feat: Remove autoheal functionality from rhsmcertd

Card ID: CCT-723

Removed autoheal sub-command from rhsmcertd because
autoheal is useless in pure SCA mode..

INSTALL.md

@@ -100,7 +100,7 @@ Other versions or distributions may require some adaptation.
    alias rhsmcertd="sudo \
        PYTHONPATH=/path/to/subscription-manager/src \
        $(which python3) \
-       -m subscription_manager.scripts.rhsmcertd_worker --autoheal"
+       -m subscription_manager.scripts.rhsmcertd_worker"
    ```
 
    Before you run rhsm service manually, ensure you have disabled the system service first:

etc-conf/rhsm.conf

@@ -87,8 +87,6 @@ progress_messages = 1
 [rhsmcertd]
 # Interval to run cert check (in minutes):
 certCheckInterval = 240
-# Interval to run auto-attach (in minutes):
-autoAttachInterval = 1440
 # If set to zero, the checks done by the rhsmcertd daemon will not be splayed (randomly offset)
 splay = 1
 # If set to 1, rhsmcertd will not execute.

etc-conf/rhsmcertd.completion.sh

@@ -11,7 +11,7 @@ _rhsmcertd()
 	first="${COMP_WORDS[1]}"
 	cur="${COMP_WORDS[COMP_CWORD]}"
 	prev="${COMP_WORDS[COMP_CWORD-1]}"
-	opts="-h --help -c --cert-check-interval --cert-interval -d --debug --heal-interval -i --auto-attach-interval -n --now -s --no-splay -a --auto-registration -r --auto-registration-interval"
+	opts="-h --help -c --cert-check-interval --cert-interval -d --debug -i -n --now -s --no-splay -a --auto-registration -r --auto-registration-interval"
 
 	case "${cur}" in
 		-*)

man/asciidoc/rhsm.conf.5.asciidoc

@@ -129,11 +129,6 @@ pluginConfDir::
 certCheckInterval::
   The number of minutes between runs of the *rhsmcertd* daemon
 
-autoAttachInterval::
-  The number of minutes between attempts to run auto-attach on this
-  consumer.
-
-
 AUTHOR
 ------
 Bryan Kearney <bkearney@redhat.com>

man/rhsm.conf.5

@@ -240,11 +240,6 @@ The number of minutes between runs of the
 daemon
 .RE
 .PP
-autoAttachInterval
-.RS 4
-The number of minutes between attempts to run auto\-attach on this consumer\&.
-.RE
-.PP
 splay
 .RS 4
 1 to enable splay. 0 to disable splay. If enabled, this feature delays the initial auto attach and cert check by an amount between 0 seconds and the interval given for the action being delayed. For example if the

man/rhsmcertd.8

@@ -3,12 +3,12 @@
 rhsmcertd \- Periodically scans and updates the entitlement certificates on a registered system.
 
 .SH SYNOPSIS
-rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MINUTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-registration] [--debug] [--help]
+rhsmcertd [--cert-check-interval=MINUTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-registration] [--debug] [--help]
 
 .PP
 .I Deprecated usage
 .PP
-rhsmcertd [\fIcertInterval autoattachInterval\fP]
+rhsmcertd [\fIcertInterval\fP]
 
 .SH DESCRIPTION
 Red Hat provides content updates and support by issuing
@@ -21,7 +21,7 @@ When subscriptions are applied to a system or when new subscriptions are availab
 process runs periodically to check for changes in the subscriptions available to a machine by updating the entitlement certificates installed on the machine and by installing new entitlement certificates as they're available.
 
 .PP
-At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the \fBrhsmcertd\fP process will automatically request those subscriptions. By default, the initial auto-attach is delayed by a random amount of seconds from zero to the \fBautoAttachInterval\fP. The initial cert check is delayed by a random amount of seconds from zero to \fBcertCheckInterval\fP.
+At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the \fBrhsmcertd\fP process will automatically request those subscriptions. By default, the initial cert check is delayed by a random amount of seconds from zero to \fBcertCheckInterval\fP.
 
 .PP
 This \fbrhsmcertd\fP process can also perform automatic registration, when VM is running in the public cloud. Three public cloud providers are supported: AWS, Azure and GCP. When it is desired to perform automatic registration by rhsmcertd, then it is also necessary to configure mapping of "Cloud ID" to "RHSM organization ID" on https://cloud.redhat.com.
@@ -33,7 +33,7 @@ rhsmcertd-worker.py
 script to perform the certificate add and update operations.
 
