Description of problem: When running a Satellite, a user *can* add external yum repos, like yum.theforeman.org or EPEL to the system. However, installing packages from those repos will quite often break Satellite. I think we should try yum-plugin-protectbase or yum-plugin-versionlock and enforce installation of *our* packages on the system. Version-Release number of selected component (if applicable): How reproducible: always (if you select the right breaking package) Steps to Reproduce: 1. install satellite 2. install qpid from EPEL Actual results: qpid is upgraded to the version from EPEL and stops working Expected results: qpid is not upgraded and is still working Additional info: http://post-office.corp.redhat.com/archives/sme-sysmgt/2017-May/msg00036.html
When implementing this bug, we might need to take into account two separate, but related use-cases, which are documented in https://bugzilla.redhat.com/show_bug.cgi?id=1459358 and https://bugzilla.redhat.com/show_bug.cgi?id=1512600 Use Case 1: =========== Prevent the user from installing packages from repositories that we don't support. An example of this is the use-case from comment #0, where a user installs qpid from EPEL, and breaks Satellite. While we explicitly tell the user to NOT use other repos in the Install Guide, we really can't prevent them. However, we should take steps to ensure that the application isn't inadvertently broken. Use Case 2: =========== Prevent the user from running 'yum update -y' and NOT also re-running the installer. Many support issues can be traced to users running 'yum -y update' and not also running the installer with the --upgrade switch. I mention both because any solution should take into account both problems.