Bug 1869865
| Summary: | [RFE] Include check to identify or alert user of any non Red Hat rpms installed on Satellite or Capsule Server | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | anerurka |
| Component: | Satellite Maintain | Assignee: | Amit Upadhye <aupadhye> |
| Status: | CLOSED ERRATA | QA Contact: | Gaurav Talreja <gtalreja> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.8.0 | CC: | ahumbe, apatel, aupadhye, egolov, ehelms, janarula, kgaikwad, marcsilv, mmccune, sokeeffe, thadzhie |
| Target Milestone: | 6.10.0 | Keywords: | FutureFeature, PrioBumpGSS, Reopened, Triaged |
| Target Release: | Unused | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | rubygem-foreman_maintain-0.8.2 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-16 13:48:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
anerurka
2020-08-18 20:02:54 UTC
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you Ameya, Could you create a new RFE along the lines of "Clearer error message when setup.noarch fails" with the context you have included above? Thanks, Sean If we limit this to just a check in 'satellite-maintain' that is only a WARNING, I can see the value to quicken troubleshooting. As example of how this may work, we can do a check of vendors from RPM and filtering out the expected non-Red Hat rpms, from one of my lab Satellites:
# rpm -qa --qf '%{NAME}: %{VENDOR}\n' | grep -v 'Red Hat' | sort
gpg-pubkey: (none)
gpg-pubkey: (none)
htop: Fedora Project
java-client: None
katello-default-ca: None
katello-server-ca: None
localhost-tomcat: None
pulp-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-apache: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-proxy-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-proxy: None
sat-r220-10.lab.eng.rdu2.redhat.com-puppet-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-broker: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-client-cert: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-router-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-router-server: None
The one from the above example we would warn on is 'htop', as the other 'None' vendors are internal RPMs built for this host as part of the OS + Satellite. So, say we warn/error on htop:
"htop: Fedora Project"
So, we build in a check into 'satellite-maintain' to find these types of packages:
# satellite-maintain upgrade check --target-version=6.8.z
Checking for new version of satellite-maintain...
Nothing to update, can't find new version of satellite-maintain.
Running preparation steps required to run the next scenarios
================================================================================
Check whether system has any non Red Hat repositories (e.g.: EPEL) enabled:
- Checking repositories enabled on the system
[OK]
--------------------------------------------------------------------------------
Check whether system has any non Red Hat RPMs installed (e.g.: EPEL, Fedora)
- Checking packages installed [WARN]
* Found unexpected non-Red Hat package (name: vendor):
htop: Fedora Project
Running Checks before upgrading to Satellite 6.8.z
================================================================================
Clean old Kernel and initramfs files from tftp-boot: [OK]
--------------------------------------------------------------------------------
Check number of fact names in database: [OK]
--------------------------------------------------------------------------------
Check whether all services are running: [OK]
--------------------------------------------------------------------------------
...
We would not want to exit out with an ERROR and force a --whitelist for this scenario because the user may wish to have this package, that has no effect on Satellite, installed on their system. This is likely very common and we are not likely to try and play 'whack-a-mole' on specific packages that may cause incompatibilities by maintaining a hard coded list.
Will this type of check provide enough value to reduce customer issues?
I agree with Mike's suggestion, we do not want to break the upgrade for any third party packages. Just a warning message makes sense because it will help the support team in troubleshooting issues by looking at the output. Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32424 has been resolved. Hi, Well so we have a new check with the label "non-RH-packages", but it also checks for ansible-runner related packages `python2-ansible-runner-1.4.7-1.el7.noarch` and `ansible-runner-1.4.7-1.el7.noarch`, which (I'm not sure) are installed from the satellite installer, so it throws warnings in health/upgrade check and returns return code 78, even after successful upgrade check. # foreman-maintain health check --label non-rh-packages Running ForemanMaintain::Scenario::FilteredScenario ================================================================================ Check if system has any non Red Hat RPMs installed (e.g.: Fedora): [WARNING] Found 2 unexpected non Red Hat Package(s) installed! Package : Vendor python2-ansible-runner-1.4.7-1.el7.noarch : (none) ansible-runner-1.4.7-1.el7.noarch : (none) -------------------------------------------------------------------------------- Scenario [ForemanMaintain::Scenario::FilteredScenario] failed. The following steps ended up in warning state: [non-rh-packages] The steps in warning state itself might not mean there is an error, but it should be reviewed to ensure the behavior is expected Hence moving this back to the ASSIGNED state. Hello Mike, Practically ansible-runner packages are non Red Hat. I like to know if we should skip these packages from check or let the foreman-maintain show those aren't from Red Hat? # yum list installed | grep ansible-runner ansible-runner.noarch 1.4.7-1.el7 @ansible-runner python2-ansible-runner.noarch 1.4.7-1.el7 @ansible-runner _ Amit Upadhye. Considering the idea was to exclude all packages with None as vendor should be skipped; I have added change to skip reported two ansible packages. Uh, those are not the ansible runner versions we ship. You should see ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm Especially: it shall have el7ar as the dist, not el7. Verified. Tested on Satellite 6.10.0 Snap 10.0 Version: rubygem-foreman_maintain-0.8.7-1.el7sat.noarch Setup: 1. Enable any custom repo and install any non-RH packages Steps: 1. foreman-maintain upgrade check --target-version 6.10.z OR 1. foreman-maintain health check --label non-rh-packages Observation: `non-rh-packages` check, verifies the presence of non-RH packages/custom packages and warns the user with packages/vendors. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Satellite 6.10 Satellite Maintenance Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4697 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |