How do you handle third-party repos from RPMs?

adk · April 18, 2022, 1:15pm

Hello!

I have third-party RPM which adds its own upstream repository. As a result a PC without internet has our repos from foreman\katello and the third-party repo. I created cron job to disable this pesky repo, but I don’t like this solution. How would you handle this?

Foreman and Proxy versions:

Foreman 3.1.2 and Katello 4.3.0

Foreman and Proxy plugin versions:

Foreman 3.1.2 and Katello 4.3.0

Distribution and version:

CentOS 7.9

tedevil · April 18, 2022, 1:47pm

Not sure I understand your problem but we run almost all of our subnets dark (without internet access) and for those machines I zero out all .repo files with below command to make sure they do not attempt to try anything outside the Foreman/Katello repos.

mkdir -p /etc/yum.repos.d/unused; for repo in $(find /etc/yum.repos.d -maxdepth 1 -name "*.repo" ! -name redhat.repo);do /usr/bin/cp -f $repo /etc/yum.repos.d/unused/; > $repo;done

adk · April 19, 2022, 6:44am

You undertood my situation right. My cron job does the same as your code : )
I hoped maybe katello can clean up repo list on PC

Dirk · April 19, 2022, 6:59am

Not Katello, but the subscription-manager plugin of yum/dnf has a setting which allows to disable the use of local repositories.

adk · April 19, 2022, 8:11am

Thanks to @Dirk I found the setting

disable_system_repos

in

/etc/dnf/plugins/subscription-manager.conf

should be set to 0 accroding to this article Unable to disable the subscription manager plugin for yum/dnf - Red Hat Customer Portal

quartsize · May 4, 2022, 4:05pm

Should be set to 1, you mean?

Dirk · May 4, 2022, 4:34pm

0 to allow additional repos, 1 to ignore them, so it depends on your need.

tedevil · July 9, 2022, 3:02pm

Just be aware that setting is sometimes ignored.
Ex. upgraded Foreman/Katello to 3.3/4.5 today on an proxy without Internet access. Before installation, zero out all .repo files except redhat.repo, also did:

sed -i 's/disable_system_repos=0/disable_system_repos=1/g' /etc/dnf/plugins/subscription-manager.conf
This line

After all packages installed the installation paused and eventually a timeout came:

Installed products updated.
Errors during downloading metadata for repository 'foreman':
  - Curl error (28): Timeout was reached for https://yum.theforeman.org/releases/3.3/el8/x86_64/repodata/repomd.xml [Connection timed out after 30000 milliseconds]
Uploading Tracer Profile

Looking in /etc/yum.repos.d/ there are new repo files:
foreman-client.repo
foreman-plugins.repo
foreman.repo
katello.repo

So even setting disable_system_repos to 1 is ignored by “something” that runs at the end of an update.

Only way to avoid the timeout is to first install the packages that install the repo files with:

dnf -y update katello-repos foreman-release

The zero out the new repo files in /etc/yum.repos.d/ and then run the update.