New Update instructions “Upgrading Foreman server” suggest to run

foreman-maintain content remove-pulp2

to cleanup pulp2. This executes a

# yum remove pulp-server  python-pulp-streamer  pulp-puppet-plugins \
  python-pulp-rpm-common  python-pulp-common  pulp-selinux  \
  python-pulp-oid_validation  python-pulp-puppet-common  python-pulp-repoauth \
  pulp-rpm-plugins  python-blinker  python-celery  python-django  python-isodate \
  python-ldap  python-mongoengine  python-nectar  python-oauth2  python-pymongo

Now while that’s O.K. for the RPMs from the pulp repositories, it’s very dangerous for the rest.

For instance, python-ldap.x86_64 and python-isodate.noarch are from CentOS Base, python-blinker.noarch is from CentOS Extras and python-oauth2.noarch is from EPEL7. So chances are other software uses this as well, e.g. ipa-client. If you are using IPA on your system running this will silently remove the ipa-client from your system.

Thus the remove-pulp2 should only do this for the RPMs originated for pulp. At best, you could do a ‘yum autoremove’ after that to remove dependencies which are not required anymore…

Looks like it removes a few other important things that breaks apache. mod_ssl, acl, createrepo are all removed.

Transaction ID : 155
Begin time : Tue Apr 27 19:42:18 2021
Begin rpmdb : 1184:82b2263ada1b19ebfa2d5261dc37e179b4002cde
End time : 19:49:21 2021 (7 minutes)
End rpmdb : 1138:e24cb67770a0c984d6d189e51df454b98df767fa
User : USERNAME
Return-Code : Success
Command Line : -y remove pulp-server python-pulp-streamer pulp-puppet-plugins python-pulp-rpm-common python-pulp-common pulp-selinux python-pulp-oid_validation python-pulp-puppet-common python-pulp-repoauth pulp-rpm-plugins python-blinker python-celery python-django python-isodate python-ldap python-mongoengine python-nectar python-oauth2 python-pymongo
Transaction performed with:
Installed rpm-4.11.3-45.el7.x86_64 @rhel-7-server-rpms
Installed subscription-manager-1.24.45-1.el7_9.x86_64 @rhel-7-server-rpms
Installed yum-3.4.3-168.el7.noarch @rhel-7-server-rpms
Packages Altered:
Erase acl-2.2.51-15.el7.x86_64 @anaconda/7.8
Erase createrepo-0.9.9-28.el7.noarch @public-rhel-7-server-os-x86_64
Erase createrepo_c-0.17.1-1.el7.x86_64 @pulpcore
Erase kobo-0.6.0-1.el7.noarch @public-epel-rhel-7-x86_64
Erase libmodulemd-1.7.0-1.el7.x86_64 @pulp
Erase mod_ssl-1:2.4.6-97.el7_9.x86_64 @rhel-7-server-rpms
Erase mod_wsgi-3.4-18.el7.x86_64 @public-rhel-7-server-os-x86_64
Erase mod_xsendfile-0.12-10.el7.x86_64 @public-epel-rhel-7-x86_64
Erase pulp-deb-plugins-1.10.2-1.el7.noarch @pulp
Erase pulp-rpm-plugins-2.21.5-1.el7.noarch @pulp
Erase pulp-selinux-2.21.5-1.el7.noarch @pulp
Erase pulp-server-2.21.5-1.el7.noarch @pulp
Erase pyparsing-1.5.6-9.el7.noarch @rhel-7-server-rpms
Erase python-anyjson-0.3.3-3.el7.noarch @public-epel-rhel-7-x86_64
Erase python-blinker-1.3-2.el7.noarch @public-rhel-7-server-extras-x86_64
Erase python-bson-3.2-2.el7.x86_64 @pulp
Erase python-debian-0.1.27-3.el7.noarch @public-epel-rhel-7-x86_64
Erase python-deltarpm-3.6-3.el7.x86_64 @public-rhel-7-server-os-x86_64
