The issue of expired manifests is causing operational inefficiencies and security risks for customers, particularly those who rely on satellite-based repositories for critical software updates. Currently, when a manifest expires, customers lose access to important updates and repository content, which can expose them to security vulnerabilities and compliance risks. We propose enhancing the handling of expired manifests to reduce customer disruption and improve the overall user experience.

Proposed Enhancements:

1. Periodic Manifest Refresh:
   Implement an automated periodic manifest refresh to extend the expiration date of manifests proactively. This would ensure that customers remain up to date with the latest software and security patches without needing to manually refresh the manifest.

• • Challenges: This may not be ideal for larger customers, where running a manifest refresh task could degrade performance (e.g., for clients like Visa). 

1. Enhanced Distributor Certificate Check and Alerts:
   Build on the existing manifest distributor certificate check, which currently runs in the background for expired subscription notifications. We propose:

• • Sending proactive email alerts when a manifest is within 7 or x days of expiration.

• • Introducing auto-renewal functionality to extend the manifest validity within the 7-day window.

1. Lightweight Connectivity Test Between Satellite and Hosted Candlepin:
   Implement a lightweight connectivity test using the manifest's certificates. This test would:

• • Proactively alert users to potential connectivity or expiration issues before they become critical.

• • Provide visibility into subscription issues in real-time, minimizing operational disruptions.

• • Implement an optional recurring connectivity test logic in Foreman that runs every hour to validate the consumer certificate of the manifest.
  • This would automatically run every hour unless disabled by the customer.

• • If a test fails, it would narrow the issue detection window to 1 hour, improving troubleshooting efficiency.

• • Automatically disable if Satellite is in disconnected mode (subscription_connection_enabled=False).

Impact:

• Reduced security risks and operational inefficiencies.

• Proactive measures to ensure that customers are notified ahead of time about expiring manifests, thus improving compliance and security.

• Enhanced customer experience with more automated and transparent management of manifest expiration.