Red Hat Bugzilla – Bug 1277974
[RFE] errata does not function without metadata in satellite 6
Last modified: 2016-11-04 01:29:34 EDT
Description of problem:
When viewing a content host, the number of errata reported seems to be based on the following:
1. The repository must be enabled on the content host (i.e. subscription-manager repos disable=rhel-7-server-rpms will change the number of reported errata for that content host)
2. The errata meta-data must be synchronised to the satellite server (i.e. if there are packages installed from the optional/epel/extras channels or similar, if we have not synchronised these entire channels to Satellite then we will not get errata reports).
This is not great and there are two options I would like to see implemented:
1. A meta-data only download for ALL red hat and non-red hat channels to allow a global view of errata to be produced.
2. if there are packages on the content host which we are not reporting on, then I would like to see an "unknown errata" count.. i.e. we have security/enhancement/bug categories, I would also like to know if there are RPMs installed on a machine for which I have no metadata to calculate this from.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Install a content host with a package from optional or extras or epel which has a known vulnerability (e.g. docker 1.6)
2.bring this host under management of a satellite server which DOES NOT have extras (or similar) synchronised.
3. You do not see that the docker package is vulnerable.
1. Add a content host to a satellite server, make sure auto attach runs and rhel-7-server-rpms is enabled or similar.
2. Navigate to hosts -> content host and note that there are errata count for the content host.
3. On the client run subscription-manager repos disable=XXXX and then note the new errata count on the Satellite server.
I would expect to be notified that there are packages on the content host which we do not have metadata for and cannot calculate if there are errata applicable for this. I would also like an "errata metadata only" synchronise to fix this for at least the red hat products.
All packages are accounted for and I get a complete picture of errata.