Bug 1571998 - search-disabled-repos is enabled in base rhel7 image
Summary: search-disabled-repos is enabled in base rhel7 image
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager
Version: 7.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Nikos Moumoulidis
QA Contact: Red Hat subscription-manager QE Team
URL:
Whiteboard:
Depends On:
Blocks: 1186913
TreeView+ depends on / blocked
 
Reported: 2018-04-25 22:20 UTC by Dan Yocum
Modified: 2018-10-30 10:37 UTC (History)
19 users (show)

Fixed In Version: subscription-manager-1.21.5-7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 10:36:12 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github candlepin subscription-manager pull 1842 None closed 1571998: Ignore HTB repos (ENT-533) 2020-05-11 17:03:10 UTC
Red Hat Product Errata RHBA-2018:3153 None None None 2018-10-30 10:37:43 UTC

Comment 1 Ben Parees 2018-04-25 22:25:54 UTC
Openshift doesn't create or maintain the base rhel7 image. 

Brenton can you push this bug in the right direction (somewhere in RHEL presumably).

Comment 2 Brian Cook 2018-04-26 00:00:07 UTC
I can confirm this is affecting our partner build service for Red Hat Connect which runs on Openshift Dedicated.  It affects all builds that use yum, not just s2i builds.  We are only running docker strategy builds right now and any build using yum fails.

Comment 7 Dan Yocum 2018-05-09 19:55:11 UTC
Bump.  This is affecting Openshift Dedicated Customers.

Comment 8 Colin Walters 2018-05-09 20:50:17 UTC
# rpm -qf /usr/lib/yum-plugins/search-disabled-repos.py
subscription-manager-1.19.23-1.el7_4.x86_64
# 

AFAICS it's been there for a while, I went as far back as 
`registry.access.redhat.com/rhel7:7.2`.

I'd be fine disabling it in our containers, though it's one of those subtle things that makes the container UX different from a VM/host.

We could just
$ rm /usr/lib/yum-plugins/search-disabled-repos.py

in the container kickstart, but to really make the change persist we'd have to change subscription-manager, otherwise it'd come back on a `yum update`.

Comment 9 Kevin Howell 2018-05-17 14:15:36 UTC
Dev, let's modify the search-disabled-repos default configuration to also blacklist HTB repos.

Comment 10 John Sefler 2018-05-17 14:31:57 UTC
The proposed solution (as well as workaround) in comment 9 is to change the default configuration from this....

[root@jsefler-rhel7 ~]# grep "ignored_repos" -B1 /etc/yum/pluginconf.d/search-disabled-repos.conf

# Repositories matching the patterns listed in ignored_repos will not be enabled by the plugin
ignored_repos=*debug-rpms *source-rpms *beta-rpms


to this...

ignored_repos=*debug-rpms *source-rpms *beta-rpms *htb-rpms

Comment 14 John Sefler 2018-08-01 20:53:26 UTC
Ideally I'd like to reproduce the 403 scenario described in comment 0 and demonstrate that when the s2i image includes the fixed-in-version subscription-manager-1.21.5-7, the 403 is avoided.  Unfortunately I don't know how to "Build an s2i image".  Moreover since we are post GA and the HTB repos are currently empty, a 404 makes more sense to me than a 403.  Anyway, I'll set a NEEDINFO on the bug reporter to help verify/confirm that the procedure to "Build an s2i image" is working after subscription-manager-1.21.5-7 is installed.

In the meantime I'll share this verification....

[root@jsefler-rhel7 ~]# rpm -q --whatprovides /etc/yum/pluginconf.d/search-disabled-repos.conf
subscription-manager-1.21.5-7.el7.x86_64
[root@jsefler-rhel7 ~]# rpm -q subscription-manager-1.21.5-7.el7.x86_64 --changelog | grep 1571998
- 1571998: Ignore HTB repos (nmoumoul@redhat.com)
[root@jsefler-rhel7 ~]# 
[root@jsefler-rhel7 ~]# cat /etc/yum/pluginconf.d/search-disabled-repos.conf
[main]
enabled=1

# With notify_only=1 this plugin does not modify yum's behaviour.
# Setting notify_only to 0 will enable yum to try to automatically resolve
# dependency errors by temporarily enabling disabled repos and searching
# for missing dependencies. If that helps resolve dependencies, yum will
# suggest to permanently enable the repositories that have helped find
# missing dependencies.
# IMPORTANT: running yum with --assumeyes (or assumeyes config option)
# will make yum automatically and without prompting the user temporarily
# enable all repositories, and if it helps resolve dependencies yum will
# permanently enable the repos that helped without prompting the user.
notify_only=1

# Repositories matching the patterns listed in ignored_repos will not be enabled by the plugin
ignored_repos=*debug-rpms *source-rpms *beta-rpms *htb-rpms
[root@jsefler-rhel7 ~]# 


VERIFIED:
I suspect that the s2i images have notify_only=0 configured, and if so, the information in the search-disabled-repos.conf above indicates that search-disabled-repos plugin will not automatically enable a ComputeNode's "rhel-7-hpc-node-htb-rpms" repo during a yum command since the default value for the ignored_repos now includes pattern "*htb-rpms" which matches all High Touch Beta repos and should solve the complaints from comment 0 on all variants of RHEL7.

CAUTION:
If yum updating the s2i images, I suspect that you will encounter this message...
warning: /etc/yum/pluginconf.d/search-disabled-repos.conf created as /etc/yum/pluginconf.d/search-disabled-repos.conf.rpmnew
If yes, then you will manually need to update the old ignored_repos configuration in /etc/yum/pluginconf.d/search-disabled-repos.conf to the new value of ignored_repos from /etc/yum/pluginconf.d/search-disabled-repos.conf.rpmnew.

Comment 16 Thomas Wiest 2018-08-02 15:56:37 UTC
I am also no longer on the OPS team.

From what I gather above, this is what the needinfo is:
> Anyway, I'll set a NEEDINFO on the bug reporter to help verify/confirm that the procedure to "Build an s2i image" is working after subscription-manager-1.21.5-7 is installed.


I believe Narayanan Raghavan or John Goulding would be the right people to ask who on their teams should complete this task.

Comment 25 errata-xmlrpc 2018-10-30 10:36:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3153


Note You need to log in before you can comment on or make changes to this bug.