Bug 1934795 - Unsetting repository architecture restriction doesn't reach clients
Summary: Unsetting repository architecture restriction doesn't reach clients
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Repositories
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: 6.10.0
Assignee: satellite6-bugs
QA Contact: Tasos Papaioannou
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-03 20:14 UTC by Jonathon Turel
Modified: 2021-11-16 14:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-16 14:10:21 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 32008 0 Normal New Unsetting repository architecture restriction doesn't reach clients 2021-03-03 20:14:09 UTC
Red Hat Product Errata RHSA-2021:4702 0 None None None 2021-11-16 14:10:35 UTC

Description Jonathon Turel 2021-03-03 20:14:08 UTC
 ... because Candlepin never gets updated!

The candlepin db state can be verified with this query:


<pre>
SELECT product.uuid AS "Product UUID", product.name AS "Product Name", product.product_id, content.content_id, content.uuid, content.label, content.name, content.arches FROM cp_pool pool JOIN cp2_products product ON pool.product_uuid = product.uuid JOIN cp2_product_content pc ON product.uuid = pc.product_uuid JOIN cp2_content content ON content.uuid = pc.content_uuid ORDER BY product.name ASC;
</pre>

The implication of this change is that, for example: accidentally setting i386 architecture and then unsetting it will permanently lock the Content in Candlepin to i386 while the UI will show that no restriction is set because the RootRepository has the correct value. The workaround is to recreate the repo which is not ideal.

The fix should include a migration to update Candlepin to reflect whatever is currently set on the RootRepository

Comment 1 Jonathon Turel 2021-03-03 20:14:11 UTC
Created from redmine issue https://projects.theforeman.org/issues/32008

Comment 2 Jonathon Turel 2021-03-03 20:14:13 UTC
Upstream bug assigned to None

Comment 3 Jonathon Turel 2021-03-03 20:15:53 UTC
I discovered this bug while investigating https://bugzilla.redhat.com/show_bug.cgi?id=1931027 which has an identical symptom but a different root cause.

Comment 4 Jonathon Turel 2021-03-03 20:17:53 UTC
The fix for this should be relatively small and since the impact can create a very frustrating user experience (and obviously clients not being able to get their intended content is bad) I recommending porting it back through 6.7.z

Comment 5 Bryan Kearney 2021-04-15 10:44:59 UTC
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32008 has been resolved.

Comment 6 Tasos Papaioannou 2021-06-01 17:57:01 UTC
Verified on 6.10.0 snap 2.0.

Steps:

1. Create and sync a custom yum repository.
2. Edit the repository and select 'i386' in the 'Restrict to architecture' field.
3. Register and subscribe an x86_64 content host.
4. Verify that the repo is not visible:

# subscription-manager repos --list-enabled
This system has no repositories available through subscriptions.

5. Change the 'Restrict to architecture' field to 'x86_64' or 'No restriction', and verify that the host now has access to the repo:

# subscription-manager repos --list-enabled
1 local certificate has been deleted.
+----------------------------------------------------------+
    Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID:   [...]

Comment 9 errata-xmlrpc 2021-11-16 14:10:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4702


Note You need to log in before you can comment on or make changes to this bug.