Correct way to add content repository for a repository normally installed via .rpm?

I’m in the process of adding in additional repositories into my foreman content library.

This has been pretty straightforward for repositories that provide a URL natively, but some, such as Graylog-Sidecar which are normally installed via a .RPM file have been giving me some challenges.
For example, Graylog-Sidecar, is normally installed via these steps

sudo rpm -Uvh
sudo yum install graylog-sidecar

I assume that the RPM is responsible for automatically adding the GPG key to the system as well as creating a repository entry on the system?

Is the best way to add a package such as this one to the Content Library| Repositories as follows?

  • Get the Package GPG key
  • Scrape the Repo BaseURL off a system that already has the RPM installed
  • Add the GPG to Content Credentials and Repo as a “Yum” using the BaseURL


cd ~
rpm2cpio graylog-sidecar-repository-1-2.noarch.rpm | cpio -idmv
cat /etc/pki/rpm-gpg/RPM-GPG-KEY-graylog-sidecar

Import to Content Credentials

On a system with the .rpm installed do the following,

yum repolist -v enabled

Create a Yum Repository in Foreman, using the repo-baseurl specified during the repolist -v command

Is this the correct way of doing this?
I have a few repos normally installed via RPM that I need to add.


Not sure about “the best way of handling this”, but one approach we sometimes use, is to install the RPM that adds some repo file, and then clearing said repo file (replacing the entire content with something like):

# This yum repository needs to be empty so that only Foreman supplied repos are used!

Seperately we make sure the required repo is available on Foreman.

This comment also looks like it might be relevant: One-off repos on systems when subscription-manager is in use? - #2 by Dirk

We are in fact doing this in a similar way to what you described.
These are the steps we usually do:

wget http://packageurl -O package.rpm
rpm2cpio package.rpm | cpio -idmv
hammer content-credentials create --organization orgname --name somename --path etc/pki/rpm-gpg/gpg-key-file --content-type gpg_key

You do not actually need to install the rpm to any system to get the repo URL. The .repo file(s) should be in the rpm, too, found und etc/yum.repos.d/repofile.repo

This workflow has worked very well for us by now. Not saying it is the “best” way, but it works :wink:

How do you reccomend extracting the repo file from the rpm?

As mentioned, I would recomment using rpm2cpio package | cpio -idmv and then just fetching it from the extracted files.
The path where you can find the repo files is etc/yum.repos.d relative to where you extracted the rpm.
We then just copy the URL from the repo config in those files.

The advantage of simply installing the RPM and then clearing/commenting out the repo file, is that it is now impossible for that RPM to be installed accidentally later on (any further installs or upgrades of the RPM won’t change your modified/cleared/commented out repo file). That way you prevent a case where some dependency or well meant yum action suddenly adds a repo file that bypasses your Katello content.

But I guess this approach is nevertheless still a hack…