Bug #19275
Updated by Alan Evans almost 8 years ago
h1. Summary
I posted on the users mailing list about this a couple of weeks ago, I called it "Activation keys not working as expected" but I think I see what's going on now.
It seems that "No (Default)" is misleading and I can't tell if the problem is subscription-manager, katello or candlepin.
In the end I am seeing that subscription manager retrieves a list of content overrides and a list of available repos from katello(candlepin). Subscription-manager seems only to reject repos that are explicitly overridden to enabled=0. So if a repo is available but not overridden it will be added to a host.
This is compounded by the other bug I created #19274 about "Override to no" being missing from the Web UI.
h2. Environment
Katello
<pre>
[alan@katello ~]$ cat /etc/centos-release
CentOS Linux release 7.3.1611 (Core)
[alan@katello ~]$ rpm -q katello foreman candlepin
katello-3.3.1-1.el7.noarch
foreman-1.14.3-1.el7.noarch
candlepin-0.9.54.10-1.el7.noarch
</pre>
Client
<pre>
[root@rhsm-client ~]# cat /etc/centos-release
CentOS Linux release 7.3.1611 (Core)
[root@rhsm-client ~]# rpm -q subscription-manager
subscription-manager-1.17.15-1.el7.centos.x86_64
</pre>
h2. Original State
The goal is to have machines register with the activation key and question and get only "base" repos, centos-os, centos-updates etc. Other hosts providing different keys may have more repos enabled. One would think that because "No (Default)" that all I would have to do is enable the repos I want.
h3. Katello Server
<pre>
[alan@katello ~]$ hammer activation-key product-content --id 6 | grep -v -e 'CentOS 6' -e 'centos-6' -e 'el6' -e 'EPEL 6'
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
ID | NAME | TYPE | URL | GPG KEY | LABEL | ENABLED? | OVERRIDE
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
1490920072788 | Katello 3.3 el7-x86_64 Client | | | | My_Org_katello_katello-3_3-el7-x86_64-client | no | 1
1490920076693 | Katello 3.3 el7-x86_64 | | | | My_Org_katello_katello-3_3-el7-x86_64 | no | default
1490920083144 | Katello 3.3 el7-x86_64 Candlepin | | | | My_Org_katello_katello-3_3-el7-x86_64-candlepin | no | default
1490920079560 | Katello 3.3 el7-x86_64 Pulp | | | | My_Org_katello_katello-3_3-el7-x86_64-pulp | no | default
1490920069104 | Puppet Labs Agent 3.7.2 el7 x86_64 | | | | My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent | no | 1
1490920089132 | Foreman 1.14 el7-x86_64 Plugins | | | | My_Org_foreman_foreman-1_14-el7-x86_64-plugins | no | default
1490920086679 | Foreman 1.14 el7-x86_64 | | | | My_Org_foreman_foreman-1_14-el7-x86_64 | no | default
1490920065429 | EPEL 7 x86_64 | | | | My_Org_epel_epel-7-x86_64 | no | 1
1490920054709 | CentOS 7 x86_64 Plus | | | | My_Org_centos_centos-7-x86_64-centosplus | no | default
1490920048716 | CentOS 7 x86_64 Extras | | | | My_Org_centos_centos-7-x86_64-extras | no | default
1490920040933 | CentOS 7 x86_64 OS | | | | My_Org_centos_centos-7-x86_64-os | no | 1
1490920044643 | CentOS 7 x86_64 Updates | | | | My_Org_centos_centos-7-x86_64-updates | no | 1
1490920058662 | CentOS 7 x86_64 SCLo - sclo | | | | My_Org_centos_centos-7-x86_64-sclo-sclo | no | default
1490920062617 | CentOS 7 x86_64 SCLo - rh | | | | My_Org_centos_centos-7-x86_64-sclo-rh | no | default
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
</pre>
h3. Client Machine
<pre>
[root@rhsm-client ~]# subscription-manager register --org="My_Org" --activationkey="ak-centos-7-x86_64-dev" --force
The system with UUID e3cc004f-4df7-4aa7-b86a-480ef5db03c4 has been unregistered
The system has been registered with ID: cab481ec-a610-4806-bfaf-2b71f9891454
No products installed.
