803357 – erratas of filtered packages should not be promoted

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 803357 - erratas of filtered packages should not be promoted

Summary: erratas of filtered packages should not be promoted

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Content Management
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Katello Bug Bin
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1130651
TreeView+	depends on / blocked

Reported:	2012-03-14 14:27 UTC by Garik Khachikyan
Modified:	2019-09-26 13:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-08-15 20:08:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Garik Khachikyan 2012-03-14 14:27:02 UTC

Description of problem:
Right now Katello promotes the errata of a package that is filtered out to the next environment. Thus having errata but no package there.

Version-Release number of selected component (if applicable):
Recent CFSE build

How reproducible:
always

Steps to Reproduce:
* client remember an org
* provider create --name pulp
* product create --name pulp --provider pulp
* repo create --name pulp-64bit --product pulp --url http://inecas.fedorapeople.org/fakerepos/zoo3/
* repo sync --name pulp-64bit --product pulp
* filter create --name no_bear --packages bear
* repo add_filter --name pulp-64bit --filter no_bear --product pulp
* environment create --name Dev --prior Library
* changeset create --name cs_Dev --environment Dev
* changeset update --from_product pulp --add_repo pulp-64bit --name cs_Dev --environment Dev
* changeset promote --name cs_Dev --environment Dev

  
Actual results:
errata list --repo pulp-64bit --product pulp --environment Dev
---
(shows RHEA-2012:0001 Bear_Erratum)
---

Expected results:
RHEA-2012:0001 should not be promoted (as the promoted repo does not contain the errata package: bear)

Additional info:
please consider also the case when just one package of errata (that might contain >1 packages there) is blacklisted.

Comment 1 Tomas Strachota 2012-03-21 12:43:23 UTC

Though we have to check this during promotion and it could be done on Pulp's side it would be good to also notify user in advance before the actual promotion starts.

Comment 2 Tomas Strachota 2012-03-23 09:34:28 UTC

e7e2ab8 803357 - errata with packages affected by filters are not promoted

I added validation for changeset errata that looks if contained packages are restricted by filters. If so, the erratum can't be added to changeset. User is notified in advance before the promotion starts.

The second part of the problem is promotion of a whole repo with errata. This must be solved in Pulp. It should not promote any of errata with filtered packages. I'm switching component of the bug to pulp and leaving the rest for Pulp specialists.

This bug brought me an idea:
If some errata are going to be skipped automatically users should know about it. We may consider adding some promotion status reports that would sum up what happened during the promotion. Eg. 20 packages updated, 10 packages filtered out, 1 errata filtered out. I expect more information that is worth reporting after we introduce demotion.

Comment 3 Todd Sanders 2012-03-26 16:23:30 UTC

Not sure this is that simple.  Errata's can contain references to multiple packages.  Not sure the correct behavior would be to prevent an errata from being promoted if one of the packages is missing from the environment (or a specific nvrea is missing)....all of them....maybe.

Also, with regards to the validation you added....what if I promoted foo.0.rpm into production, and then added a filter for foo.rpm so that I could stay on version 0 regardless of what was sync'd into the Library.  This validation would prevent me from seeing any RHSA (security) errata for foo.  This seems bad to me; and something we should reconsider.

With regards to this bug, I would *not* consider this a blocker for 1.0.0; and would suggest that we move to 1.1 while we determine how to address.  Regardless, the Pulp and the Katello-agent will only attempt to update the packages for an errata that *are* installed on the system

Comment 4 Hugh Brock 2012-03-27 15:43:33 UTC

This does not meet the severity criteria for a beta blocker at this stage of the Cloudforms release cycle. Pushing to 1.1.

Comment 5 Todd Warner 2012-03-27 17:28:48 UTC

I agree with ToddS (his first part):

If I filter a package, say "emacs" and a security erratum comes down that updates both "emacs" and say "vim", I *think* the right default behavior should be to promote the erratum, but not that one package. And issue a warning that this happened. Maybe even a warning and a confirmation.

This is about "expected behavior". I want that erratum applied, but don't want a specific package.

What we might think about doing is to make this behavior configurable. I.e., I set it so that "if an erratum contains an RPM I have filtered, block the promotion of the erratum".

I believe that most folks want the erratum to promote through, but missing the filtered package.



ToddS's second part: if a customer wants to block foo.rpm > v1.2.3.4, we need to work towards filters that allow a range of versions. That requires more discussion.

Comment 8 Mike McCune 2014-08-15 20:08:44 UTC

This was resolved in the Beta release of Sat6.  Feel free to re-open if this occurs again.

Note You need to log in before you can comment on or make changes to this bug.