This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 803357 - erratas of filtered packages should not be promoted
erratas of filtered packages should not be promoted
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Katello Bug Bin
Katello QA List
: Triaged
Depends On:
Blocks: 1130651
  Show dependency treegraph
Reported: 2012-03-14 10:27 EDT by Garik Khachikyan
Modified: 2015-01-04 16:59 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-08-15 16:08:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Garik Khachikyan 2012-03-14 10:27:02 EDT
Description of problem:
Right now Katello promotes the errata of a package that is filtered out to the next environment. Thus having errata but no package there.

Version-Release number of selected component (if applicable):
Recent CFSE build

How reproducible:

Steps to Reproduce:
* client remember an org
* provider create --name pulp
* product create --name pulp --provider pulp
* repo create --name pulp-64bit --product pulp --url
* repo sync --name pulp-64bit --product pulp
* filter create --name no_bear --packages bear
* repo add_filter --name pulp-64bit --filter no_bear --product pulp
* environment create --name Dev --prior Library
* changeset create --name cs_Dev --environment Dev
* changeset update --from_product pulp --add_repo pulp-64bit --name cs_Dev --environment Dev
* changeset promote --name cs_Dev --environment Dev

Actual results:
errata list --repo pulp-64bit --product pulp --environment Dev
(shows RHEA-2012:0001 Bear_Erratum)

Expected results:
RHEA-2012:0001 should not be promoted (as the promoted repo does not contain the errata package: bear)

Additional info:
please consider also the case when just one package of errata (that might contain >1 packages there) is blacklisted.
Comment 1 Tomas Strachota 2012-03-21 08:43:23 EDT
Though we have to check this during promotion and it could be done on Pulp's side it would be good to also notify user in advance before the actual promotion starts.
Comment 2 Tomas Strachota 2012-03-23 05:34:28 EDT
e7e2ab8 803357 - errata with packages affected by filters are not promoted

I added validation for changeset errata that looks if contained packages are restricted by filters. If so, the erratum can't be added to changeset. User is notified in advance before the promotion starts.

The second part of the problem is promotion of a whole repo with errata. This must be solved in Pulp. It should not promote any of errata with filtered packages. I'm switching component of the bug to pulp and leaving the rest for Pulp specialists.

This bug brought me an idea:
If some errata are going to be skipped automatically users should know about it. We may consider adding some promotion status reports that would sum up what happened during the promotion. Eg. 20 packages updated, 10 packages filtered out, 1 errata filtered out. I expect more information that is worth reporting after we introduce demotion.
Comment 3 Todd Sanders 2012-03-26 12:23:30 EDT
Not sure this is that simple.  Errata's can contain references to multiple packages.  Not sure the correct behavior would be to prevent an errata from being promoted if one of the packages is missing from the environment (or a specific nvrea is missing)....all of them....maybe.

Also, with regards to the validation you added....what if I promoted foo.0.rpm into production, and then added a filter for foo.rpm so that I could stay on version 0 regardless of what was sync'd into the Library.  This validation would prevent me from seeing any RHSA (security) errata for foo.  This seems bad to me; and something we should reconsider.

With regards to this bug, I would *not* consider this a blocker for 1.0.0; and would suggest that we move to 1.1 while we determine how to address.  Regardless, the Pulp and the Katello-agent will only attempt to update the packages for an errata that *are* installed on the system
Comment 4 Hugh Brock 2012-03-27 11:43:33 EDT
This does not meet the severity criteria for a beta blocker at this stage of the Cloudforms release cycle. Pushing to 1.1.
Comment 5 Todd Warner 2012-03-27 13:28:48 EDT
I agree with ToddS (his first part):

If I filter a package, say "emacs" and a security erratum comes down that updates both "emacs" and say "vim", I *think* the right default behavior should be to promote the erratum, but not that one package. And issue a warning that this happened. Maybe even a warning and a confirmation.

This is about "expected behavior". I want that erratum applied, but don't want a specific package.

What we might think about doing is to make this behavior configurable. I.e., I set it so that "if an erratum contains an RPM I have filtered, block the promotion of the erratum".

I believe that most folks want the erratum to promote through, but missing the filtered package.

ToddS's second part: if a customer wants to block foo.rpm > v1.2.3.4, we need to work towards filters that allow a range of versions. That requires more discussion.
Comment 8 Mike McCune 2014-08-15 16:08:44 EDT
This was resolved in the Beta release of Sat6.  Feel free to re-open if this occurs again.

Note You need to log in before you can comment on or make changes to this bug.