 .PP
-Both the certificate interval and the auto-attach interval are configurable and can be reset through the \fBrhsmcertd\fP daemon itself or by editing the Subscription Manager \fB/etc/rhsm/rhsm.conf\fP file.
+The certificate interval is configurable and can be reset through the \fBrhsmcertd\fP daemon itself or by editing the Subscription Manager \fB/etc/rhsm/rhsm.conf\fP file.
 
 .PP
 .B rhsmcertd
@@ -58,12 +58,6 @@ Resets the interval for checking for new subscription certificates. This value i
 .B /etc/rhsm/rhsm.conf
 file are used (unless the argument is passed again).
 
-.TP
-.B -i, --auto-attach-interval=MINUTES
-Resets the interval for checking for and replacing expired subscriptions. This value is in minutes. The default is 1440, or 24 hours. This interval is in effect until the daemon restarts, and then the values in the
-.B /etc/rhsm/rhsm.conf
-file are used (unless the argument is passed again).
-
 .TP
 .B -r, --auto-registration-interval=MINUTES
 Resets the interval for automatic registration. This value is in minutes. The default is 60, or 1 hour. This interval is in effect until the daemon restarts, and then the values in the
@@ -93,22 +87,22 @@ service rhsmcertd stop
 rhsmcertd --cert-check-interval=240
 .fi
 
-.SS RUNNING CERTIFICATE AND HEALING SCANS IMMEDIATELY
-Normally, the certificate and auto-attach scans are run periodically, on a schedule defined in the \fBrhsmcertd\fP configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules.
+.SS RUNNING CERTIFICATE SCANS IMMEDIATELY
+Normally, the certificate scans are run periodically, on a schedule defined in the \fBrhsmcertd\fP configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules.
 .nf
 service rhsmcertd stop
 rhsmcertd -n
 .fi
 
 .SS DEPRECATED USAGE
-\fBrhsmcertd\fP used to allow the certificate and auto-attach intervals to be reset simply by passing two integers as arguments.
+\fBrhsmcertd\fP used to allow the certificate intervals to be reset simply by passing an integer argument.
 .PP
-\fBrhsmcertd\fP \fIcertInterval autoAttachInterval\fP
+\fBrhsmcertd\fP \fIcertInterval\fP
 .PP
 For example:
 .nf
 service rhsmcertd stop
-rhsmcertd 180 480
+rhsmcertd 180
 .fi
 .PP
 This usage is still allowed, but it is deprecated and not recommended.

src/daemons/rhsmcertd.c

@@ -47,15 +47,13 @@ typedef enum {
 #define LOGFILE LOGDIR"/rhsmcertd.log"
 #define LOCKFILE "/var/lock/subsys/rhsmcertd"
 #define NEXT_CERT_UPDATE_FILE "/run/rhsm/next_cert_check_update"
-#define NEXT_AUTO_ATTACH_UPDATE_FILE "/run/rhsm/next_auto_attach_update"
 #define NEXT_AUTO_REGISTER_UPDATE_FILE "/run/rhsm/next_auto_register_update"
 #define WORKER LIBEXECDIR"/rhsmcertd-worker"
 #define WORKER_NAME WORKER
 #define PACKAGE_PROFILE_UPLOADER LIBEXECDIR"/rhsm-package-profile-uploader"
 #define INITIAL_DELAY_SECONDS 120
 #define DEFAULT_AUTO_REG_INTERVAL_SECONDS 3600 /* 1 hour */
 #define DEFAULT_CERT_INTERVAL_SECONDS 14400    /* 4 hours */
-#define DEFAULT_HEAL_INTERVAL_SECONDS 86400    /* 24 hours */
 #define DEFAULT_SPLAY_ENABLED true
 #define DEFAULT_AUTO_REGISTRATION false
 #define DEFAULT_LOG_LEVEL LOG_LEVEL_INFO
@@ -86,33 +84,20 @@ static LOG_LEVEL log_level = DEFAULT_LOG_LEVEL;
 static gboolean show_debug = FALSE;
 static gboolean run_now = FALSE;
 static gint arg_cert_interval_minutes = -1;
-static gint arg_heal_interval_minutes = -1;
 static gint arg_reg_interval_minutes = -1;
 static gboolean arg_no_splay = FALSE;
 static gboolean arg_auto_registration = FALSE;
 static int fd_lock = -1;
 
 struct CertCheckData {
     int interval_seconds;
-    bool heal;
     char *next_update_file;
 };
 
