Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1356695 - Sync Atomic Content
Summary: Sync Atomic Content
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.0.0
Assignee: Patrick Creech
QA Contact: Irina Gulina
URL:
Whiteboard:
Depends On: 1361362 1361364 1395585 1405083
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-14 18:44 UTC by Patrick Creech
Modified: 2017-03-01 22:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-01 22:12:22 UTC


Attachments (Terms of Use)
no docker repos to add to the cert (deleted)
2016-11-10 16:09 UTC, Irina Gulina
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0367 normal SHIPPED_LIVE Red Hat Update Infrastructure 3.0 Release 2017-03-02 03:05:22 UTC

Description Patrick Creech 2016-07-14 18:44:00 UTC
The latest Pulp in RHUI has the ability to sync Docker/OSTree content.  

RHUI needs to be updated to take advantage of these content types and serve them up for consumers.

RHUI will need to:
Sync OSTree repos
Sync Docker content
Serve docker content using Crane on CDS servers
Serve OSTree content
Provide client configurations to consume the content.

Comment 3 Irina Gulina 2016-11-10 16:08:32 UTC
Failed QA. 

Docker repos are not available for CLI since they are not available to be added to an entitlement certificate: 

ISO 20161109/10

1. add Docker repos
2. sync them
3. generate an entitlement certificate, no docker repos displayed there to be included in the cert (see the attachment and logs below)
4. create custom client rpm
5. install that client rpm on a client machine
6. see all repos, but no dockers'


Actual results: 

>> rhui (repo) => l

Custom Repositories
  protected_repo
  unproteted_repo

Red Hat Repositories
  redhat-cert_docker
  rhel6_mini_docker
  rhel7_rsyslog_docker
  Beta RHEL RHUI Server 7 Optional OS (x86_64)
  RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386)
  RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64)
  Red Hat Storage 2.0 (source) for RHUI (x86_64)
  Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
  Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)

>> rhui (sync) => dr
Last Refreshed: 10:17:53
(updated every 5 seconds, ctrl+c to exit)

Next Sync                    Last Sync                    Last Result         
------------------------------------------------------------------------------
Beta RHEL RHUI Server 7 Optional OS (x86_64)
11-10-2016 15:52             11-10-2016 10:08             Success    

RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386)
11-10-2016 15:52             11-10-2016 09:52             Success    

RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64)
11-10-2016 15:52             11-10-2016 10:00             Success    

Red Hat Storage 2.0 (source) for RHUI (x86_64)
11-10-2016 15:52             11-10-2016 09:53             Success    

Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
11-10-2016 15:52             11-10-2016 09:53             Success    

Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)
11-10-2016 15:52             11-10-2016 09:53             Success    

redhat-cert_docker
11-10-2016 15:54             11-10-2016 10:06             Success    

rhel6_mini
11-10-2016 15:59             11-10-2016 10:16             Success    

rhel7_rsyslog
11-10-2016 15:58             11-10-2016 10:16             Success    


                                                   Connected: rhua.example.com

>> pulp-admin -u admin -p admin repo list
+----------------------------------------------------------------------+
                              Repositories
+----------------------------------------------------------------------+

Id:                  rhel-rhui-server-6-rhscl-1-debug-6Server-i386
Display Name:        RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386)
Description:         RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386)
Content Unit Counts: 

Id:                  rhs-2-for-rhui-server-source-x86_64
Display Name:        Red Hat Storage 2.0 (source) for RHUI (x86_64)
Description:         Red Hat Storage 2.0 (source) for RHUI (x86_64)
Content Unit Counts: 
  Erratum: 10
  Srpm:    40

Id:                  rhui-2.0-6Server-i386
Display Name:        Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
Description:         Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
Content Unit Counts: 

Id:                  rhui-2.0-6Server-x86_64
Display Name:        Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)
Description:         Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)
Content Unit Counts: 
  Rpm: 95

Id:                  rhel-rhui-server-6-rhscl-1-debug-6Server-x86_64
Display Name:        RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64)
Description:         RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64)
Content Unit Counts: 
  Erratum:                181
  Rpm:                    423
  Yum Repo Metadata File: 1

Id:                  redhat-cert_docker
Display Name:        redhat-cert_docker
Description:         redhat-cert_docker
Content Unit Counts: 
  Docker Blob:     7
  Docker Manifest: 7
  Docker Tag:      7

