Bug 976864
| Summary: | Hosted Candlepin Instance problem with 'host-limited' enforcement | ||
|---|---|---|---|
| Product: | [Community] Candlepin | Reporter: | Amanda Carter <acarter> |
| Component: | candlepin | Assignee: | candlepin-bugs |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 0.9 | CC: | dgoodwin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-22 14:39:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
There's a lot of weird things going on in that account:
Guest consumer: 69e4ff50-ee30-4532-a908-ccf92b62ac9c
- is_guest = true
- no virt.uuid, thus no host linkage
- has entitlement to pool: 8a99f9843f3ddee1013f66f3260f03da
- subscription ID: 2684378
- requires_host: f0cc51c0-3ac6-492e-b175-c3b8567e69f6 (HOW DID IT GET THIS?)
- source_pool_id: 8a99f9843f3ddee1013f5344d5cf6e84
- can see pool: 8a99f9843f3ddee1013f66f4090c03f5 (HOW CAN IT SEE THIS?)
- pool: 8a99f9843f3ddee1013f66f3260f03da
- guest got entitlement to this somehow?
- subscription ID: 2684378
- requires_host: f0cc51c0-3ac6-492e-b175-c3b8567e69f6
- probably the "host" here
- pool: 8a99f9843f3ddee1013f5344d5cf6e84
- main pool, quantity 100, consumed = 1
- subscription ID: 2684378
- virt_limit: 1
- who bound to this to make sub-pool?
- pool: 8a99f9843f3ddee1013f66f4090c03f5
- created as a result of the guest seeing and binding to the other sub-pool
- it should not have been able to see ^^
- guest can see this
- subscription ID: 2684378
- requires_host: 69e4ff50-ee30-4532-a908-ccf92b62ac9c (this is the guest?)
I am quite sure everything can be explained by "the host restriction filter is not working". The physical system bound, created a guest pool. A guest which is not linked to that host could incorrectly see it, got an entitlement, which then created another sub-pool restricted to the guest. (which the guest can also now see)
So for whatever reason, the pre_requires_host pre-entitlement rule is not working in stage.
Everything seems fine in our tests and I haven't been able to reproduce even when playing with things to get the consumer looking identical to the one in stage. Still not sure what's up.
More investigation. This is the first time host restricted pools have ever been tested in a host environment, so whatever this is it may have been lurking for a long time. If I register a guest with no virt.uuid (as the guest consumer above is set up), the problem surfaces. If I register with a virt.uuid, filtering suddenly kicks in and works correctly. Still unable to reproduce locally, even on RHEL 6 with exact same rhino jar as used in hosted. Problem resolved. I was testing on master (0.8.15) but 0.8.12 was what was deployed. Didn't think anything had changed in this area, but this had:
// It shouldn't be possible to get a host restricted pool in hosted, but just in
// case, make sure it won't be enforced if we do.
if (!context.standalone) {
return JSON.stringify(result);
}
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Moving to closed per the updated candlepin process for bugs that have been merged or have been taken care of. |
Description of problem: Hosted candlepin now supports the setting 'host-limited' on a subscription/pool. I can see that no guests for these subscriptions are created by default and that when I attach a host-limited physical subscription it opens up a virt sub pool. The problem is that the sub-pool appears to be available to any guest on the account rather than only to guests of the host that consumed the physical. Version-Release number of selected component (if applicable): 0.8.12 (?) -- Candlepin in Stage How reproducible: Use account 2013sku / redhat in stage {access.stage.redhat.com/management} to manually create a physical system, attach a subscription to it (please use the self-support subscription, the others are not working properly). Then create a virtual system manually and view the virt pools available to it. You should see the guest created from the physical you used. Since this virt system is not associated with the physical, it should not be able to see that virt pool.