[root@rhsm-client ~]# curl https://katello.example.com/rhsm/consumers/cab481ec-a610-4806-bfaf-2b71f9891454/content_overrides --cert /etc/pki/consumer/cert.pem --key /etc/pki/consumer/key.pem
[ {
"contentLabel" : "My_Org_centos_centos-7-x86_64-os",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:38:03.824+0000",
"updated" : "2017-04-14T01:38:03.824+0000"
}, {
"contentLabel" : "My_Org_epel_epel-7-x86_64",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:38:03.825+0000",
"updated" : "2017-04-14T01:38:03.825+0000"
}, {
"contentLabel" : "My_Org_katello_katello-3_3-el7-x86_64-client",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:38:03.826+0000",
"updated" : "2017-04-14T01:38:03.826+0000"
}, {
"contentLabel" : "My_Org_centos_centos-7-x86_64-updates",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:38:03.827+0000",
"updated" : "2017-04-14T01:38:03.827+0000"
}, {
"contentLabel" : "My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:38:03.828+0000",
"updated" : "2017-04-14T01:38:03.828+0000"
} ]
[root@rhsm-client ~subscription-manager repos --list | grep -e ID: -e Enabled:
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-client
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-pulp
Enabled: 1
Repo ID: My_Org_epel_epel-7-x86_64
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-sclo-sclo
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-sclo-rh
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-candlepin
Enabled: 1
Repo ID: My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-os
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-updates
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-centosplus
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-extras
Enabled: 1
</pre>
h2. Test Case
If I explicitly override one of the repos to enabled=0 then re-register the client machine we can see that the content override works as expected.
h3. Katello Server
<pre>
[alan@katello ~]$ hammer activation-key content-override --id 6 --content-label My_Org_centos_centos-7-x86_64-extras --value 0
Updated content override
[alan@katello ~]$ hammer activation-key product-content --id 6 | grep -v -e 'CentOS 6' -e 'centos-6' -e 'el6' -e 'EPEL 6'
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
ID | NAME | TYPE | URL | GPG KEY | LABEL | ENABLED? | OVERRIDE
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
1490920054709 | CentOS 7 x86_64 Plus | | | | My_Org_centos_centos-7-x86_64-centosplus | no | default
1490920048716 | CentOS 7 x86_64 Extras | | | | My_Org_centos_centos-7-x86_64-extras | no | 0
1490920040933 | CentOS 7 x86_64 OS | | | | My_Org_centos_centos-7-x86_64-os | no | 1
1490920044643 | CentOS 7 x86_64 Updates | | | | My_Org_centos_centos-7-x86_64-updates | no | 1
1490920058662 | CentOS 7 x86_64 SCLo - sclo | | | | My_Org_centos_centos-7-x86_64-sclo-sclo | no | default
1490920062617 | CentOS 7 x86_64 SCLo - rh | | | | My_Org_centos_centos-7-x86_64-sclo-rh | no | default
1490920065429 | EPEL 7 x86_64 | | | | My_Org_epel_epel-7-x86_64 | no | 1
1490920069104 | Puppet Labs Agent 3.7.2 el7 x86_64 | | | | My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent | no | 1
1490920072788 | Katello 3.3 el7-x86_64 Client | | | | My_Org_katello_katello-3_3-el7-x86_64-client | no | 1
1490920076693 | Katello 3.3 el7-x86_64 | | | | My_Org_katello_katello-3_3-el7-x86_64 | no | default
1490920083144 | Katello 3.3 el7-x86_64 Candlepin | | | | My_Org_katello_katello-3_3-el7-x86_64-candlepin | no | default
1490920079560 | Katello 3.3 el7-x86_64 Pulp | | | | My_Org_katello_katello-3_3-el7-x86_64-pulp | no | default
1490920089132 | Foreman 1.14 el7-x86_64 Plugins | | | | My_Org_foreman_foreman-1_14-el7-x86_64-plugins | no | default
1490920086679 | Foreman 1.14 el7-x86_64 | | | | My_Org_foreman_foreman-1_14-el7-x86_64 | no | default
--------------|---------------------------------------------------|------|-----|---------|----------------------------------------------------|----------|---------
</pre>
h3. Client Machine
<pre>
[root@rhsm-client ~]# subscription-manager register --org="My_Org" --activationkey="ak-centos-7-x86_64-dev" --force
The system with UUID cab481ec-a610-4806-bfaf-2b71f9891454 has been unregistered
The system has been registered with ID: 95d7b160-fb05-4086-8e28-e1b379ac0ab4
No products installed.
