Bug 1512600 - [RFE] Implement a yum version lock type of protections against upgrades
Summary: [RFE] Implement a yum version lock type of protections against upgrades
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Satellite Maintain
Version: Nightly
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: 6.6.0
Assignee: Martin Bacovsky
QA Contact: Jameer Pathan
URL:
Whiteboard:
Depends On:
Blocks: 1122832
TreeView+ depends on / blocked
 
Reported: 2017-11-13 15:47 UTC by Bryan Kearney
Modified: 2023-12-15 15:59 UTC (History)
14 users (show)

Fixed In Version: rubygem-foreman_maintain-0.4.2-1,foreman-installer-1.22.0-1,satellite-installer-6.6.0.14-1.beta
Doc Type: If docs needed, set a value
Doc Text:
Previously, using yum to update or install packages on the base system where Satellite is installed might have resulted in Satellite being partially updated and therefore caused conflicts. With this release, Satellite packages are locked against updates. The lock is released automatically only when you issue the `satellite-installer` command. This feature is not enabled on Capsule Server.
Clone Of:
Environment:
Last Closed: 2019-10-22 16:36:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
version_locking_issue_1 (4.75 KB, text/x-matlab)
2019-07-31 11:48 UTC, Jameer Pathan 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 26216 0 Normal Closed Implement a yum version lock type of protections against upgrades 2021-02-18 12:25:04 UTC
Foreman Issue Tracker 26409 0 Normal Closed Lock package versions after installation 2021-02-18 12:25:03 UTC
Red Hat Bugzilla 1316246 0 medium CLOSED [RFE] find out if foreman-installer --upgrade was run after yum update 2022-03-13 14:21:56 UTC
Red Hat Bugzilla 1459358 0 high CLOSED [RFE] Have a warning in Satellite 6.x that a satellite upgrade is required if a yum update only was done 2022-03-13 14:18:37 UTC
Red Hat Issue Tracker SAT-5007 0 None None None 2021-09-09 12:51:43 UTC
Red Hat Product Errata RHBA-2019:3181 0 None None None 2019-10-22 16:37:00 UTC

Internal Links: 1316246 1459358 1739389 1784403

Description Bryan Kearney 2017-11-13 15:47:52 UTC 
Breaking out part of the RFE from 

https://bugzilla.redhat.com/show_bug.cgi?id=1184568

Specifically, that there should be a version lock so that a customer can not upgrade the satellite exception through approved tools like foreman maintain.
Comment 1 Bryan Kearney 2017-11-13 15:49:27 UTC 
I am guessing that we do not need to implement all of 1512600, 1459358, and 1316246. Linking them all together so we decide which to do and then close out the others.
Comment 3 Martin Bacovsky 2019-03-04 14:56:49 UTC 
Created redmine issue https://projects.theforeman.org/issues/26216 from this bug
Comment 4 Bryan Kearney 2019-03-19 16:07:25 UTC 
Upstream bug assigned to mbacovsk
Comment 5 Bryan Kearney 2019-03-19 16:07:26 UTC 
Upstream bug assigned to mbacovsk
Comment 6 Bryan Kearney 2019-05-16 16:06:55 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26409 has been resolved.
Comment 18 Jameer Pathan 2019-07-31 11:48:57 UTC 
Created attachment 1595049 [details]
version_locking_issue_1
Comment 20 Lukas Pramuk 2019-08-06 13:31:05 UTC 
RE comment#16 and comment#17:

There are still some packages not handled by installer which are not installed by default and the locking mechanism is preventing to install these packages, e.g. foreman-dicovery-image 

Filed BZ1738199 to resolve the situation around these packages.
Comment 22 Martin Bacovsky 2019-08-09 10:28:25 UTC 
Requested release notes, Docs BZ was linked. https://bugzilla.redhat.com/show_bug.cgi?id=1739389
Comment 23 Martin Bacovsky 2019-08-09 12:15:44 UTC 
Updated Docs request
Comment 24 Jameer Pathan 2019-08-09 13:26:57 UTC 
Verified

Verified with:
- rubygem-foreman_maintain-0.4.5-1.el7sat.noarch

Version locking via yum working with foreman-maintain considering:

- Feature is locking all packages from Satellite repo, not just installed packages.
- This means lock is applied on installed package updates along with new packages from Satellite repo.

- In case user try to run katello-remove on existing satellite install then version lock still remains there and not allowing users to install packages even though repos are enabled. a bz[1] is filed to address it and workaround is there.
- Redundant options for all subcommands under package commands but its not a blocker. Bug is filed[2]

Note: currently lock is working for packages coming from Satellite repo not for everything e.g. lock for RHEL repo/custom repo is not in place for now and requires additional changes, so another RFE is filed for it[3]. And, it is not supported for capsule.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1728253
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1734766
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1728253
Comment 28 errata-xmlrpc 2019-10-22 16:36:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3181
Note You need to log in before you can comment on or make changes to this bug.