Erase python-django-bash-completion-1.11.27-1.el7.noarch @public-epel-rhel-7-x86_64
Erase python-isodate-0.5.0-4.pulp.el7.noarch @pulp
Erase python-kid-0.9.6-11.el7.noarch @public-epel-rhel-7-x86_64
Erase python-ldap-2.4.15-2.el7.x86_64 @public-rhel-7-server-os-x86_64
Erase python-mongoengine-0.10.5-1.el7.noarch @pulp
Erase python-nectar-1.6.4-1.el7.noarch @pulp
Erase python-oauth2-1.5.211-8.el7.noarch @public-epel-rhel-7-x86_64
Erase python-pulp-common-2.21.5-1.el7.noarch @pulp
Erase python-pulp-deb-common-1.10.2-1.el7.noarch @pulp
Erase python-pulp-integrity-2.21.5-1.el7.noarch @mycompany_Katello_Pulp_v2_21_EL7_x86_64
Erase python-pulp-oid_validation-2.21.5-1.el7.noarch @pulp
Erase python-pulp-repoauth-2.21.5-1.el7.noarch @pulp
Erase python-pulp-rpm-common-2.21.5-1.el7.noarch @pulp
Erase python-pymongo-3.2-2.el7.x86_64 @pulp
Erase python-pymongo-gridfs-3.2-2.el7.x86_64 @pulp
Erase python-semantic_version-2.4.2-2.el7.noarch @public-rhel-7-server-extras-x86_64
Erase python2-amqp-10:2.2.2-5.el7.noarch @pulp
Erase python2-billiard-10:3.5.0.3-4.el7.x86_64 @pulp
Erase python2-celery-10:4.0.2-7.el7.noarch @pulp
Erase python2-debpkgr-1.1.0-1.el7.noarch @pulp
Erase python2-django-1.11.27-1.el7.noarch @public-epel-rhel-7-x86_64
Erase python2-gnupg-0.4.6-2.el7.noarch @mycompany_EPEL_EPEL_7_x86_64
Erase python2-kombu-10:4.0.2-14.el7.noarch @pulp
Erase python2-simplejson-3.10.0-2.el7.x86_64 @public-epel-rhel-7-x86_64
Erase python2-solv-0.7.17-1.el7.x86_64 @pulpcore
Erase python2-vine-10:1.1.3-5.el7.noarch @pulp
Erase pytz-2016.10-2.el7.noarch @public-rhel-7-server-os-x86_64
Erase repoview-0.6.6-4.el7.noarch @public-epel-rhel-7-x86_64
Scriptlet output:
1 warning: file /etc/httpd/conf.d/pulp_deb.conf: remove failed: No such file or directory
2 warning: file /etc/httpd/conf.d/pulp_rpm.conf: remove failed: No such file or directory
3 warning: /etc/pulp/server.conf saved as /etc/pulp/server.conf.rpmsave
4 warning: file /etc/httpd/conf.d/pulp_content.conf: remove failed: No such file or directory
5 warning: file /etc/httpd/conf.d/pulp.conf: remove failed: No such file or directory
6 warning: /etc/default/pulp_workers saved as /etc/default/pulp_workers.rpmsave
7 warning: /etc/pulp/repo_auth.conf saved as /etc/pulp/repo_auth.conf.rpmsave
8 warning: file /etc/httpd/conf.modules.d/00-ssl.conf: remove failed: No such file or directory
9 warning: /etc/httpd/conf.d/ssl.conf saved as /etc/httpd/conf.d/ssl.conf.rpmsave
10 warning: file /etc/httpd/conf.modules.d/10-wsgi.conf: remove failed: No such file or directory
11 warning: file /etc/httpd/conf.modules.d/xsendfile.conf: remove failed: No such file or directory

@gvde @Antarctic_Guy

Yeah, I can see how that is bad, I will file a redmine issue and post the issue here when finished. It will get triaged today as well to a release.

@gvde that is fair criticism and we can work to remove the rpms listed that are not in the pulp repos. To be fair though, it does print out the yum install command and prompt you before executing. Maybe we should strongly suggest users run that manually?