 static GOptionEntry entries[] = {
-    /* marked deprecated as of 02-19-2013, needs to be removed...? */
-    {"cert-interval", 0, 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes,
-     N_("deprecated, see --cert-check-interval"),
-     "MINUTES"},
     {"cert-check-interval", 'c', 0, G_OPTION_ARG_INT, &arg_cert_interval_minutes,
      N_("interval to run cert check (in minutes)"),
      "MINUTES"},
-    /* marked deprecated as of 11-16-2012, needs to be removed...? */
-    {"heal-interval", 0, 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes,
-     N_("deprecated, see --auto-attach-interval"),
-     "MINUTES"},
-    {"auto-attach-interval", 'i', 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes,
-     N_("interval to run auto-attach (in minutes)"),
-     "MINUTES"},
     {"auto-registration-interval", 'r', 0, G_OPTION_ARG_INT, &arg_reg_interval_minutes,
             N_("interval to run auto-registration (in minutes)"),
             "MINUTES"},
@@ -132,7 +117,6 @@ static GOptionEntry entries[] = {
 
 typedef struct _Config {
     int auto_reg_interval_seconds;
-    int heal_interval_seconds;
     int cert_interval_seconds;
     bool splay;
     bool auto_registration;
@@ -433,7 +417,7 @@ auto_register(gpointer data)
 }
 
 static gboolean
-cert_check (gboolean heal)
+cert_check (G_GNUC_UNUSED gpointer data)
 {
     int status = 0;
 
@@ -443,23 +427,14 @@ cert_check (gboolean heal)
         exit (EXIT_FAILURE);
     }
     if (pid == 0) {
-        if (heal) {
-            debug ("(Auto-attach) executing: %s --autoheal", WORKER);
-            execl (WORKER, WORKER_NAME, "--autoheal", NULL);
-        } else {
-            debug ("(Cert check) executing: %s", WORKER);
-            execl (WORKER, WORKER_NAME, NULL);
-        }
+        debug ("(Cert check) executing: %s", WORKER);
+        execl (WORKER, WORKER_NAME, NULL);
         _exit (errno);
     }
     waitpid (pid, &status, 0);
     status = WEXITSTATUS (status);
 
     char *action = "Cert Check";
-    if (heal) {
-        action = "Auto-attach";
-    }
-
     if (status == 0) {
         info ("(%s) Certificates updated.", action);
     } else {
@@ -474,11 +449,11 @@ static gboolean
 initial_cert_check (gpointer data)
 {
     struct CertCheckData *cert_data = data;
-    cert_check (cert_data->heal);
+    cert_check (NULL);
     // Add the timeout to begin waiting on interval but offset by the initial
     // delay.
     g_timeout_add (cert_data->interval_seconds * 1000,
-        (GSourceFunc) cert_check, (gpointer) cert_data->heal);
+        (GSourceFunc) cert_check, NULL);
     g_timeout_add (cert_data->interval_seconds * 1000,
            (GSourceFunc) log_update_from_cert_data,
            (gpointer) cert_data);
@@ -615,17 +590,6 @@ key_file_init_config (Config * config, GKeyFile * key_file)
         config->cert_interval_seconds = cert_frequency * 60;
     }
 
-    int heal_frequency = get_int_from_config_file (key_file, "rhsmcertd",
-                               "healFrequency");
-    int auto_attach_interval = get_int_from_config_file (key_file, "rhsmcertd",
-                               "autoAttachInterval");
-    if (auto_attach_interval > 0) {
-        config->heal_interval_seconds = auto_attach_interval * 60;
-    }
-    else if (heal_frequency > 0) {
-        config->heal_interval_seconds = heal_frequency * 60;
-    }
-
     bool splay_enabled = get_bool_from_config_file (key_file, "rhsmcertd",
                             "splay", DEFAULT_SPLAY_ENABLED);
     config->splay = splay_enabled;
@@ -682,15 +646,14 @@ key_file_init_config (Config * config, GKeyFile * key_file)
 void
 deprecated_arg_init_config (Config * config, int argc, char *argv[])
 {
-    if (argc != 3) {
+    if (argc != 2) {
         error ("Wrong number of arguments specified.");
         print_argument_error(N_("Wrong number of arguments specified.\n"));
         free (config);
         exit (EXIT_FAILURE);
     }
 
     config->cert_interval_seconds = atoi (argv[1]) * 60;
-    config->heal_interval_seconds = atoi (argv[2]) * 60;
 }
 
 bool
@@ -701,10 +664,6 @@ opt_parse_init_config (Config * config)
         config->cert_interval_seconds = arg_cert_interval_minutes * 60;
     }
 
