Red Hat Bugzilla – Bug 1518289
[RFE] Installing katello-ca-consumer should not restart docker, but notify of required action
Last modified: 2018-04-13 09:36:19 EDT
Description of problem: RHEL 7.4 client During the process of registering a system to Satellite, installing katello-ca-consumer-latest.noarch.rpm runs /usr/bin/katello-rhsm-consumer on postinstall. This script automatically restarts Docker. This unexpected behavior is a surprise to anyone who has Docker containers running on the system. Version-Release number of selected component (if applicable): satellite-6.2.12-6.0.el7sat.noarch How reproducible: Always Steps to Reproduce: 1. rpm -Uvh http://<satellite host>/pub/katello-ca-consumer-latest.noarch.rpm 2. 3. Actual results: Katello gets installed, but restarts the Docker service along the way. Expected results: Katello gets installed, leaving Docker service alone. Additional info:
Hello, The reason that the katello-ca-consumer script restarts docker is due to the fact that we are importing the CA into RHEL and need to make that certificate available for use with the docker services and the systems hosted by it. I think it would be logical for us to include some better documentation around that fact that this is going to happen, but we need to ensure the services is restarted so that it can properly use entitlement information derived from the Satellite.
Hi Craig, I get what you're saying. However, this process is automated for us, and for installation of katello to yank our Docker instances out from under us on production servers is very disconcerting and problematic. Could I propose instead that the Docker restart is removed, and documentation include a reference to restarting Docker at the admin's earliest convenience? Thanks!
Thank you, and I understand your position. We agree that this action probably should not be taken on your behalf, so I am converting this to an RFE for the katello-bootstrap package (via certificates) and we are proposing that the path forward be to detect a running docker service on the host of install, and notify via terminal/cli where the action occurs that a service restart will be required to consume entitlements for those hosts.
A very strong +1 on this one. I just spent a few hours trying to figure out how our Satellite registration playbook caused an OpenShift outage. :(
It appears this was fixed in upstream Katello, Satellite just needs to catch up. https://github.com/theforeman/puppet-certs/pull/156 https://github.com/theforeman/puppet-certs/blob/master/templates/rhsm-katello-reconfigure.erb If we're not moving to a sufficient version of Katello in 6.3, then it should be backported.
Upstream bug assigned to stbenjam@redhat.com
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/19271 has been resolved.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1127