[root@rhsm-client ~]# curl https://katello.example.com/rhsm/consumers/95d7b160-fb05-4086-8e28-e1b379ac0ab4/content_overrides --cert /etc/pki/consumer/cert.pem --key /etc/pki/consumer/key.pem
[ {
"contentLabel" : "My_Org_katello_katello-3_3-el7-x86_64-client",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:40:56.147+0000",
"updated" : "2017-04-14T01:40:56.147+0000"
}, {
"contentLabel" : "My_Org_epel_epel-7-x86_64",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:40:56.147+0000",
"updated" : "2017-04-14T01:40:56.147+0000"
}, {
"contentLabel" : "My_Org_centos_centos-7-x86_64-extras",
"name" : "enabled",
"value" : "0",
"created" : "2017-04-14T01:40:56.148+0000",
"updated" : "2017-04-14T01:40:56.148+0000"
}, {
"contentLabel" : "My_Org_centos_centos-7-x86_64-os",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:40:56.149+0000",
"updated" : "2017-04-14T01:40:56.149+0000"
}, {
"contentLabel" : "My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:40:56.150+0000",
"updated" : "2017-04-14T01:40:56.150+0000"
}, {
"contentLabel" : "My_Org_centos_centos-7-x86_64-updates",
"name" : "enabled",
"value" : "1",
"created" : "2017-04-14T01:40:56.151+0000",
"updated" : "2017-04-14T01:40:56.151+0000"
} ]
[root@rhsm-client ~subscription-manager repos --list | grep -e ID: -e Enabled:
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-client
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-pulp
Enabled: 1
Repo ID: My_Org_epel_epel-7-x86_64
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-sclo-sclo
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-sclo-rh
Enabled: 1
Repo ID: My_Org_katello_katello-3_3-el7-x86_64-candlepin
Enabled: 1
Repo ID: My_Org_puppet-enterprise_pe-3_7_2-el7-x86_64-agent
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-os
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-updates
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-centosplus
Enabled: 1
Repo ID: My_Org_centos_centos-7-x86_64-extras
Enabled: 0
</pre>
h1. Speculation
I think what is happening here is that katello(candlepin) are treating absent overrides as disabled. Where subscription-manager is treating absent overrides as enabled.
So it is hard for me to say if the bug is with katello(candlepin) or subscription-manager.
I think I saw in another ticket that if repo==custom then enabled=default=0 and if repo==redhat then enabled=default=1. Did I get that correct? Unfortunately that probably complicates things a bit.
Here's what I can think of to fix this.
# Change the behavior of subscription-manager --> if not explicitly enabled=1 then enabled=0 (this would probably require katello(candlepin) changes anyway because of the redhat|custom behaviorial differences)
# Have katello explicitly enabled=0|1 on activation key creation and based on redhat|custom type
# Have katello(candlepin) explicitly return enabled=0|1 for repos that are enabled='default' based on redhat|custom type
-Alan