1869865 – [RFE] Include check to identify or alert user of any non Red Hat rpms installed on Satellite or Capsule Server

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1869865 - [RFE] Include check to identify or alert user of any non Red Hat rpms installed on Satellite or Capsule Server

Summary: [RFE] Include check to identify or alert user of any non Red Hat rpms install...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Satellite Maintain
Sub Component:
Version:	6.8.0
Hardware:	All
OS:	All
Priority:	high
Severity:	medium
Target Milestone:	6.10.0
Assignee:	Amit Upadhye
QA Contact:	Gaurav Talreja
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-08-18 20:02 UTC by anerurka
Modified:	2024-10-01 16:46 UTC (History)
CC List:	11 users (show)
Fixed In Version:	rubygem-foreman_maintain-0.8.2
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-16 13:48:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	32424	Normal	Closed	[RFE] Include check to identify or alert user of any non Red Hat rpms installed on Satellite or Capsule Server	2021-05-20 14:11:56 UTC
Github	SatelliteQE testfm pull 256	None	Merged	Add test for BZ-1869865	2021-11-08 10:19:21 UTC
Red Hat Knowledge Base (Solution)	6255471	None	None	None	2021-08-11 06:49:21 UTC
Red Hat Product Errata	RHBA-2021:4697	None	None	None	2021-11-16 13:48:14 UTC

Description anerurka 2020-08-18 20:02:54 UTC

Description of problem:

[RFE] Include check to identify and/or alert user, of any non Red Hat rpms and/or rpms from Optional/Extras repo installed on Sat or Cap Server.

At present satellite maintain identifies non Red Hat repositories but not the already installed rpms. 

Version-Release number of selected component (if applicable):
Red Hat Satellite 6.x
rubygem-foreman_maintain-0.6.8-1.el7sat.noarch
satellite-maintain-0.0.1-1.el7sat.noarch


How reproducible:
Always


Steps to Reproduce:
1. # satellite-maintain upgrade check --target-version 6.8.z

Actual results:

Does not check if any non Red Hat packages are installed

Expected results:

Should check if any non Red Hat packages are installed

Additional info:

Users may sometimes proceed with upgrading satellite which has different vendor [non Red Hat]. 

Such a situation sometimes leads to installer execution failing/stalled due to unknown reasons and complex troubleshooting.

Identifying such a situation proactively with satellite-maintain, will ensure that user do not proceed with the Sat/Cap upgrade unless these rpms are removed or installed from default repos.

Comment 2 Sean O'Keeffe 2020-09-04 14:57:11 UTC

Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support.
Thank you

Comment 4 Sean O'Keeffe 2020-09-09 09:31:45 UTC

Ameya,

Could you create a new RFE along the lines of "Clearer error message when setup.noarch fails" with the context you have included above?

Thanks,
Sean

Comment 11 Mike McCune 2021-01-29 17:01:24 UTC

If we limit this to just a check in 'satellite-maintain' that is only a WARNING, I can see the value to quicken troubleshooting. As example of how this may work, we can do a check of vendors from RPM and filtering out the expected non-Red Hat rpms, from one of my lab Satellites:

# rpm -qa --qf '%{NAME}: %{VENDOR}\n' | grep -v 'Red Hat' | sort 

gpg-pubkey: (none)
gpg-pubkey: (none)
htop: Fedora Project
java-client: None
katello-default-ca: None
katello-server-ca: None
localhost-tomcat: None
pulp-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-apache: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-proxy-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-foreman-proxy: None
sat-r220-10.lab.eng.rdu2.redhat.com-puppet-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-broker: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-client-cert: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-router-client: None
sat-r220-10.lab.eng.rdu2.redhat.com-qpid-router-server: None

The one from the above example we would warn on is 'htop', as the other 'None' vendors are internal RPMs built for this host as part of the OS + Satellite. So, say we warn/error on htop:

"htop: Fedora Project"

So, we build in a check into 'satellite-maintain' to find these types of packages:


