I have third-party RPM which adds its own upstream repository. As a result a PC without internet has our repos from foreman\katello and the third-party repo. I created cron job to disable this pesky repo, but I don’t like this solution. How would you handle this?
Not sure I understand your problem but we run almost all of our subnets dark (without internet access) and for those machines I zero out all .repo files with below command to make sure they do not attempt to try anything outside the Foreman/Katello repos.
Just be aware that setting is sometimes ignored.
Ex. upgraded Foreman/Katello to 3.3/4.5 today on an proxy without Internet access. Before installation, zero out all .repo files except redhat.repo, also did:
sed -i 's/disable_system_repos=0/disable_system_repos=1/g' /etc/dnf/plugins/subscription-manager.conf
This line
After all packages installed the installation paused and eventually a timeout came:
Installed products updated.
Errors during downloading metadata for repository 'foreman':
- Curl error (28): Timeout was reached for https://yum.theforeman.org/releases/3.3/el8/x86_64/repodata/repomd.xml [Connection timed out after 30000 milliseconds]
Uploading Tracer Profile
Looking in /etc/yum.repos.d/ there are new repo files:
foreman-client.repo
foreman-plugins.repo
foreman.repo
katello.repo
So even setting disable_system_repos to 1 is ignored by “something” that runs at the end of an update.
Only way to avoid the timeout is to first install the packages that install the repo files with:
dnf -y update katello-repos foreman-release
The zero out the new repo files in /etc/yum.repos.d/ and then run the update.