search

nicolas-r / katello-centos-errata-import

Imports CentOS (from http://cefs.steve-meier.de/) errata into Katello
28 stars 11 forks source link

Errata security updates not available in the “content hosts” overview table #2

Closed pescobar closed 6 years ago

pescobar commented 6 years ago

I have imported the errata information into katello and it doesn't seem to work 100% but I am not sure if the problem is in the katello side or in how this script is importing the errata (or in my side)

I have posted the details here: https://community.theforeman.org/t/errata-security-updates-not-available-in-the-content-hosts-overview-table/8079

any help or suggestion is much appreciated.

nicolas-r commented 6 years ago

Hi

thanks for testing my scripts and sorry for being late to answer, I had an issue with the email address.

I have to refresh my Katello installation before doing some testing

nicolas-r commented 6 years ago

Hi

I have reinstalled my Katello and confirm the same behavior. I have seen that in the information about errata is also missing from the content view page. I don't know if this is linked or not, neither what caused this

I hope you will have some answer with your open bug

pescobar commented 6 years ago

is this problem solved with the latest code in the repo?

if I update my local clone and rerun it to insert the errata info to katello it will fix the issue? or what would be the procedure to delete the current errata information and reinsert the correct one?

nicolas-r commented 6 years ago

Hi

I have found and fixed the issue. I have created the errata with the wrong type, Security Advisory instead of security for example.

I have been forced to remove the already published content views and destroy the repositories (the content seems to be kept into pulp), and recreate them

After that, drop the redis content and start the scripts again, it should work.

nicolas-r commented 6 years ago

@pescobar let me know if you get some issues

pescobar commented 6 years ago

Hi @nicolas-r

I have followed these steps to try to apply the fix without destroying all my katello products:

First I have deleted all the errata info from pulp like this:

for repoid in `pulp-admin rpm repo list --fields=id |awk {'print $2'}`; do pulp-admin rpm repo remove errata --repo-id=$repoid --after=2000-02-27; done

Then in katello I did: Content >> sync status >> select all >> sync now

After the sync if I go to Content >> products I see that none of my centos repos includes errata info. Only the EPEL repo includes errata info as this is provided by default.

Then in content >> content views I have published and promoted a new version of my content view. This new content view version has less errata information than the previous ones as it only includes the errata info for the EPEL repo

Then I have deleted all the content from redis:

$> redis-cli flushall

I have updated the script katello-centos-errata-import with the latest version in github and rerun it as described in the README . I verified that the new version uses errata_id instead of id

Again in katello Content >> sync status >> select all >> sync now . After this sync if I go to content >> products all the centos repos include the new errata info I just inserted to katello/pulp

Then I have created a new version of my content view and promoted it but after this in hosts >> content hosts I still don't see all the information about applicable errata. I get something like this even if I try hosts >> content hosts >> errata >> recalculate

@nicolas-r any suggestion about how to address this? I would prefer to avoid deleting and recreating all my yum repos if possible

pescobar commented 6 years ago

in case it helps, this is the information I have in pulp for the latest version of one of the yum repos in the content view I created after inserting the new errata info

# pulp-admin rpm repo content errata --repo-id=3-centos_7_4_view-v6_0-608eb5b0-86cd-49a5-916a-9acd9e85fde0
Description: CentOS python-sqlalchemy Enhancement Update
Id:          CEEA-2015:2302
Severity:    Low
Title:       CentOS python-sqlalchemy Enhancement Update
Type:        Product Enhancement Advisory

Description: CentOS golang-github-gorilla-mux BugFix Update
Id:          CEBA-2015:0081
Severity:    Low
Title:       CentOS golang-github-gorilla-mux BugFix Update
Type:        Bug Fix Advisory

Description: CentOS python-jsonpointer Enhancement Update
Id:          CEEA-2015:2453
Severity:    Low
Title:       CentOS python-jsonpointer Enhancement Update
Type:        Product Enhancement Advisory

Description: CentOS libunwind Enhancement Update
Id:          CEEA-2015:2292
Severity:    Low
Title:       CentOS libunwind Enhancement Update
Type:        Product Enhancement Advisory

Description: CentOS golang BugFix Update
Id:          CEBA-2014:2014
Severity:    Low
Title:       CentOS golang BugFix Update
Type:        Bug Fix Advisory

does it look ok?

btw thank you very much for your fix and your work with this script

pescobar commented 6 years ago

mmmm In case this information is useful, I have noticed when querying pulp directly that for the Centos.base repo (errata inserted with this script) the format in pulp is like this for each errata entry:

Type:        Security Advisory

But for the EPEL repo (errata info comes directly from the repo without this script) the format is like this:

Type:        security

Also the links in the hosts >> content hosts pointing to the errata tab are like this:

Security: https://katello_host.com/content_hosts/53/errata?getSearch=type%3Dsecurity Bug fix: https://katello_host.com/content_hosts/53/errata?getSearch=type%3Dbugfix Enhancement: https://katello_host.com/content_hosts/53/errata?getSearch=type%3Denhancement

So the searches that katello is doing in the errata tab are:

type=security
type=bugfix
type=enhancement

The weird thing is that these searches return no results but searching for type= "Security Advisory" (which is the errata info inserted by this script) then the search returns some results.

