Eliminates subscription-manager exec on every Puppet run #95
Conversation
speer
force-pushed
the
rewrite
branch
2 times, most recently
from
aa1e1e6 to
b0b0517
Compare
juniorsysadmin
added
backwards-incompatible
needs-feedback
| Puppet::Type.type(:rh_subscription).provide(:redhat) do | ||
| commands rhsm: '/usr/sbin/subscription-manager' | ||
| commands rct: '/usr/bin/rct' |
There was a problem hiding this comment.
for those that never heard of this command:
rct - Displays information (headers) about or size and statistics of a entitlement, product, or identity certificate used by Red Hat Subscription Manager.
| mk_resource_methods | ||
|
|
||
| def self.subscriptions | ||
| subs = {} | ||
| rhsm('list', '--consumed').split("\n\n").each do |blk| |
There was a problem hiding this comment.
could you document the method? especially some return value example
| sub_data[element[1]] = element[2] | ||
| section = nil | ||
| cert_raw_data.split("\n").each do |line| | ||
| if line =~ %r{^([^:\s]+):$} |
There was a problem hiding this comment.
maybe some example of the output of rct would help.
There was a problem hiding this comment.
Thank's for your feedback! Added some documentation, hope that explains it better :)
| $package_ensure = 'latest', | ||
| Array[String[1]] $enabled_repo_ids = [], | ||
| ) { | ||
| Optional[String[1]] $rh_user = undef, |
There was a problem hiding this comment.
Just FYI: back in the days we explicitly didn't use data types potentially stay compatible with the old puppet provided by Redhat with Satellite 6.
There was a problem hiding this comment.
As the type/provider code does not work with Puppet 3 Agents, this is fine for Satellite >= 6.4 (cornercase: Puppet 4/5 Server and Puppet 3 Agent)
| Array[String[1]] $enabled_repo_ids = [], | ||
| ) { | ||
| Optional[String[1]] $rh_user = undef, | ||
| Optional[String[1]] $rh_password = undef, |
| end | ||
| repos[repo_data['Repo ID']] = { | ||
| enabled: repo_data['Enabled'] | ||
| repo_file = Puppet::Util::IniConfig::PhysicalFile.new('/etc/yum.repos.d/redhat.repo') |
There was a problem hiding this comment.
This will improve reliability and performce!
|
@bastelfreak @ekohl does this PR still need feedback? |
|
I hadn't looked at it before. For the future, splitting the data types and other cleanups into a separate commit makes reviewing easier. You don't have to split it now. I must admit I don't know enough about subscription manager to properly review this though :( |
| serial: sub_data['Serial'] | ||
| subs[sub_data['Certificate']['Pool ID']] = { | ||
| name: sub_data['Order']['Name'], | ||
| serial: sub_data['Certificate']['Serial'] |
There was a problem hiding this comment.
Rubocop mentions the missing comma at the end of the line
There was a problem hiding this comment.
If I add the comma, TravisCI build fails...
Offenses:
lib/puppet/provider/rh_subscription/redhat.rb:108:50: C: Style/TrailingCommaInLiteral: Avoid comma after the last item of a hash. (https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas)
serial: sub_data['Certificate']['Serial'],
^
lib/puppet/provider/rh_subscription/redhat.rb:119:30: C: Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call. (https://github.com/bbatsov/ruby-style-guide#no-trailing-params-comma)
serial: data[:serial],
| def self.instances | ||
| subscriptions.map do |pool, data| | ||
| new( | ||
| ensure: :present, | ||
| name: pool, | ||
| active: active?(data[:active]), | ||
| serial: data[:serial] |
There was a problem hiding this comment.
Rubocop mentions the missing comma at the end of the line
There was a problem hiding this comment.
If I add the comma, TravisCI build fails...
Offenses:
lib/puppet/provider/rh_subscription/redhat.rb:108:50: C: Style/TrailingCommaInLiteral: Avoid comma after the last item of a hash. (https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas)
serial: sub_data['Certificate']['Serial'],
^
lib/puppet/provider/rh_subscription/redhat.rb:119:30: C: Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call. (https://github.com/bbatsov/ruby-style-guide#no-trailing-params-comma)
serial: data[:serial],
There was a problem hiding this comment.
Yes, in Rubocop we have different rules. Personally I'd prefer trailing commas here as well but let's not change rubocop rules as part of this PR.
Note, that this commit contains changes that break backward-compatibility. Additionally: * this gets rid of `rhsm::repo` which had already been replaced by `rh_repo`. There is no need of supporting two types that do the same, just differently. * types have been added to the `rhsm` class (contrib @kallies). * the `pool` parameter has been removed, since one should use `rh_subscription` for that. * service `rhsmcertd` is ensured to be enabled and running. This service is responsible for a periodical cert renewal and auto-attach (see rhsm.conf). * exec 'sm yum clean all' has beed removed. * `RHSM-subscribe` has been removed, since auto-attach happens already periodical via rhsmcertd. Attachment of pool subscriptions happens via `rh_subscription`.
Pull Request (PR) description
The idea behind this PR is to get rid of
subscription-managerexecutions on every Puppet-run. If there are issues with subscription-manager, (ex. Satellite down or similar) these executions block all the Puppet runs on all connected systems. In those cases, the whole Puppet infrastructure becomes unusable, since during Puppet runs, all calls of "subscription-manager identity, subscription-manager list, subscription-manager repos" hang and lead to almost never finishing Puppet agent runs. There are basically no timeouts of some of these calls (neither server_timeout in rhsm.conf leads to improvements of the situation).Also we found, that in such situations, the module had tried to run "auto attach" on all of our systems. This is probably because the onlyif condition of RHSM-subscribe triggered somehow...
Because of the reasons explained above, we found, this module should not rely on subscription-manager anymore for verifying the systems current state and use it only for registering systems, assigning/removing subscriptions and enabling/disabling repos.
With this PR, the module relies on entitlement certificates and the redhat.repo file, which are kept up to date periodically by rhsmcertd. Of course I agree, that there might occur race conditions, where these sources of truth could not always be as reliable as subscription-manager executions, but I find the trade-off justifiable, because of the issues explained above.
Partly, this problem has already been addressed by @kallies in #91 but this was limited to the executions of the rhsm facts only. So the current PR supersedes #91
In this PR I further removed the
rhsm::repotype, which had already been replaced byrh_repo. I see no need of supporting two types that do the same, just differently.Also I removed the
poolparameter in init.pp, since I found that one should userh_subscriptionfor that.Because of already touching the parameter list of init.pp, I also added the types contributed by @kallies in #86
Note, that this PR contains changes that break backward-compatibility.
This Pull Request (PR) fixes the following issues
Fixes #90
Fixes #92