# satellite-maintain upgrade check --target-version=6.8.z
Checking for new version of satellite-maintain...
Nothing to update, can't find new version of satellite-maintain.
Running preparation steps required to run the next scenarios
================================================================================
Check whether system has any non Red Hat repositories (e.g.: EPEL) enabled: 
- Checking repositories enabled on the system                                              
                                                              [OK]      
--------------------------------------------------------------------------------
Check whether system has any non Red Hat RPMs installed (e.g.: EPEL, Fedora) 
- Checking packages installed                                 [WARN] 
     
 * Found unexpected non-Red Hat package (name: vendor): 
                                         htop: Fedora Project


Running Checks before upgrading to Satellite 6.8.z
================================================================================
Clean old Kernel and initramfs files from tftp-boot:                  [OK]
--------------------------------------------------------------------------------
Check number of fact names in database:                               [OK]
--------------------------------------------------------------------------------
Check whether all services are running:                               [OK]
--------------------------------------------------------------------------------
...


We would not want to exit out with an ERROR and force a --whitelist for this scenario because the user may wish to have this package, that has no effect on Satellite, installed on their system. This is likely very common and we are not likely to try and play 'whack-a-mole' on specific packages that may cause incompatibilities by maintaining a hard coded list. 

Will this type of check provide enough value to reduce customer issues?

Comment 14 Ashish Humbe 2021-02-11 17:54:46 UTC

I agree with Mike's suggestion, we do not want to break the upgrade for any third party packages. Just a warning message makes sense because it will help the support team in troubleshooting issues by looking at the output.

Comment 15 Bryan Kearney 2021-05-10 09:13:59 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32424 has been resolved.

Comment 16 Gaurav Talreja 2021-06-10 10:18:00 UTC

Hi, 

Well so we have a new check with the label "non-RH-packages", but it also checks for ansible-runner related packages `python2-ansible-runner-1.4.7-1.el7.noarch` and `ansible-runner-1.4.7-1.el7.noarch`, which (I'm not sure) are installed from the satellite installer, so it throws warnings in health/upgrade check and returns return code 78, even after successful upgrade check.

# foreman-maintain health check --label non-rh-packages
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check if system has any non Red Hat RPMs installed (e.g.: Fedora):    [WARNING]
Found 2 unexpected non Red Hat Package(s) installed!
Package : Vendor
python2-ansible-runner-1.4.7-1.el7.noarch : (none)
ansible-runner-1.4.7-1.el7.noarch : (none)
--------------------------------------------------------------------------------
Scenario [ForemanMaintain::Scenario::FilteredScenario] failed.

The following steps ended up in warning state:

  [non-rh-packages]

The steps in warning state itself might not mean there is an error,
but it should be reviewed to ensure the behavior is expected


Hence moving this back to the ASSIGNED state.

Comment 17 Amit Upadhye 2021-06-10 11:13:51 UTC

Hello Mike,

Practically ansible-runner packages are non Red Hat. I like to know if we should skip these packages from check or let the foreman-maintain show those aren't from Red Hat?

# yum list installed | grep ansible-runner
ansible-runner.noarch                    1.4.7-1.el7         @ansible-runner    
python2-ansible-runner.noarch            1.4.7-1.el7         @ansible-runner
_
Amit Upadhye.

Comment 18 Amit Upadhye 2021-06-16 09:03:27 UTC

Considering the idea was to exclude all packages with None as vendor should be skipped; I have added change to skip reported two ansible packages.

Comment 19 Evgeni Golov 2021-06-16 10:02:15 UTC

Uh, those are not the ansible runner versions we ship.

You should see
ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm

Especially: it shall have el7ar as the dist, not el7.

Comment 20 Gaurav Talreja 2021-07-29 09:02:46 UTC

Verified.

Tested on Satellite 6.10.0 Snap 10.0
Version: rubygem-foreman_maintain-0.8.7-1.el7sat.noarch

Setup:
1. Enable any custom repo and install any non-RH packages

Steps:
1. foreman-maintain upgrade check --target-version 6.10.z
OR
1. foreman-maintain health check --label non-rh-packages

Observation:
`non-rh-packages` check, verifies the presence of non-RH packages/custom packages and warns the user with packages/vendors.

Comment 23 errata-xmlrpc 2021-11-16 13:48:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Satellite 6.10 Satellite Maintenance Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4697

Comment 24 Red Hat Bugzilla 2023-09-15 00:46:34 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.