Bug #29220
disable CertificateRevocationListTask job in candlepin.conf by default
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1784341
Description of problem:
CertificateRevocationListTask is a candlepin's job to populate CRL. The CRL is not used in Satellite (at least katello nor RHSM queries for "crl" URI against candlepin/rhsm. So this job is being performed redundantly on a Satellite6.
Since:
- there were 5+ cases where CRL had impacted Satellite performance
- the only workaround is in modifying /etc/candlepin/candlepin.conf
- .. and this workaround does not survive an upgrade or even satellite-installer run
I am requesting to disable the Job via installer directly & by default.
Fix is very trivial, just add anywhere to
https://github.com/theforeman/puppet-candlepin/blob/master/templates/candlepin.conf.erb
a line like:
pinsetter.org.candlepin.pinsetter.tasks.CertificateRevocationListTask.schedule=0 0 0 1 1 ?
(see KCS 3888591 linked)
Version-Release number of selected component (if applicable):
Sat6.6 (any version)
How reproducible:
100%
Steps to Reproduce:
1. Install Satellite6 (or just run satellite-installer on already installed Sat6)
2. Check if CertificateRevocationListTask schedule is changed in /etc/candlepin/candlepin.conf
3. Wait for noon and check "Starting job: org.candlepin.pinsetter.tasks.CertificateRevocationListTask" log in candlepin.log
Actual results:
2. no such entry in candlepin.conf
3. such a task/job is fired every noon (by default, it finishes soon, but not in various scaled environments)
Expected results:
2. have the schedule practicaly disabled via candlepin.conf
3. no such job invoked on a noon
Additional info:
There are customers where CRLT took hours to finish, negatively affecting candlepin (and hence whole Sat6) performance. If not disabled, the impact to CPU grows over time.
Associated revisions
Refs #29220 - Add missing parameter
504ed85be6eabf3a9aa7d431093bda74adc4682e introduced this variable, but
lacked the actual parameter. While it was inherited so the default at
least worked, the latest puppet-lint-param-docs requires all parameters
that are documented to actually exist. There is a @param statement for
it and after this PR the actual parameter also exists.
History
#1
Updated by The Foreman Bot 11 months ago
- Assignee set to Eric Helms
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-candlepin/pull/145 added
#2
Updated by The Foreman Bot 11 months ago
- Fixed in Releases 2.1.0 added
#3
Updated by Eric Helms 11 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-candlepin|504ed85be6eabf3a9aa7d431093bda74adc4682e.
#4
Updated by The Foreman Bot 3 months ago
- Pull request https://github.com/theforeman/puppet-candlepin/pull/166 added
Fixes #29220: Disable CRL generation by default