I am puzzled...

nicolas-r commented 6 years ago

Hi

sorry to hear that you have still an issue.

Can you check that the content view display the correct information about errata like in the image below ?

katello content view

If this is correct, the scripts have worked as expected and the problem is elsewhere, maybe on the hosts

On your client server, can you check if you have all the following packages ? [root@centos01 ~]# rpm -qa|grep qpid|sort python-gofer-qpid-2.7.6-1.el7.noarch python-qpid-0.32-9.el7.noarch python-qpid-common-0.32-9.el7.noarch python-qpid-proton-0.14.0-2.el7.x86_64 qpid-proton-c-0.14.0-2.el7.x86_64

If no, install them, restart goferd and launch katello-package-upload

Let me know if this solve your issue

Nicolas

pescobar commented 6 years ago

hi @nicolas-r

My content view have always shown the information about errata as in your screenshot. This was working also with the previous version of your script.

Where I don't get the proper errata information is in the "hosts >> content hosts" overview table. As in this screenshot:

My client has these packages installed:

# rpm -qa|grep qpid|sort
python-qpid-proton-0.18.1-1.el7.x86_64
qpid-proton-c-0.18.1-1.el7.x86_64

Also these ones and the goferd daemon is running

# rpm -qa|grep katello|sort
katello-agent-3.1.0-1.el7.noarch
katello-ca-consumer-katello-dmz.scicore-dmz.lan-1.0-1.noarch
katello-host-tools-3.1.0-1.el7.noarch
katello-host-tools-fact-plugin-3.1.0-1.el7.noarch

If I execute katello-package-upload nothing changes.

I also tried to install the missing packages that you suggest and rerun katello-package-upload -f but this doesn't fix the problem neither.

My guess is that the problem is in the search that katello is doing. If I go to hosts >> content hosts and I select one of my content hosts I get this overview of it:

But if you click in those links in the red circle you get no results. See here:

But these searches which I manually wrote work:

This correlates with the info I have in pulp (this is a pulp query for the centos_base repo where I inserted the errata info with your script)

# pulp-admin rpm repo content errata --repo-id=3-centos_7_4_view-v7_0-bd5927b2-8873-4f6b-93d9-d540130b307e|grep Type|sort|uniq
Type:        Bug Fix Advisory
Type:        Product Enhancement Advisory
Type:        Security Advisory

But if I query the info in pulp for the EPEL repo the format for Type is different and correlates with the searches that Katello is doing by default 

pulp-admin rpm repo content errata --repo-id=3-centos_7_4_view-v7_0-b37d0aee-fc1a-482c-b4db-251d08e2bc26|grep Type|sort|uniq

Type:        bugfix
Type:        enhancement
Type:        newpackage
Type:        security

My guess is that your script should use the same types as the EPEL repo when inserting the errata info. These ones:

Type:        bugfix
Type:        enhancement
Type:        newpackage
Type:        security

Does it make sense?

nicolas-r commented 6 years ago

Hi

Yes it make sense but this is a strange behavior as my my scripts are now using the correct types names since the last commit

[root@centos-katello katello-centos-errata-import]# pulp-admin rpm repo content errata --repo-id=bf3b7d83-b0dc-4ae9-a8a0-bbec69eabe34|grep Type|sort|uniq Type: bugfix Type: Bug Fix Advisory Type: enhancement Type: Product Enhancement Advisory Type: security Type: Security Advisory

I don't know why there are still references to the old types names (a few errata). Maybe I have forgotten to remove some entries in my redis when doing my tests

Content host view image

Details view on content host image

Security errata image

But until we find a way for you to use the correct type name, you will never have the correct information for your hosts. Maybe something has not been removed properly on your Katello.

What you can do is:

If I get some time, I will remove everything from my Katello instance (Product, content view, etc), start /etc/cron.weekly/katello-remove-orphans to clean everything and restart from scratch to see I have missed something or not

Nicolas

pescobar commented 6 years ago

I have checked that the information in redis was correct (this requires yum install jq)

# for k in `redis-cli --scan`; do redis-cli get $k | jq '.errata_type'; done | sort |uniq
parse error: Invalid numeric literal at line 2, column 0
"bugfix"
"enhancement"
"security"

In any case I deleted all the info from redis to start from scratch

[root@katello-dmz katello-centos-errata-import]# redis-cli INFO | grep ^db
db0:keys=5670,expires=0,avg_ttl=0

 [root@katello-dmz katello-centos-errata-import]# redis-cli flushall
OK

[root@katello-dmz katello-centos-errata-import]# redis-cli INFO | grep ^db

The repo version is:

[root@katello-dmz katello-centos-errata-import]# git log |head
commit 199250cf66abbb42c703be17f602cb2b61b2a982
Author: Nicolas Raspail <3169278+nicolas-r@users.noreply.github.com>
Date:   Tue Feb 27 15:24:26 2018 +0100

    * Create errata with the correct type (Fixes #2)
    * Renamed some field in rhnerrata to avoid using python keywords

commit 21e88c16b924c6ee4611a62f9e2d7d53d3f0c64f

I have checked that my scripts use errata_id var instead of id as modified here

then deleted all the errata info from pulp:

# for repoid in `pulp-admin rpm repo list --fields=id |awk {'print $2'}`; do pulp-admin rpm repo remove errata --repo-id=$repoid --after=2000-02-27; done

Then published a new version of the content view which doesn't include any errata info. You can see the screenshot. The new version is 8.0. At this point I haven't resynced the yum repos yet.

