Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1571998

Summary: search-disabled-repos is enabled in base rhel7 image
Product: Red Hat Enterprise Linux 7 Reporter: Dan Yocum <dyocum>
Component: subscription-managerAssignee: Nikos Moumoulidis <nmoumoul>
Status: CLOSED ERRATA QA Contact: Red Hat subscription-manager QE Team <rhsm-qe>
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: amcdermo, aos-bugs, bleanhar, dornelas, dyocum, fweimer, haowang, jhnidek, jlee, jokerman, jsefler, khowell, mmccomas, nmoumoul, nraghava, peasters, rjerrido, twiest, walters
Target Milestone: rcKeywords: EasyFix, Extras, OnlineDedicated, OpsBlocker, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: subscription-manager-1.21.5-7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 10:36:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1186913    

Comment 1 Ben Parees 2018-04-25 22:25:54 UTC 
Openshift doesn't create or maintain the base rhel7 image. 

Brenton can you push this bug in the right direction (somewhere in RHEL presumably).
Comment 2 Brian Cook 2018-04-26 00:00:07 UTC 
I can confirm this is affecting our partner build service for Red Hat Connect which runs on Openshift Dedicated.  It affects all builds that use yum, not just s2i builds.  We are only running docker strategy builds right now and any build using yum fails.
Comment 7 Dan Yocum 2018-05-09 19:55:11 UTC 
Bump.  This is affecting Openshift Dedicated Customers.
Comment 8 Colin Walters 2018-05-09 20:50:17 UTC 
# rpm -qf /usr/lib/yum-plugins/search-disabled-repos.py
subscription-manager-1.19.23-1.el7_4.x86_64
# 

AFAICS it's been there for a while, I went as far back as 
`registry.access.redhat.com/rhel7:7.2`.

I'd be fine disabling it in our containers, though it's one of those subtle things that makes the container UX different from a VM/host.

We could just
$ rm /usr/lib/yum-plugins/search-disabled-repos.py

in the container kickstart, but to really make the change persist we'd have to change subscription-manager, otherwise it'd come back on a `yum update`.
Comment 9 Kevin Howell 2018-05-17 14:15:36 UTC 
Dev, let's modify the search-disabled-repos default configuration to also blacklist HTB repos.
Comment 10 John Sefler 2018-05-17 14:31:57 UTC 
The proposed solution (as well as workaround) in comment 9 is to change the default configuration from this....

[root@jsefler-rhel7 ~]# grep "ignored_repos" -B1 /etc/yum/pluginconf.d/search-disabled-repos.conf

# Repositories matching the patterns listed in ignored_repos will not be enabled by the plugin
ignored_repos=*debug-rpms *source-rpms *beta-rpms


to this...

ignored_repos=*debug-rpms *source-rpms *beta-rpms *htb-rpms
Comment 14 John Sefler 2018-08-01 20:53:26 UTC 
Ideally I'd like to reproduce the 403 scenario described in comment 0 and demonstrate that when the s2i image includes the fixed-in-version subscription-manager-1.21.5-7, the 403 is avoided.  Unfortunately I don't know how to "Build an s2i image".  Moreover since we are post GA and the HTB repos are currently empty, a 404 makes more sense to me than a 403.  Anyway, I'll set a NEEDINFO on the bug reporter to help verify/confirm that the procedure to "Build an s2i image" is working after subscription-manager-1.21.5-7 is installed.

In the meantime I'll share this verification....

[root@jsefler-rhel7 ~]# rpm -q --whatprovides /etc/yum/pluginconf.d/search-disabled-repos.conf
subscription-manager-1.21.5-7.el7.x86_64
[root@jsefler-rhel7 ~]# rpm -q subscription-manager-1.21.5-7.el7.x86_64 --changelog | grep 1571998
- 1571998: Ignore HTB repos (nmoumoul)
[root@jsefler-rhel7 ~]# 
[root@jsefler-rhel7 ~]# cat /etc/yum/pluginconf.d/search-disabled-repos.conf
[main]
enabled=1

# With notify_only=1 this plugin does not modify yum's behaviour.
# Setting notify_only to 0 will enable yum to try to automatically resolve
# dependency errors by temporarily enabling disabled repos and searching
# for missing dependencies. If that helps resolve dependencies, yum will
# suggest to permanently enable the repositories that have helped find
# missing dependencies.
# IMPORTANT: running yum with --assumeyes (or assumeyes config option)
# will make yum automatically and without prompting the user temporarily
# enable all repositories, and if it helps resolve dependencies yum will
# permanently enable the repos that helped without prompting the user.
notify_only=1

# Repositories matching the patterns listed in ignored_repos will not be enabled by the plugin
ignored_repos=*debug-rpms *source-rpms *beta-rpms *htb-rpms
[root@jsefler-rhel7 ~]# 


VERIFIED:
I suspect that the s2i images have notify_only=0 configured, and if so, the information in the search-disabled-repos.conf above indicates that search-disabled-repos plugin will not automatically enable a ComputeNode's "rhel-7-hpc-node-htb-rpms" repo during a yum command since the default value for the ignored_repos now includes pattern "*htb-rpms" which matches all High Touch Beta repos and should solve the complaints from comment 0 on all variants of RHEL7.

CAUTION:
If yum updating the s2i images, I suspect that you will encounter this message...
warning: /etc/yum/pluginconf.d/search-disabled-repos.conf created as /etc/yum/pluginconf.d/search-disabled-repos.conf.rpmnew
If yes, then you will manually need to update the old ignored_repos configuration in /etc/yum/pluginconf.d/search-disabled-repos.conf to the new value of ignored_repos from /etc/yum/pluginconf.d/search-disabled-repos.conf.rpmnew.
Comment 16 Thomas Wiest 2018-08-02 15:56:37 UTC 
I am also no longer on the OPS team.

From what I gather above, this is what the needinfo is:
> Anyway, I'll set a NEEDINFO on the bug reporter to help verify/confirm that the procedure to "Build an s2i image" is working after subscription-manager-1.21.5-7 is installed.


I believe Narayanan Raghavan or John Goulding would be the right people to ask who on their teams should complete this task.
Comment 25 errata-xmlrpc 2018-10-30 10:36:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3153