[katello-devel] Manifest Conflicts And How To Override Them
Devan Goodwin
dgoodwin at rm-rf.ca
Tue Oct 16 18:34:45 UTC 2012
New code we demo'ed awhile back is completed and in candlepin since
candlepin-0.7.14-1.
When importing manifests, in a 409 conflict the translated
displayMessage may now be newline separated (if multiple conflicts
occurred), and will usually also include a list of keys you can
programatically check and adjust behaviour accordingly. (assuming the
conflict is one that can be overridden)
You override by appending ?force=key1&force=key2 to the import URL,
using the exact same keys given by the conflict exception.
$ curl -k -u admin:admin -F
upload=@/home/dgoodwin/src/candlepin/manifest1.zip
"https://hostname:8443/candlepin/owners/testorg/imports?force=DISTRIBUTOR_CONFLICT"
{
"displayMessage" : "Import is older than existing data",
"conflicts" : [ "MANIFEST_OLD" ]
}%
We now differentiate between an older manifest and the same manifest.
(MANIFEST_OLD vs MANIFEST_SAME) Brad requested this so you could
detect if a manifest was imported successfully in candlepin but then
failed in pulp, and needs to be retried. If you see this manifest
conflict, you can override it, but there's really no point, you can
just proceed with the import in pulp.
We added DISTRIBUTOR_CONFLICT at Tom's request, which will let you
import a manifest from a new distributor. If that new distributor is
in the same upstream org, and using roughly the same quantities from
the exact same pools, forcing this manifest will not harm your
existing entitlements. However if it's from another org, or using
different pools, or using drastically less quantities, your systems
may have their entitlements revoked. This is very much something the
user will need to be warned about in Katello before overriding because
it could wreak havoc.
WARNING: make sure not to force these by default, a slip in which
manifest is used could do serious damage to existing entitlements.
SIGNATURE_CONFLICT is not yet enabled, I had a terrible time getting
it to work at all regardless what upstream cert I setup, but it became
clear Katello is not yet fetching or distributing the upstream cert in
any fashion, so we're simply not ready to re-enable this yet.
Let me know if you have questions.
Cheers,
Devan
More information about the katello-devel
mailing list