Then I tried to reinsert the errata info to redis and katello 

./download-data.sh
python centos-errata-redis-loader.py
python centos-errata-katello-importer.py

First two steps work ok but the third one doesn't work because when executing python centos-errata-katello-importer.py I get many messages like Skipping errata CESA-2017:1950 (already present) so I tried to resync the repos in content >> sync status >> select all >> synchronize now

After the sync I could do python centos-errata-katello-importer.py

But after I have reinserted the proper errata information to katello/pulp the query to pulp still seems wrong :(

[root@katello-dmz ~]# for repoid in `pulp-admin rpm repo list --fields=id |awk {'print $2'}`; do echo $repoid; pulp-admin rpm repo content errata --repo-id=$repoid |grep Type|sort|uniq; done | egrep ^Type
Type:        Bug Fix Advisory
Type:        Product Enhancement Advisory
Type:        Bug Fix Advisory
Type:        Product Enhancement Advisory
Type:        Security Advisory
Type:        bugfix
Type:        enhancement
Type:        newpackage
Type:        security
Type:        Bug Fix Advisory
Type:        Product Enhancement Advisory
Type:        Security Advisory

I have checked that the only repo with the proper errata info is EPEL

pulp-admin rpm repo content errata --repo-id=b37d0aee-fc1a-482c-b4db-251d08e2bc26 |grep Type|sort|uniq |egrep ^Type

Type:        bugfix
Type:        enhancement
Type:        newpackage
Type:        security

I seems that even if I delete the old/wrong errata info from pulp it's still kept somewhere but I couldn't figure out where.

When I find some time I will try to complete delete the CentOS repositories and recreate them to see if this solves the problem.

@nicolas-r Thanks for your help!

pescobar commented 6 years ago

I did a quick check without luck :(

 # for k in `redis-cli --scan`; do redis-cli get $k | jq '.errata_type'; done | sort |uniq
parse error: Invalid numeric literal at line 2, column 0
"bugfix"
"enhancement"
"security"
repositories:
    centos_updates_test_errata:
        pulp_id: 99b9454b-8d3f-434e-92a9-a3d3cccd2ce8 
        os_release: 7
# pulp-admin rpm repo content errata --repo-id=99b9454b-8d3f-434e-92a9-a3d3cccd2ce8 |grep Type|sort|uniq |egrep ^Type
Type:        Bug Fix Advisory
Type:        Product Enhancement Advisory
Type:        Security Advisory

As far as I understand even if I remove all my yum repositories and recreate them I will still have this problem.

Any suggestion about what else I could try?

nicolas-r commented 6 years ago

Hi

this is what I have tested today and that has worked for me

If this doesn't work for you, I have no more idea, sorry.

Nicolas

pescobar commented 6 years ago

I finally got it working! and I didn't need to remove all the content hosts and content views :)

These are the steps I followed:

Then in each of my content hosts I had to do hosts >> content hosts >> errata >> recalculate

I think the missing bit in all my previous attempts was to execute /etc/cron.weekly/katello-remove-orphans after removing all the wrong errata from the pulp repos

@nicolas-r thank you very much for your help and for your great work with this script!

nicolas-r commented 6 years ago

Glad to hear that your problem is now solved

pescobar commented 6 years ago

thanks again @nicolas-r !! Now I am experiencing another issue but I think this one is not related to your script ;)

I have posted the details here in case you are experiencing the same: https://community.theforeman.org/t/how-is-errata-applicability-recalculated-how-can-i-automate-that-the-errata-applicability-is-recalculated-in-a-regular-basis/8512

blackyboy commented 4 years ago

Me too getting the same issue.

I finally got it working! and I didn't need to remove all the content hosts and content views :)

These are the steps I followed:

  • Remove all erratas from the pulp repositories
  • Launch /etc/cron.weekly/katello-remove-orphans
  • Sync all the repositories
  • Delete redis content
  • Load data into redis (centos-errata-redis-loader.py)
  • Import the errata into katello (centos-errata-katello-importer.py)
  • Sync all the repositories
  • publish a new version of the content view

Then in each of my content hosts I had to do hosts >> content hosts >> errata >> recalculate

I think the missing bit in all my previous attempts was to execute /etc/cron.weekly/katello-remove-orphans after removing all the wrong errata from the pulp repos

@nicolas-r thank you very much for your help and for your great work with this script!

Me too have the issue, followed above steps and not helped with it. Is any other workaround available?