Locations - Are they fundametally broken?

We are currently evaluating Katello/Foreman as a repository solution managing security updates for our customers. We were thinking to create one location per customer.

I was playing around with the “Locations” Feature and either i’m not using “locations” correctly or there are lots of bugs in the currrent release (foreman 3.11.1-1, katello 4.13.1-1)

We are trying to setup 2 Organizations which also have completely separate locations.

We currently have 3 Users. The default admin with Administrator role and one “Organization admin” for every Organization.

Issue 1) Can’t manage locations via “Organization Admin”

Logged in as “Organization Admin”
When creating a new location there is an error screen right after submitting the location:
Location not found Please try to update your request

When going back to the UI and even after reload, the new created Location is nowhere to be found
It is visible when logging in with the default admin User, but no Organization is selected, so it seems it is created but not with the correct rights ?

Issue 2) Organization Admins can view Locations not tied to their Organization

We created a new Location and tied it to Organization A, and selected “All Users” in the user tab
Logging in as “Organization Admin” for Organization B, the unrelated Location is visible in the dropdown. Seems “All Users” takes preference over the “Organization” filter, which is unfortunate.

Because Orgs are supposed to be used in a multi-tenant way where you can’t even share common repositories, i think this shoud not happen.

Issue 3) In Administrator View - Locations are not filtered by Organization
When logged in as default admin, when I select an Organization, i would expect the Location dropdown to only show locations that are “active” for that Organization. But it is always the full list.

We had some limited success by, creating a Location, tying it to one specific user and one Organization. Then it is at least shown correctly in the “Organization Admin” views…but only when creating the Location with these settings from the start. Imagine having more users who should have access, propably manged by LDAP, and lots of locations, this approach seems like a nightmare to manage, also Issue 4) gets in the way of doing this dynamically

Issue 4) Changes to the Location are not directly reflected
We created a new Location and tied it to Organization A, and selected “All Users” in the user tab.
Now as descibed in “Issue 2” bot Org Admins can unfortunately see the location.
Then we remove the “all users” mark and add only org admin A.
After that change Org Admin B can still see the location for some time even after page reload/logout/re-login
Maybe this is some kind of caching issue ??

What is your experience with Locations ? Are you using them ? Do they work for you ? Is there another concept I’m missed out on ?

Locations concept is not fully adopted in some plugins, in this case - the Katello. That means, Katello resources are not scoped to Locations. Also I feel like Organization - Location mapping was never fully defined, I never understood the meaning of that association, despite it is possible to assign Location and Organization. In other words, I don’t know if it’s Organization within a Location or it is a Location belonging into some Organization. Personally I’d like to change it in a way that Organizations are use for isolation and Location become just some sort of a tag on which you can e.g. set parameters for provisioning or configuration management.

From my experience, when you use both Organizations and Locations it adds a lot of complexity. Many of the use cases can be accomplished with a single taxonomy - Organizations. You can read about some users’ experience with it in this thread How do you use Foreman organizations/locations? - #17 by fresh-pie

4 Likes