Remove subscription-manager from Ansible base image.

[asmacdo]

Bug Report

From slack:

In short, our container uses the base image quay.io/operator-framework/ansible-operator:v1.13.1 that we then yum update to pick up all cve fixes and the like. But it fails:
Status: Downloaded newer image for quay.io/operator-framework/ansible-operator:v1.13.1
---> 6546e357d59e
Step 4/12 : USER root
---> Running in 39fe0919323f
Removing intermediate container 39fe0919323f
---> f82b4fa1139a
Step 5/12 : RUN yum update -y && yum clean all
---> Running in 4352a9d62f3b
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Red Hat Universal Base Image 8 (RPMs) - BaseOS 9.4 MB/s | 780 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStre 28 MB/s | 2.6 MB 00:00
Red Hat Universal Base Image 8 (RPMs) - CodeRea 272 kB/s | 15 kB 00:00
Error:
Problem 1: cannot install the best update candidate for package python3-subscription-manager-rhsm-1.28.13-4.el8_4.x86_64

• nothing provides python3-cloud-what = 1.28.29-3.el8 needed by python3-subscription-manager-rhsm-1.28.29-3.el8.x86_64

Solution

Uninstall subscription manager in the base image.

Add to the base image:

dnf remove -y subscription-manager python3-subscription-manager-rhsm dnf-plugin-subscription-manager

[jmazzitelli]

@jmrodri said the following in another channel - may or may not be related to the actual problem:

There was an issue with the ubi.repo file missing from the /etc/yum.repos.d/ . Not sure if that's related

[asmacdo]

Reached out to rhsm+subscription manager folks for confirmation.

That's not an error. Subscription-manager is installed which is why you are seeing the notification. That's basically the "sub-man could be doing more for you" message. I'm a little surprised to see sub-man included in the base UBI images.

[asmacdo]

I was not able to replicate this on master or using the 1.13.1 image.

FROM quay.io/operator-framework/ansible-operator:dev
USER root
RUN yum update -y && yum clean all
...<snip>

FROM quay.io/operator-framework/ansible-operator:v1.13.1
USER root
RUN yum update -y && yum clean all
...<snip>

In both cases, I did see that subscription manager wasn't registered (as expected), but I did not run into the situation that there was a required subscription-manager provided dependency.

docker-build stdout](https://pastebin.com/GTqZvdDg)

I think we would probably be fine to remove subscription-manager to be leaner. If anyone encounters this problem, they should be able to remove subscription-manager in their own dockerfile to work around this.

IMO, we should not bother adding this to the base images since there is a workaround. Instead we should prioritize the switch to ubi-micro, which does not contain these packages to begin with.

[asmacdo]

Closing for now as explained above. Added a comment to reopen this issue if ubi-micro does not solve this issue.
#5619 (comment)