-    if (arg_heal_interval_minutes != -1) {
-        config->heal_interval_seconds = arg_heal_interval_minutes * 60;
-    }
-
     if (arg_reg_interval_minutes != -1) {
         config->auto_reg_interval_seconds = arg_reg_interval_minutes * 60;
     }
@@ -719,7 +678,6 @@ opt_parse_init_config (Config * config)
     // Let the caller know if opt parser found arg values
     // for the intervals.
     return arg_cert_interval_minutes != -1
-        || arg_heal_interval_minutes != -1
         || arg_reg_interval_minutes != -1
         || arg_no_splay != FALSE
         || arg_auto_registration != FALSE;
@@ -734,7 +692,6 @@ get_config (int argc, char *argv[])
     // Set the default values
     config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS;
     config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS;
-    config->heal_interval_seconds = DEFAULT_HEAL_INTERVAL_SECONDS;
     config->splay = DEFAULT_SPLAY_ENABLED;
     config->auto_registration = DEFAULT_AUTO_REGISTRATION;
 
@@ -823,7 +780,6 @@ main (int argc, char *argv[])
     // up its resources more reliably in case of error.
     int auto_reg_interval_seconds = config->auto_reg_interval_seconds;
     int cert_interval_seconds = config->cert_interval_seconds;
-    int heal_interval_seconds = config->heal_interval_seconds;
     bool splay_enabled = config->splay;
     bool auto_reg_enabled = config->auto_registration;
     free (config);
@@ -861,8 +817,6 @@ main (int argc, char *argv[])
     } else {
         debug ("Auto-registration disabled");
     }
-    info ("Auto-attach interval: %.1f minutes [%d seconds]",
-          heal_interval_seconds / 60.0, heal_interval_seconds);
     info ("Cert check interval: %.1f minutes [%d seconds]",
           cert_interval_seconds / 60.0, cert_interval_seconds);
 
@@ -873,12 +827,10 @@ main (int argc, char *argv[])
     // NOTE: We put the initial checks on a timer so that in the case of systemd,
     // we can ensure that the network interfaces are all up before the initial
     // checks are done.
-    int auto_attach_initial_delay = 0;
     int cert_check_initial_delay = 0;
     if (run_now) {
         info ("Initial checks will be run now!");
     } else {
-        int auto_attach_offset = 0;
         int cert_check_offset = 0;
         if (splay_enabled == true) {
             unsigned long int seed;
@@ -916,49 +868,34 @@ main (int argc, char *argv[])
             }
 #endif
             srand((unsigned int) seed);
-            auto_attach_offset = gen_random(heal_interval_seconds);
             cert_check_offset = gen_random(cert_interval_seconds);
         }
 
-        auto_attach_initial_delay = INITIAL_DELAY_SECONDS + auto_attach_offset;
-        info ("Waiting %.1f minutes plus %d splay seconds [%d seconds total] before performing first auto-attach.",
-                INITIAL_DELAY_SECONDS / 60.0, auto_attach_offset, auto_attach_initial_delay);
         cert_check_initial_delay = INITIAL_DELAY_SECONDS + cert_check_offset;
         info ("Waiting %.1f minutes plus %d splay seconds [%d seconds total] before performing first cert check.",
                 INITIAL_DELAY_SECONDS / 60.0, cert_check_offset, cert_check_initial_delay);
     }
 
     struct CertCheckData auto_register_data;
     auto_register_data.interval_seconds = auto_reg_interval_seconds;
-    auto_register_data.heal = false;
     auto_register_data.next_update_file = NEXT_AUTO_REGISTER_UPDATE_FILE;
 
     struct CertCheckData cert_check_data;
     cert_check_data.interval_seconds = cert_interval_seconds;
-    cert_check_data.heal = false;
     cert_check_data.next_update_file = NEXT_CERT_UPDATE_FILE;
 
-    struct CertCheckData auto_attach_data;
-    auto_attach_data.interval_seconds = heal_interval_seconds;
-    auto_attach_data.heal = true;
-    auto_attach_data.next_update_file = NEXT_AUTO_ATTACH_UPDATE_FILE;
-
     if (auto_reg_enabled) {
         auto_register((gpointer) &auto_register_data);
     }
     g_timeout_add (cert_check_initial_delay * 1000,
                (GSourceFunc) initial_cert_check, (gpointer) &cert_check_data);
-    g_timeout_add (auto_attach_initial_delay * 1000,
-               (GSourceFunc) initial_cert_check, (gpointer) &auto_attach_data);
 
     // NB: we only use cert_interval_seconds when calculating the next update
-    // time. This works for most users, since the cert_interval aligns with
-    // runs of heal_interval (i.e., heal_interval % cert_interval = 0)
+    // time.
     if (auto_reg_enabled) {
         log_update (0, NEXT_AUTO_REGISTER_UPDATE_FILE);
     }
     log_update (cert_check_initial_delay, NEXT_CERT_UPDATE_FILE);
-    log_update (auto_attach_initial_delay, NEXT_AUTO_ATTACH_UPDATE_FILE);
 
     GMainLoop *main_loop = g_main_loop_new (main_context, FALSE);
     g_main_loop_run (main_loop);