@Antarctic_Guy in our testing this did not happen, in fact testing i didn’t see mod_ssl being removed all:

Dependencies Resolved

=========================================================================================================================================================================================================================================================
Package Arch Version Repository Size

Removing:
pulp-puppet-plugins noarch 2.21.5-1.el7 @pulp 345 k
pulp-rpm-plugins noarch 2.21.5-1.el7 @pulp 1.6 M
pulp-selinux noarch 2.21.5-1.el7 @pulp 297 k
pulp-server noarch 2.21.5-1.el7 @pulp 3.4 M
python-blinker noarch 1.3-2.el7 @extras 358 k
python-isodate noarch 0.5.4-8.el7 @base 219 k
python-ldap x86_64 2.4.15-2.el7 @base 683 k
python-mongoengine noarch 0.10.5-1.el7 @pulp 1.3 M
python-nectar noarch 1.6.4-1.el7 @pulp 140 k
python-oauth2 noarch 1.5.211-8.el7 @epel 105 k
python-pulp-common noarch 2.21.5-1.el7 @pulp 250 k
python-pulp-oid_validation noarch 2.21.5-1.el7 @pulp 17 k
python-pulp-puppet-common noarch 2.21.5-1.el7 @pulp 59 k
python-pulp-repoauth noarch 2.21.5-1.el7 @pulp 68 k
python-pulp-rpm-common noarch 2.21.5-1.el7 @pulp 90 k
python-pulp-streamer noarch 2.21.5-1.el7 @pulp 54 k
python-pymongo x86_64 3.2-2.el7 @pulp 1.5 M
python2-celery noarch 10:4.0.2-7.el7 @pulp 2.7 M
python2-django noarch 1.11.27-1.el7 @epel 16 M
Removing for dependencies:
pulp-deb-plugins noarch 1.10.2-1.el7 @pulp 227 k
pulp-docker-plugins noarch 3.2.9-1.el7 @pulp 412 k
pulp-katello noarch 1.0.3-1.el7 katello 37 k
pulp-puppet-tools noarch 2.21.5-1.el7 @pulp 43 k
python-pulp-deb-common noarch 1.10.2-1.el7 @pulp 27 k
python-pulp-docker-common noarch 3.2.9-1.el7 @pulp 57 k
python-pymongo-gridfs x86_64 3.2-2.el7 @pulp 436 k

Transaction Summary

Remove 19 Packages (+7 Dependent packages)

I’m really confused as to why it removed mod_ssl and mod_wsgi for you? This also doesn’t really have anything to do with dependencies as pulp-server-2.21.5-1.el7.noarch & python-pulp-repoauth-2.21.5-1.el7.noarch are the only rpms it directly depends on in my test environment.

I had reverted my to my snapshot before the upgrade so I can’t do additional testing yet. Back on my Katello 3.18.2 instance it appears that if I try to remove pulp-server (2.21.5-1) mod_ssl and mod_wsgi are both removed for dependencies.

—> Marking mod_ssl to be removed - no longer needed by pulp-server
—> Marking mod_wsgi to be removed - no longer needed by pulp-server

My server is running RHEL 7 and was originally deployed with Katello 3.15.1 and upgraded to each release as they came out. Looking back at my yum history I can see that mod_ssl was originally installed when I ran “yum -y install katello” for version 3.15.1. Back then pulp2 must have been the package that marked mod_ssl as a dependency.

well pulp2 still marks it as a dependency, but in our testing a ‘yum remove’ was never removing dependencies. I feel like moving to ‘rpm -e’ would likely be a safer approach with more consistent behavior.

@Justin_Sherrill did you want me to make an issue to switch over to rpm -e for triage today?

@cintrix84 sure, please file an issue against foreman-maintain

The problem is probably, that the installer scripts checks whether a package is already installed and doesn’t install it if it is. Now if pulp2 had a dependency to mod_ssl and httpd, those are installed as dependency. Later the installer checks for installed mod_ssl and httpd and finds it, thus it doesn’t install the package. This way httpd remains a dependency.

I think if you do an explicit “yum install httpd” or maybe a “yum reinstall httpd” this would tell that httpd is supposed to be installed and not a simple dependency. That’s what I usually do if I run into this situation. Maybe there’s a special yum command for this, too?

I’ve opened a pr here: Fixes #32488 - use rpm to remove pulp2 packages by jlsherrill · Pull Request #473 · theforeman/foreman_maintain · GitHub to hopefully resolve this. Feedback welcome!