Foreman » Installer

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1784341

Description of problem:
CertificateRevocationListTask is a candlepin's job to populate CRL. The CRL is not used in Satellite (at least katello nor RHSM queries for "crl" URI against candlepin/rhsm. So this job is being performed redundantly on a Satellite6.

Since:
- there were 5+ cases where CRL had impacted Satellite performance
- the only workaround is in modifying /etc/candlepin/candlepin.conf
- .. and this workaround does not survive an upgrade or even satellite-installer run

I am requesting to disable the Job via installer directly & by default.

Fix is very trivial, just add anywhere to

https://github.com/theforeman/puppet-candlepin/blob/master/templates/candlepin.conf.erb

a line like:

pinsetter.org.candlepin.pinsetter.tasks.CertificateRevocationListTask.schedule=0 0 0 1 1 ?

(see KCS 3888591 linked)

Version-Release number of selected component (if applicable):
Sat6.6 (any version)

How reproducible:
100%

Steps to Reproduce:
1. Install Satellite6 (or just run satellite-installer on already installed Sat6)
2. Check if CertificateRevocationListTask schedule is changed in /etc/candlepin/candlepin.conf
3. Wait for noon and check "Starting job: org.candlepin.pinsetter.tasks.CertificateRevocationListTask" log in candlepin.log

Actual results:
2. no such entry in candlepin.conf
3. such a task/job is fired every noon (by default, it finishes soon, but not in various scaled environments)

Expected results:
2. have the schedule practicaly disabled via candlepin.conf
3. no such job invoked on a noon

Additional info:
There are customers where CRLT took hours to finish, negatively affecting candlepin (and hence whole Sat6) performance. If not disabled, the impact to CPU grows over time.