My understanding is that a content view is just access scope for all contents and for example, contents in CV could be accessed when installing packages in kickstart script or ansible , right?
My questions are
What is main purpose of restricting access scope? I guess allowing access for all contents without CV is simpler way for user to use.
Host can access only repository in CV? I think it’s possible to access repository not in CV by directly updating package download server(ex. sources.list) or does katello monitor such actions?
As far as I know, Foreman gets repo URL as installation media. Then, should contents related to OS installation be added into CV even for such case, and does host directly access that URL repo?
I am not sure if I fully understand your questions specifically. But let me try to explain CVs.
Imagine you are a manager at an “Enterprise” Linux Customer. You may have some requirement that everything MUST go to Dev/QA before it can go to Prod. But packages are coming out all the time. Content View Versions are snapshots of a set of repositories (Content View) at a point in time. You can then confidently “promote the ‘Web Server’ repositories (Content View) to Dev on Monday, then from Dev to QA on Wednesday and promote from QA to Prod on Friday” for example. You will also know that EXACTLY what was in Dev on Monday will make it to Prod on Friday.
It’s also about access control. You may mirror PostgreSQL right from “postgresql.org” and you want your “DB Servers” to have access to those mirrors but your “Web Servers” should not. Or keeping in mind Katello is the Upstream of Red Hat Satellite and that Red Hat sells licenses for JBoss EAP. You may want your “App Servers” to have access to “JBoss EAP” and “RHEL 7 x86_64 Server” but “Web Servers” may only need access to “RHEL 7 Server x86_64”. Or maybe your devs use laptops w/ licenses for “RHEL 7 Workstation”.
