We’ve launched instances of CentOS 7.4 over the last few months. During the provisioning stage we remove the default CentOS*.repo files and content register to Katello. This worked well.
Since 7.5 release there are many new packages available, and after running through all the yum updates the CentOS*.repo files have been re-created. I see there is an rpm
“centos-release-7-5.1804.el7.centos.2.x86_64” which includes the repos but I can’t remove this package as the entire package tree is dependent on it.
# rpm -ql centos-release-7-5.1804.el7.centos.2.x86_64
/etc/centos-release
/etc/centos-release-upstream
/etc/issue
/etc/issue.net
/etc/os-release
/etc/pki/rpm-gpg
/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7
/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-7
/etc/redhat-release
/etc/rpm/macros.dist
/etc/system-release
/etc/system-release-cpe
/etc/yum.repos.d/CentOS-Base.repo
/etc/yum.repos.d/CentOS-CR.repo
/etc/yum.repos.d/CentOS-Debuginfo.repo
/etc/yum.repos.d/CentOS-Media.repo
/etc/yum.repos.d/CentOS-Sources.repo
/etc/yum.repos.d/CentOS-Vault.repo
/etc/yum.repos.d/CentOS-fasttrack.repo
/etc/yum/vars/infra
/usr/lib/systemd/system-preset/85-display-manager.preset
/usr/lib/systemd/system-preset/90-default.preset
/usr/share/centos-release/EULA
/usr/share/doc/centos-release/Contributors
/usr/share/doc/centos-release/GPL
/usr/share/doc/redhat-release
/usr/share/redhat-release
Does anyone have solutions for this other than using config mgmt to remove the repo files? Feels a bit hacky especially with yum caching.
This also happens when launching a new instance of CentOS 7.5. During the provisioning stage we again remove the repos, but one of the last stages of provisioning is to run package updates which pulls those repos back in again if the release package is updated.
Thanks
1 Like
I’ve just been going through this myself. The presence of the default repos was preventing puppet from installing during provisioning as the box has no access to the outside internet at that stage of provisioning.
I have created a snippet that moves the default repos out of /etc/yum.repos.d. I was running it just before the subscription-manager phase of our clone of the katello_kickstart_default template. This worked and the repos were moved and the system is subscribed to Katello.
The next issue was that yum update is called which updates centos-release and puts the default repos back. This causes the puppet install to fail as yum errors out on not being able to reach the baseurl of CentOS-Base.repo.
I tried to exclude centos-release from the update but that did not work, probably not a bad thing considering the other packages included in centos-release. The eventual solution was to run my snippet again before puppet is installed, this has worked and the provision filly completes successfully.
Here’s the sections of the provisioning template where the snippet is inserted:
#update local time
echo "updating system time"
/usr/sbin/ntpdate -sub <%= @host.params['ntp-server'] || 'ntp1.det.wa.edu.au' %>
/usr/sbin/hwclock --systohc
<%= snippet "ens_remove_default_repos" %>
<%= snippet "ens_subscription_manager_registration" %>
<% if @host.info['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%>
<%= snippet "freeipa_register" %>
<% end -%>
# update all the base packages from the updates repository
yum -t -y -e 0 update --exclude centos-base
<%= snippet('remote_execution_ssh_keys') %>
<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>
<% if puppet_enabled %>
<%= snippet "ens_remove_default_repos" %>
<%= snippet 'ens_puppet_setup' %>
<% end -%>
And here’s the test version of the snippet:
<%#
kind: provision
name: ens_remove_default_repos
oses:
- CentOS 5
- CentOS 6
- CentOS 7
- RedHat 5
- RedHat 6
- RedHat 7
- Fedora 19
- Fedora 20
%>
# Remove the default repos so yum does not fail
if [ ! -d /etc/yum.repos.d/DISABLED ]
then
/bin/mkdir /etc/yum.repos.d/DISABLED
fi
/bin/mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/DISABLED
# Clear the yum cache
/usr/bin/yum clean all
/usr/bin/rm -rf /var/cache/yum/*
This will remove the redhat.repo too but subscription-manager seems to restore that file.
This is still a bit hacky as we will have to do it prior to patching too so I will try and come up with a better way.