Id:                  beta-rhel-rhui-server-7-optional-os-x86_64
Display Name:        Beta RHEL RHUI Server 7 Optional OS (x86_64)
Description:         Beta RHEL RHUI Server 7 Optional OS (x86_64)
Content Unit Counts: 
  Rpm:                    4473
  Yum Repo Metadata File: 1

Id:                  rhel7_rsyslog
Display Name:        rhel7_rsyslog
Description:         rhel7_rsyslog
Content Unit Counts: 
  Docker Blob:     33
  Docker Manifest: 21
  Docker Tag:      21

Id:                  rhel6_mini
Display Name:        rhel6_mini
Description:         rhel6_mini
Content Unit Counts: 
  Docker Blob:     20
  Docker Manifest: 22
  Docker Tag:      22

Id:                  unproteted_repo
Display Name:        unproteted_repo
Description:         unproteted_repo
Content Unit Counts: 
  Rpm: 2

Id:                  protected_repo
Display Name:        protected_repo
Description:         protected_repo
Content Unit Counts: 
  Rpm: 2

>> rhui (client) => e

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories
    -  1 : protected/protected_repo
             protected_repo


  Red Hat Repositories
    -  2 : Beta RHEL RHUI Server 7 Optional OS
    -  3 : RHEL RHUI Server 6 Rhscl 1 Debug
    -  4 : RHEL RHUI Server 7 Optional OS
    -  5 : Red Hat Storage 2.0 (source) for RHUI
    -  6 : Red Hat Update Infrastructure 2.0 (RPMs)

Enter value (1-6) to toggle selection, 'c' to confirm selections, or '?' for more commands: a

Select one or more repositories to include in the entitlement certificate:

  Custom Repositories
    x  1 : protected/protected_repo
             protected_repo


  Red Hat Repositories
    x  2 : Beta RHEL RHUI Server 7 Optional OS
    x  3 : RHEL RHUI Server 6 Rhscl 1 Debug
    x  4 : RHEL RHUI Server 7 Optional OS
    x  5 : Red Hat Storage 2.0 (source) for RHUI
    x  6 : Red Hat Update Infrastructure 2.0 (RPMs)

Enter value (1-6) to toggle selection, 'c' to confirm selections, or '?' for more commands: c


Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that will
help identify the products contained with it:
ent_rhel7_cli

Local directory in which to save the generated certificate [current directory]:
/tmp

Number of days the certificate should be valid [365]:


Repositories to be included in the entitlement certificate:

  Custom Entitlements
    protected/protected_repo

  Red Hat Repositories
    Beta RHEL RHUI Server 7 Optional OS
    RHEL RHUI Server 6 Rhscl 1 Debug
    RHEL RHUI Server 7 Optional OS
    Red Hat Storage 2.0 (source) for RHUI
    Red Hat Update Infrastructure 2.0 (RPMs)

Proceed? (y/n) y

......+++
...........................................+++
Entitlement certificate created at /tmp/ent_rhel7_cli.crt

------------------------------------------------------------------------------

rhui (client) => с
Invalid menu item; type "?" for a list of available commands
rhui (client) => c

Full path to local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/tmp

Name of the RPM:
rpm_cli7

Version of the configuration RPM [2.0]:


Full path to the entitlement certificate authorizing the client to access
specific channels:
/tmp/ent_rhel7_cli.crt

Full path to the private key for the above entitlement certificate:
/tmp/ent_rhel7_cli.key

Port to serve Docker content on (default 5000):


Select any unprotected repositories to be included in the client configuration:
  -  1 : unproteted_repo
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1

Select any unprotected repositories to be included in the client configuration:
  x  1 : unproteted_repo
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c


Successfully created client configuration RPM.
RPMs can be found at /tmp


After custom client rpm install:
>>yum repolist
repo id                                                repo name                                status
rhui-beta-rhel-rhui-server-7-optional-os/x86_64        Beta RHEL RHUI Server 7 Optional OS      4,473
rhui-custom-protected_repo                             Custom Repositories - protected_repo     2
rhui-rhel-rhui-server-6-rhscl-1-debug/7Server/x86_64   RHEL RHUI Server 6 Rhscl 1 Debug         0
rhui-rhel-rhui-server-7-optional-os/7Server/x86_64     RHEL RHUI Server 7 Optional OS           0
rhui-rhs-2-for-rhui-server-source/x86_64               Red Hat Storage 2.0 (source) for RHUI    40
rhui-rhui-2.0/7Server/x86_64                           Red Hat Update Infrastructure 2.0 (RPMs) 0
rhui-unproteted_repo                                   unproteted_repo                          2
repolist: 4,517

