Bug 976864
Summary: | Hosted Candlepin Instance problem with 'host-limited' enforcement | ||
---|---|---|---|
Product: | [Community] Candlepin | Reporter: | Amanda Carter <acarter> |
Component: | candlepin | Assignee: | candlepin-bugs |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 0.9 | CC: | dgoodwin |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-22 14:39:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Amanda Carter
2013-06-21 17:08:45 UTC
There's a lot of weird things going on in that account: Guest consumer: 69e4ff50-ee30-4532-a908-ccf92b62ac9c - is_guest = true - no virt.uuid, thus no host linkage - has entitlement to pool: 8a99f9843f3ddee1013f66f3260f03da - subscription ID: 2684378 - requires_host: f0cc51c0-3ac6-492e-b175-c3b8567e69f6 (HOW DID IT GET THIS?) - source_pool_id: 8a99f9843f3ddee1013f5344d5cf6e84 - can see pool: 8a99f9843f3ddee1013f66f4090c03f5 (HOW CAN IT SEE THIS?) - pool: 8a99f9843f3ddee1013f66f3260f03da - guest got entitlement to this somehow? - subscription ID: 2684378 - requires_host: f0cc51c0-3ac6-492e-b175-c3b8567e69f6 - probably the "host" here - pool: 8a99f9843f3ddee1013f5344d5cf6e84 - main pool, quantity 100, consumed = 1 - subscription ID: 2684378 - virt_limit: 1 - who bound to this to make sub-pool? - pool: 8a99f9843f3ddee1013f66f4090c03f5 - created as a result of the guest seeing and binding to the other sub-pool - it should not have been able to see ^^ - guest can see this - subscription ID: 2684378 - requires_host: 69e4ff50-ee30-4532-a908-ccf92b62ac9c (this is the guest?) I am quite sure everything can be explained by "the host restriction filter is not working". The physical system bound, created a guest pool. A guest which is not linked to that host could incorrectly see it, got an entitlement, which then created another sub-pool restricted to the guest. (which the guest can also now see) So for whatever reason, the pre_requires_host pre-entitlement rule is not working in stage. Everything seems fine in our tests and I haven't been able to reproduce even when playing with things to get the consumer looking identical to the one in stage. Still not sure what's up. More investigation. This is the first time host restricted pools have ever been tested in a host environment, so whatever this is it may have been lurking for a long time. If I register a guest with no virt.uuid (as the guest consumer above is set up), the problem surfaces. If I register with a virt.uuid, filtering suddenly kicks in and works correctly. Still unable to reproduce locally, even on RHEL 6 with exact same rhino jar as used in hosted. Problem resolved. I was testing on master (0.8.15) but 0.8.12 was what was deployed. Didn't think anything had changed in this area, but this had: // It shouldn't be possible to get a host restricted pool in hosted, but just in // case, make sure it won't be enforced if we do. if (!context.standalone) { return JSON.stringify(result); } This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Moving to closed per the updated candlepin process for bugs that have been merged or have been taken care of. |