Hi,
“Security errata applicable” is still shown after all available updates were installed. Executing “recalculate” doesn’t change anything.
Only “foreman-rake katello:import_applicability” seems to refresh the errata status.
Is this a limitation of “remote execution”?
I’m using Katello 3.16.1.2/Foreman 2.1.4. The client is based on RHEL8.2, katello-host-tools and katello-host-tools-tracer is installed.
Regards,
Toni
@tonido thank you for posting about this.
As far as I know, this is not a limitation of the remote execution.
Can you check in the foreman-console for “Katello::Event.count” ?
Additionally, can you check the output of “hammer ping”?
Thanks!
Thanks for looking into this.
hammer ping returns “ok”, nothing has failed.
Katello::Event.count returns “0” before and after applying installable errata.
Hi,
it is a fresh installation.
Also, are you using pulp2 or pulp3 for your content?
pulp2. The version which was automatically installed
It’s pulp3 not pulp2.
It seem to be related to the client’s OS. The “Installable Updates” info gets refreshed for RHEL7.8 hosts but it doesn’t change for RHEL8.2 hosts.
@tonido can check the version of subscription-manager on each of the RHEL8.2 hosts?
subscription-manager versionSory for my late reply.
It’s not woking with subscription-manager 1.26.20-1.el8_2
I haven’t been able to reproduce this using pulp3 and a the same version of subscription-manager, etc.
$ sudo subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 3.16.1.2-Unknown
subscription management rules: 5.40
subscription-manager: 1.26.20-1.el8_2
Your situation is confusing because the “import_applicabilty” should only affect pulp2.
I’ll present this scenario again today to another team member, and we may open an issue.
A fresh setup of Katello 3.16 installs pulp3, doesn’t it? I’m asking because a package named “pulp-server-2.21.3-1.el7.noarch” is also installed. How can I verify the pulp version?
@tonido until a later Katello release, right now version 4.0.0, both pulp2 and pulp3 are installed in parallel. Eventually all content will be supported by pulp3, and pulp2 will be removed/unsupported.
You can check to see which pulp service is hosting which content types by looking at the Infrastructure->Smart Proxies-> (your katello host) -> Services tab.
You can see in this screen shot that both version of pulp are installed. “Pulpcore” here means pulp3. The version is the proxy version, IIRC.
Looking at the “supported content types” we see that pulp3 is handling file, ansible collections, and yum content. Pulp2 is handling all other types (debian, puppet, etc).
New details:
-registered an older RHEL version to katello
-updated all available packages using remote execution (+reboot)
-number of applicable errata reduced but 4 avdisories (rhsa) are still listed as applicable:
RHSA-2020:4286
RHBA-2020:3652
RHSA-2020:3218
RHSA-2020:3010
But these advisories were also installed (“yum update” returns “Nothing to do.”).
Any ideas why they are still listed?
It looks like you are hitting this bug: Bug #30964: Katello Pulp 3 Applicability is incorrect when multiple versions of a package exist - Katello - Foreman
You could work around it by deleting old kernel versions on the client systems, but we’ll work on getting it fixed
