Bug 2211944

Summary: Unable to use `rhsm` kickstart option on CentOS Stream 9
Product: Red Hat Enterprise Linux 9 Reporter: Pat Riehecky <riehecky>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED WONTFIX QA Contact: Release Test Team <release-test-team-automation>
Severity: high Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, ekohlvan, jkonecny, jstodola, jwboyer, mkolman
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-08 14:17:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2023-06-02 17:19:17 UTC 
Description of problem:
I've got a self managed Foreman/Katello server that I'm using to manage RPM content.

The documented `rhsm` kickstart option lets me connect my RHEL9 hosts to this katello server, but CentOS Stream 9 is preventing the start of org.fedoraproject.Anaconda.Modules.Subscription

Version-Release number of selected component (if applicable):
anaconda-34.25.3.1-1.el9

How reproducible:
100%

Steps to Reproduce:
1. Build a kickstart with `rhsm` set to a local katello host
2. install box
3. note subscriptions failed

Actual results:
From `journal.log`
Jun 02 11:05:27 lhc-control-01.fnal.gov org.fedoraproject.Anaconda.Boss[2244]: DEBUG:anaconda.modules.boss.module_manager.start_modules:Skip org.fedoraproject.Anaconda.Modules.Subscription. The module won't be started, because it's marked as forbidden in the Anaconda configuration files.


Expected results:
Ability to use documented kickstart options

Additional info:

https://github.com/rhinstaller/anaconda/blob/master/data/profile.d/centos.conf#LL14
https://github.com/rhinstaller/anaconda/blob/master/data/profile.d/almalinux.conf#L14
https://github.com/rhinstaller/anaconda/blob/master/data/profile.d/rocky.conf#L14
Comment 1 Jiri Konecny 2023-06-08 08:43:26 UTC 
This is easy to be fixed, it's just about removing this line: https://github.com/rhinstaller/anaconda/blob/rhel-9/data/product.d/centos-stream.conf#L11

However, this module was explicitly forbidden by you in the past :) https://github.com/rhinstaller/anaconda/pull/2546 and I'm not 100% sure what should be the correct behavior here.

Another question is, if we are able to allow registration into the custom Foreman server without enabling Red Hat CDN registration. Martin, could you please give us insights if the SubscriptionSpoke will work on CentOS Stream or what are the expected issues?
Comment 2 Martin Kolman 2023-06-08 11:30:33 UTC 
I don't think we can really change this without a strong justification - the way its currently setup is based on the assumption that RHEL => subscription module on, not RHEL => subscription module off. This results in the module being on/off essentially also setting the subscription policy for the installer.

If the module is on, we expect that you are on RHEL & you have a RHEL subscription and you want to use it & install from the CDN. The UX is setup that way & request registration.

When the module is off, we expect that you are on Fedora or Cent OS, where you can just use a close-by mirror that does not require registration.

This is what was requested for subscription support for Anaconda on RHEL.

So if we just enabled the subscription module on Cent OS, it might start behaving like RHEL essentially, requesting the user to register. This is likely not acceptable for the majority of users that don't have their own katello server to register to. 

Unlike on RHEL, there might be the closest mirror source available in the source spoke, but I think CDN might be selected in preference to it like on RHEL. Even if it didn't, CDN would still be in the source listing, which is pretty much wrong on Cent OS & would be very confusing for users.

Another issues would be testing - already on RHEL there is a lot of combinations to test and this would be yet another scenario that would have to be tested. It would also be hard to test, as unlike with the RHEL/CDN use case, it would require custom katello instance to test against.

So overall I don't think this is really doable.
Comment 4 Jiri Konecny 2023-06-08 14:17:03 UTC 
Thanks Martin for explanation and a good reasons to not go with this.

Closing this bug based on comment 2.
Comment 5 Ewoud Kohl van Wijngaarden 2023-06-27 15:14:26 UTC 
Weighing in on the Satellite perspective: this essentially means we will need to maintain two workflows. One for RHEL and one for Red Hat like operating systems. We're rarely, if ever, testing with RHEL in upstream due to how painful it is to access to RHEL, especially in public CI. Granted, today we don't have any automated kickstart testing

If we want to encourage customers to verify their workloads work on CentOS Stream, then it should be as close as possible to what RHEL is. Note we actually need to use the rhsm statement to work around bugs we otherwise encounter. I can't find the bug now, but if the kernel in EL 9 is newer than what's in the kickstart root then it refuses to boot afterwards. Having authenticated access to the full repositories is required when syncing content.

With that in mind, I'd urge you to reconsider this decision.
Comment 6 Jiri Konecny 2023-06-29 09:12:44 UTC 
Thanks for more detailed reasoning. I completely understand your reason. 
However, as you said someone needs to do this work, do the testing and have to maintain this. As described at comment 2 by Martin for us it would be pretty painful to do so, the change but also creating tests. I honestly think that by doing this, we would gain more work than what you will reduce, which doesn't look as a good decision to me.

Sorry, but in overall we don't have any other request to support this and from the Red Hat perspective it would mean more work overall even when it's done elsewhere.