Description of problem: On the external capsule server upgraded from 6.9 to 6.10, qpid is not getting removed through # satellite-installer --foreman-proxy-content-enable-katello-agent false Actual results: # rpm -qa satellite-capsule satellite-capsule-6.9.9-1.el7sat.noarch # netstat -antpl|egrep -i '5646|5647|5671|5672' tcp 0 0 127.0.0.1:5671 0.0.0.0:* LISTEN 7568/qpidd tcp 0 0 127.0.0.1:5672 0.0.0.0:* LISTEN 7568/qpidd tcp 0 0 0.0.0.0:5647 0.0.0.0:* LISTEN 7528/qdrouterd # nmap --script +ssl-enum-ciphers localhost -p 5671| grep -e weak -e TLSv -e SSLv | TLSv1.0: | TLSv1.1: | TLSv1.2: # rpm -qf /etc/qpid/qpidd.conf qpid-cpp-server-1.36.0-32.el7_9amq.x86_64 # systemctl status qpidd.service ● qpidd.service - An AMQP message broker daemon. Loaded: loaded (/usr/lib/systemd/system/qpidd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/qpidd.service.d └─90-limits.conf, wait-for-port.conf Active: active (running) since Sun 2022-06-26 14:22:10 EDT; 2 weeks 1 days ago # foreman-maintain service status -b | displaying qdrouterd [OK] | displaying qpidd [OK] --------------------------- External capsule upgraded to 6.10 from 6.9 --------------------------- # rpm -qa satellite-capsule satellite-capsule-6.10.7-1.el7sat.noarch # netstat -antpl|egrep -i '5646|5647|5671|5672' tcp 0 0 127.0.0.1:5671 0.0.0.0:* LISTEN 1202/qpidd tcp 0 0 127.0.0.1:5672 0.0.0.0:* LISTEN 1202/qpidd tcp 0 0 0.0.0.0:5647 0.0.0.0:* LISTEN 1200/qdrouterd # systemctl status qpidd.service ● qpidd.service - An AMQP message broker daemon. Loaded: loaded (/usr/lib/systemd/system/qpidd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/qpidd.service.d └─90-limits.conf, wait-for-port.conf Active: active (running) since Tue 2022-07-12 13:29:25 EDT; 2h 52min ago # systemctl status qdrouterd.service ● qdrouterd.service - Qpid Dispatch router daemon Loaded: loaded (/usr/lib/systemd/system/qdrouterd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/qdrouterd.service.d └─90-limits.conf Active: active (running) since Tue 2022-07-12 13:28:56 EDT; 2h 58min ago # grep enable_katello_agent /etc/foreman-installer/scenarios.d/capsule-answers.yaml enable_katello_agent: true # foreman-maintain service status -b rh-redis5-redis, postgresql, pulpcore-api, pulpcore-content, pulpcore-worker, pulpcore-worker, goferd, httpd, puppetserver, foreman-proxy | displaying rh-redis5-redis [OK] | displaying postgresql [OK] | displaying pulpcore-api [OK] | displaying pulpcore-content [OK] | displaying pulpcore-worker [OK] | displaying pulpcore-worker [OK] | displaying goferd [OK] | displaying httpd [OK] | displaying puppetserver [OK] | displaying foreman-proxy [OK] Then, I ran the below command to disable qdrouterd and qpid, according to https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html-single/upgrading_and_updating_red_hat_satellite/index#post_upgrade_tasks # satellite-installer --foreman-proxy-content-enable-katello-agent false 2022-07-12 16:51:36 [DEBUG ] [configure] Executing: '/bin/yum -y erase qpid-dispatch-router' # grep enable_katello_agent /etc/foreman-installer/scenarios.d/capsule-answers.yaml enable_katello_agent: false # netstat -antpl|egrep -i '5646|5647|5671|5672' tcp 0 0 127.0.0.1:5671 0.0.0.0:* LISTEN 1202/qpidd tcp 0 0 127.0.0.1:5672 0.0.0.0:* LISTEN 1202/qpidd # systemctl status qdrouterd.service Unit qdrouterd.service could not be found. # systemctl status qpidd.service ● qpidd.service - An AMQP message broker daemon. Loaded: loaded (/usr/lib/systemd/system/qpidd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/qpidd.service.d └─90-limits.conf, wait-for-port.conf Active: active (running) since Tue 2022-07-12 13:29:25 EDT; 3h 38min ago # foreman-maintain service status -b Running Status Services ================================================================================ Get status of applicable services: Displaying the following service(s): rh-redis5-redis, postgresql, pulpcore-api, pulpcore-content, pulpcore-worker, pulpcore-worker, goferd, httpd, puppetserver, foreman-proxy | displaying rh-redis5-redis [OK] | displaying postgresql [OK] | displaying pulpcore-api [OK] | displaying pulpcore-content [OK] | displaying pulpcore-worker [OK] | displaying pulpcore-worker [OK] | displaying goferd [OK] | displaying httpd [OK] | displaying puppetserver [OK] | displaying foreman-proxy [OK] # rpm -qa |egrep -i 'qpid-cpp-server|qpid-cpp-client|qpid-cpp-server-linearstore' qpid-cpp-server-1.36.0-32.el7_9amq.x86_64 qpid-cpp-client-1.36.0-32.el7_9amq.x86_64 qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64 Expected results: qpid packages and service have to be removed Additional info:
If i am correct, whether upgraded or newly installed: satellite-installer --foreman-proxy-content-enable-katello-agent false , will take care of the following qpidd + qdrouterd both for satellite only qdrouterd for capsule Even when we enable the feature, the same thing happens i.e. following gets enabled and configured: qpidd + qdrouterd both for satellite only qdrouterd for capsule So if 6.9 -> 6.10 upgrade happens, Disabling katello-agent feature stops\removes both services qpidd + qdrouterd from satellite but from capsule only qdrouterd will be stopped\removed. Perhaps for capsule the qpidd is not needed and hence the installer code does not bothers touching the same ?
On Satellite 6.9: * qpid was used for Pulp and katello-agent * qdrouterd was used for katello-agent On Capsule 6.9: * qpid was used for Pulp and katello-agent * qdrouterd was used for katello-agent On Satellite 6.10+: * qpid was used for katello-agent * qdrouterd was used for katello-agent On Capsule 6.10: * qdrouterd was used for katello-agent The Qpid leftover on a Capsule after upgrade to 6.10 is not from katello-agent but rather from Pulp 2 having been there before. That is why the disable of katello-agent does not attempt to clean up Qpid on a Capsule. In theory, the Pulp 2 removal action in foreman-maintain should have dealt with this. Customers can remove it manually. When we completely remove katello-agent we can consider an Obsoletes in the satellite-capsule package to help ensure this but otherwise I do not see us modifying the katello-agent removal command to do this.