search

waveclaw / puppet-subscription_manager

Handle Client Registration to RedHat Satellite 6 or Katello
https://rhn.redhat.com
Other
6 stars 34 forks source link

rhsm_register force not working like expected #60

Closed ralfbosz closed 6 years ago

ralfbosz commented 6 years ago

It maybe designed this way, but I would suspect that a "force => true" for rhsm_register would RE-register a system every puppet-run (not ideal, but that is what force would suggest).

When doing this:

rhsm_register { 'satellite.server.com':
  ensure        => 'present',
  activationkey => 'default',
  org           => 'default',
  force         => true,
}

The run does nothing:

Notice: Compiled catalog for server.com in environment production in 0.28 seconds
Notice: Applied catalog in 1.12 seconds

During some troubleshooting I found out that if the $title is the same as the hostname configured with rhsm_config, it skips (even with force) the re-register part. If I change the $title to something other, the rhsm_register is run. But when you remove the force from that one, the register is run every puppet-run (what we didn't want).

Notice: /Stage[main]/Main/Rhsm_register[server]/ensure: created
Debug: This server will be registered
Debug: Executing: '/sbin/subscription-manager register --activationkey default --org default'
Debug: Registration returned: Execution of '/sbin/subscription-manager register --activationkey default --org default' returned 64: This system is already registered. Use --force to override
Debug: /Stage[main]/Main/Rhsm_register[server]: The container Class[Main] will propagate my refresh event
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Debug: Finishing transaction 41204780

Some debug added to show how the command is run without --force. Is it not possible to force a re-register this way?

waveclaw commented 6 years ago

Not as far as I know using rhsm_register.

The underlying /sbin/subscription-manager command behaves this way. The native types are a thin wrapper around this.

The puppet classes try to handle this case but really do not have enough information to deal with it in this case.

You will have to provide that information to Puppet to "fix" this behavior. Consider the output of /sbin/subscription-manager status. Combine that status with knowing if you need to update the hostname or certname of your Katello or Satellite installation. These two data will tell you if you should force a registration or not. It may require you to purge the registration then re-register it.

If you just blindly apply force it must try to re-register on every run. This causes exceptionally high load on a Katello or Satellite system. It can break the SAM part of Satellite when the host records are locked (errored tasks will pile up in the task list with locks on the host records.)

Note that Satelite 6.1.2 and later have a fix in that reduces the issue somewhat of running with --force. Duplicate hosts that try to re-register with a valid registration are combined into a single record with no changes. In Satellite 6.1.1 and older this would actually duplicate the host record. Over a few weeks this leads to thousands of invalid duplicate content hosts in the database.