1277974 – [RFE] errata does not function without metadata in satellite 6

Bug 1277974 - [RFE] errata does not function without metadata in satellite 6

Summary: [RFE] errata does not function without metadata in satellite 6

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Errata Management
Sub Component:
Version:	6.1.3
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-04 12:56 UTC by cmilsted
Modified:	2018-07-17 18:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-07-17 18:27:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description cmilsted 2015-11-04 12:56:19 UTC

Description of problem:

When viewing a content host, the number of errata reported seems to be based on the following:

1. The repository must be enabled on the content host (i.e. subscription-manager repos disable=rhel-7-server-rpms will change the number of reported errata for that content host)
2. The errata meta-data must be synchronised to the satellite server (i.e. if there are packages installed from the optional/epel/extras channels or similar, if we have not synchronised these entire channels to Satellite then we will not get errata reports).

This is not great and there are two options I would like to see implemented:

1. A meta-data only download for ALL red hat and non-red hat channels to allow a global view of errata to be produced.
2. if there are packages on the content host which we are not reporting on, then I would like to see an "unknown errata" count.. i.e. we have security/enhancement/bug categories, I would also like to know if there are RPMs installed on a machine for which I have no metadata to calculate this from.

Version-Release number of selected component (if applicable):

6.1.3

How reproducible:

Every time.

Steps to Reproduce:
1.Install a content host with a package from optional or extras or epel which has a known vulnerability (e.g. docker 1.6)
2.bring this host under management of a satellite server which DOES NOT have extras (or similar) synchronised.
3. You do not see that the docker package is vulnerable.

1. Add a content host to a satellite server, make sure auto attach runs and rhel-7-server-rpms is enabled or similar.
2. Navigate to hosts -> content host and note that there are errata count for the content host.
3. On the client run subscription-manager repos disable=XXXX and then note the new errata count on the Satellite server.

Actual results:

I would expect to be notified that there are packages on the content host which we do not have metadata for and cannot calculate if there are errata applicable for this. I would also like an "errata metadata only" synchronise to fix this for at least the red hat products.

Expected results:

All packages are accounted for and I get a complete picture of errata.

Additional info:

Comment 1 Bryan Kearney 2018-07-17 18:27:02 UTC

Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the forseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.

Note You need to log in before you can comment on or make changes to this bug.