disable CertificateRevocationListTask job in candlepin.conf by default
Description of problem:
CertificateRevocationListTask is a candlepin's job to populate CRL. The CRL is not used in Satellite (at least katello nor RHSM queries for "crl" URI against candlepin/rhsm. So this job is being performed redundantly on a Satellite6.
- there were 5+ cases where CRL had impacted Satellite performance
- the only workaround is in modifying /etc/candlepin/candlepin.conf
- .. and this workaround does not survive an upgrade or even satellite-installer run
I am requesting to disable the Job via installer directly & by default.
Fix is very trivial, just add anywhere to
a line like:
pinsetter.org.candlepin.pinsetter.tasks.CertificateRevocationListTask.schedule=0 0 0 1 1 ?
(see KCS 3888591 linked)
Version-Release number of selected component (if applicable):
Sat6.6 (any version)
Steps to Reproduce:
1. Install Satellite6 (or just run satellite-installer on already installed Sat6)
2. Check if CertificateRevocationListTask schedule is changed in /etc/candlepin/candlepin.conf
3. Wait for noon and check "Starting job: org.candlepin.pinsetter.tasks.CertificateRevocationListTask" log in candlepin.log
2. no such entry in candlepin.conf
3. such a task/job is fired every noon (by default, it finishes soon, but not in various scaled environments)
2. have the schedule practicaly disabled via candlepin.conf
3. no such job invoked on a noon
There are customers where CRLT took hours to finish, negatively affecting candlepin (and hence whole Sat6) performance. If not disabled, the impact to CPU grows over time.
#3 Updated by Eric Helms 6 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-candlepin|504ed85be6eabf3a9aa7d431093bda74adc4682e.