How do you handle third-party repos from RPMs?


I have third-party RPM which adds its own upstream repository. As a result a PC without internet has our repos from foreman\katello and the third-party repo. I created cron job to disable this pesky repo, but I don’t like this solution. How would you handle this?

Foreman and Proxy versions:

Foreman 3.1.2 and Katello 4.3.0

Foreman and Proxy plugin versions:

Foreman 3.1.2 and Katello 4.3.0

Distribution and version:

CentOS 7.9

Not sure I understand your problem but we run almost all of our subnets dark (without internet access) and for those machines I zero out all .repo files with below command to make sure they do not attempt to try anything outside the Foreman/Katello repos.

mkdir -p /etc/yum.repos.d/unused; for repo in $(find /etc/yum.repos.d -maxdepth 1 -name "*.repo" ! -name redhat.repo);do /usr/bin/cp -f $repo /etc/yum.repos.d/unused/; > $repo;done
1 Like

You undertood my situation right. My cron job does the same as your code : )
I hoped maybe katello can clean up repo list on PC

Not Katello, but the subscription-manager plugin of yum/dnf has a setting which allows to disable the use of local repositories.


Thanks to @Dirk I found the setting




should be set to 0 accroding to this article Unable to disable the subscription manager plugin for yum/dnf - Red Hat Customer Portal

1 Like

Should be set to 1, you mean?

1 Like

0 to allow additional repos, 1 to ignore them, so it depends on your need.


Just be aware that setting is sometimes ignored.
Ex. upgraded Foreman/Katello to 3.3/4.5 today on an proxy without Internet access. Before installation, zero out all .repo files except redhat.repo, also did:

sed -i 's/disable_system_repos=0/disable_system_repos=1/g' /etc/dnf/plugins/subscription-manager.conf
This line 

After all packages installed the installation paused and eventually a timeout came:

Installed products updated.
Errors during downloading metadata for repository 'foreman':
  - Curl error (28): Timeout was reached for [Connection timed out after 30000 milliseconds]
Uploading Tracer Profile

Looking in /etc/yum.repos.d/ there are new repo files:

So even setting disable_system_repos to 1 is ignored by “something” that runs at the end of an update.

Only way to avoid the timeout is to first install the packages that install the repo files with:

dnf -y update katello-repos foreman-release

The zero out the new repo files in /etc/yum.repos.d/ and then run the update.