Hello, we are testing Foreman 3.10 with Katello 4.12. The SCA enablement/disablement works fine. What we are facing is that all the repositories from Content View is visible in hosts. It’s undesirable for us. For exemple if we have two types of servers (DNS/DHCP server and application server with databases,java and tomcat) we don’t need that the repo of mariadb, java and tomcat is visible on the DNS/DHCP server. It could be the security issue because if we have defined repo for mariadb which is visible on DNS/DHCP server attacker could just enable it and use some vulnerabilities which could be there. Moreover it’s very confusing to have many many repositories in repolist.
Is possible to have 3 states of content repositories (enabled, disabled and absent)? It’s very important for us and with new SCA model it’s not possible.
Thank you very much.
Ondrej
No, not within the same content view. If you want a repository to be completely absent from your redhat.repo file, it would have to be not included in the content view. You can do this with content view filters, or by simply excluding the repository from the content view before publishing.
I’ve made two separate content views. The multiple content view per host is enabled, but it seems not working. Host only still use one content view. What is the usage of multiple content views? Am I using it right?
Oh, thank you so much. There is very important information in the video. The multiple content view register works only with username and password. I’ve used antivation keys and link generator from gui. When it will be ready to use it with activation keys? We are using ansible pleybook to registration of hosts.
We plan to advance the feature for hosts first, then AKs. For hosts there are a couple PRs out currently:
and there will be a few more in Katello 4.14, hopefully. Once hosts are working (via hammer at least), we will move on to making it work with AKs and global registration. I’m hoping within the next few releases (?) but these things are always a process…
For now, if you use ansible you could have your playbook run (on the host) subscription-manager register with --environments and --force, and I think it would work.
Yes it is working but there is no possibility to define, which repo is enable/disable. The Activation Key gives me the choice.
This add the environment, but all the repos are disabled. I can’t see any possiblity in Content view, to say which repos has enabled overwrite.
Specify the enabled repos in ansible playbook is little a bit annoying and the beauty of automation is fading.
Please keep in mind this is not a complete feature yet. The automation will be more beautiful when the feature is completed. Thank you for testing this feature; your feedback will help make it better!
In the meantime, another option I can think of (if you have the host already registered) is
subscription-manager identity # get the consumer id
subscription-manager clean # clean all local data
subscription-manager register --consumerid xxxx # use the id you got above
This should in theory preserve any content overrides (enabled repos) that were there before.
You can run man subscription-manager on the host for more info about all the options.
Thank you for testing this feature; your feedback will help make it better!