Comment 4 Irina Gulina 2016-11-10 16:09:11 UTC
Created attachment 1219455 [details]
no docker repos to add to the cert

Comment 5 Patrick Creech 2016-11-10 16:52:02 UTC
there really isn't an entitlmenet workflow for docker repos... so adding them to a cert isn't really possible

The way to consume the docker repo is to have the docker config point to the cds, then the docker client can pull from the rhui cds

We do need to make sure that a 'client install' sets this properly.


After looking into it further, it isn't clear if the 'client config rpm' does this in any meaningful way.  Or if it can.  Looking into it and will provide followup

Comment 6 Irina Gulina 2016-11-11 09:28:22 UTC
Patrick, a custom cli rpm created in rhui-manager adds /etc/docker/certs.d/cds.example.com:5000/ca.crt on CLI machine. To create a custom cli rpm, one needs to generate an entitlement certificate first (Since crt and key files are prompted there). Entitlement certificate can be generated only when there are RH content or custom protected repos ssociated to RHUI. If one addes RH Docker repos ONLY and then wants to generate an entitlement certificate and create a custom cli rpm to make those Docker repos available to CLI, one will not be able to do it, since 

"There are no repository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection." is shown. 

It seems, it's not OK, agree?

Comment 7 Irina Gulina 2016-11-11 15:03:44 UTC
Following instructions from  comment #5, I was able to set up CLI to consume Docker content:

>> docker pull rhel-cert_docker
Using default tag: latest
Trying to pull repository cds.example.com:5000/rhel-cert_docker ... 
latest: Pulling from cds.example.com:5000/rhel-cert_docker
30cf2e26a24f: Pull complete 
99dd41655d8a: Pull complete 
27dc5eaef277: Pull complete 
Digest: sha256:83d4e7a94b123449557323292c688141b858f479cf351c7d630c7018a0dd9dad
Status: Downloaded newer image for cds.example.com:5000/rhel-cert_docker:latest

>> docker images
REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
cds.example.com:5000/rhel-cert_docker   latest              44793dff9fef        8 weeks ago         299.1 MB

Comment 8 Radek Bíba 2016-12-20 16:06:16 UTC
As for Atomic, things that we've tried work well. For example, after creating a configuration tar, copying it to an Atomic host and running install.sh, I'm able to do these things:

====
# ostree remote list
rhui-rhel-rhui-atomic-7-ostree-repo
# ostree pull rhui-rhel-rhui-atomic-7-ostree-repo:rhel-atomic-host/7/x86_64/standard

1 metadata, 0 content objects fetched; 837 B transferred in 1 seconds                                                                                                        
[root@ip-10-15-69-52 atomic-tar]# less ../.bash_history
[root@ip-10-15-69-52 atomic-tar]# ostree remote summary rhui-rhel-rhui-atomic-7-ostree-repo
* rhel-atomic-host/7/x86_64/standard
    Latest Commit (230 bytes):
      42cfe1ca3305defb16dfd59cd0be5c539f19ea720dba861ed11e13941423ae86

ostree.static-deltas: {}
# ostree log rhel-atomic-host/7/x86_64/standard
commit 42cfe1ca3305defb16dfd59cd0be5c539f19ea720dba861ed11e13941423ae86
Date:  2016-11-30 02:14:24 +0000
Version: 7.3.1
(no subject)

commit 90c9735becfff1c55c8586ae0f2c904bc0928f042cd4d016e9e0e2edd16e5e97
Date:  2016-10-26 14:24:09 +0000
Version: 7.3
(no subject)

<< History beyond this commit not fetched >>
====

Irina, can this RFE be considered VERIFIED? Or do you want to wait until the bugs in the dependency tree are all VERIFIED, too?

Also, I don't think the needinfo regarding docker is necessary anymore.

Comment 10 Patrick Creech 2017-02-13 13:30:50 UTC
clearing needinfo

Comment 11 errata-xmlrpc 2017-03-01 22:12:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0367


Note You need to log in before you can comment on or make changes to this bug.