summary: | Capsule redundantly synces *-Export-Library repos | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Pavel Moravec <pmoravec> |
| Component: | Capsule - Content | Assignee: | Samir Jha <sajha> |
| Status: | VERIFIED --- | QA Contact: | Vladimír Sedmík <vsedmik> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.12.3 | CC: | beat, iballou, paji, pcreech, sajha, vsedmik |
| Target Milestone: | 6.14.0 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Created redmine issue https://projects.theforeman.org/issues/36436 from this bug Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36436 has been resolved. |
Description of problem: When exporting complete library content (hammer content-export complete library), an auxiliary CV "Export-Library" is created, backed by auxiliary katello repositories (with pulp_id like 1-Export-Library-Library-25807266-9eb3-4361-ab75-c9a928083c6f and relative_path like RedHat/Library/Export-Library/custom/ZOO_Product/ZOO-repo). (Only?) When Library LE is assigned to a Capsule, these auxiliary repos are synchronized there, redundantly. Moreover, in some scenario I am unable to reproduce ATM, presence of these repos on Capsule can block package download from Sat to Caps, since: - the pulpcore Repo objects on the Capsule are created along with Remotee objects with some weird certs (this bit I cant reproduce but saw it at a customer) - assuming the Capsule has On Demand download policy set and a client wants to fetch a package from Capsule that is not present, the Capsule choses among *all* repos that has the RPM associated - from that list of repos, it *can* chose the 1-Export-Library repo, with wrong certs - so then Capsule requests Satellite to fetch packages with invalid certs, which fails on "[SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')]" error - when this happens, it is SUPER confusing and difficult to understand the core issue (ridiculous & offending repo on Capsule) Please prevent synchronizing the auxiliary repos to Capsules. Version-Release number of selected component (if applicable): Sat 6.11 or newer How reproducible: 100% Steps to Reproduce: 1. Have some (smaller) repos with Immediate download policy synced to Satellite 2. Run "hammer content-export complete library" to pretend ISS 3. Have Capsule associated with Library LE 4. Sync that Capsule 5. Check the Capsule has also the 1-Export-Library repos synced and available to consumers: (in pulpcore psql - in my example, I had 2 repos with Immediate download policy, both appears in the ISS export *and* also on Caps): pulpcore=# SELECT pulp_id,name FROM core_repository WHERE name LIKE '%Export-Library%'; pulp_id | name --------------------------------------+--------------------------------------------------------------- 8575a7ab-4103-43b8-91f2-aac7b8f8fed9 | 1-Export-Library-Library-beaed1e1-c3be-4ad6-a888-560278447cf2 7268423f-cab9-4cb6-885b-72273a92644f | 1-Export-Library-Library-25807266-9eb3-4361-ab75-c9a928083c6f (2 rows) pulpcore=# SELECT pulp_id,name,base_path FROM core_distribution WHERE base_path LIKE '%Export-Library%'; pulp_id | name | base_path --------------------------------------+---------------------------------------------------------------+--------------------------------------------------------------------------------- 55a4620a-cb81-4124-ad24-b82d79b19d90 | 1-Export-Library-Library-25807266-9eb3-4361-ab75-c9a928083c6f | RedHat/Library/Export-Library/custom/ZOO_Product/ZOO-repo 4213903f-1142-4eed-b189-10ef150864e6 | 1-Export-Library-Library-beaed1e1-c3be-4ad6-a888-560278447cf2 | RedHat/Library/Export-Library/content/dist/layered/rhel8/x86_64/sat-client/6/os (2 rows) pulpcore=# 6. Check the same on Satellite - there wont be any pulp repo (while distribution will be there, just for the sake of data export) Actual results: 5. shows repos synced to the Capsule, while they are not present on Satellite. MOREOVER (this deserves a new bug?): registering a client directly via sub-man, I can chose Library/Export-Library Environment - is that expected? Like: # subscription-manager register --username=admin --password=nereknu Registering to: pmoravec-caps612.satotest.redhat.com:443/rhsm Hint: User "admin" is member of following organizations: RedHat, test_org Organization: RedHat Hint: Organization "RedHat" contains following environments: Library, Library/cv_rhel8, DEV/cv_rhel8, Library/Export-Library ## <<<--- is this OK? Environment: Library/Export-Library The system has been registered with ID: f09c7f1f-1236-403c-9909-316666ca9893 .. Expected results: 5. Caps should not get the Export-Library repos synced (can a client get offered the Library/Export-Library Environment..? I really dont know..) Additional info: ibalou++ and partha++ for hints: 1) product.repositories.has_url.library.with_type(acs.content_type) I think we need to change this to: product.repositories.has_url.library.in_default_view.with_type(acs.content_type) 2) Caps sync repos to ignore shall be modified accordingly at https://github.com/Katello/katello/blob/master/app/models/katello/content_view.rb#L98 ?