We try to keep most subnets dark (without Internet access) and this also includes the external smart proxy subnets.
I noticed installing a external smart proxy without access to Internet was not possible due to the way the installer is made. It spawns new repo files in /etc/yum.repos.d/ that points to Internet even if I made those repos available from the Foreman server.
However I thought, after the installation, I can perhaps maintain the smart proxy from Forman/Katello and kill the access to Internet.
So I have created these repos on the Foreman server and subscribed the smart proxy to them:
https://releases.ansible.com/ansible-runner/rpm/epel-8-x86_64/
https://yum.theforeman.org/katello/4.4/candlepin/el8/x86_64/
https://yum.theforeman.org/releases/3.2/el8/x86_64/
https://yum.theforeman.org/plugins/3.2/el8/x86_64/
https://yum.theforeman.org/katello/4.4/katello/el8/x86_64/
https://yum.theforeman.org/pulpcore/3.16/el8/x86_64/
https://yum.puppetlabs.com/puppet7/el/8/x86_64
So when new releases comes, I create new repos, adding also them to the smart proxy.
Is this a bad idea?