How to properly sync RHEL8 repos so air-gapped Foreman can see modules?


On an air-gapped (isolated from outside Internet) installation of Foreman, I am attempting to sync a local repository that was brought in from a RHEL8 system that had a connection to the RHSM.

Upon syncing the repository within Foreman, I am met with the following error:

[Errno 2] No such file or directory: '/var/lib/pulp/imports/el8/rhel-8-for-x86_64-appstream-rpms/Packages/b/bpg-sans-regular-fonts-1.005-10.el8.noarch.rpm'

Expected outcome:

Foreman should be able to sync all of the packages and show all applicable Errata, Packages Groups, and Module Streams

Foreman and Proxy versions:


Distribution and version:

Red Hat Enterprise Linux release 8.8 (Ootpa)

Other relevant data:

  1. I performed a repository sync on the RHEL8 system that is connected to the RHSM like so:
    reposync --repoid=rhel-8-for-x86_64-appstream-rpms -m -n -g -p /mnt/yum-repo/el8/ --download-metadata --downloadcomps
    reposync --repoid=rhel-8-for-x86_64-baseos-rpms -m -n -g -p /mnt/yum-repo/el8/ --download-metadata

    Edit: I did not manually create a repo using createrepo_c based on guidance from this Red Hat article: Createrepo causes module conflict on RHEL 8 reposync - Red Hat Customer Portal

  2. I brought the el8 directory into the air-gapped Foreman server

  3. Placed the el8 directory within /var/lib/pulp/imports

  4. Recursively changed the ownership on the el8 directory to pulp:pulp

  5. Restored the SELinux context on the el8 directory

  6. Created a new repository with the following settings:
    Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    Label: rhel-8-for-x86_64-appstream-rpms
    Description: Blank
    Type: yum
    Upstream URL: file:///var/lib/pulp/imports/el8/rhel-8-for-x86_64-appstream-rpms
    Verify SSL: Unchecked
    Upstream Username: Blank
    Upstream Password: Blank
    Upstream Authentication Token: Blank
    Download Policy: Immediate
    Mirroring Policy: Complete Mirroring
    HTTP Proxy Policy: Global Default (None)
    Checksum: Default
    Unprotected: Unchecked
    SSL CA Cert: sslcacert
    SSL Client Cert: sslclientcert
    SSL Client Key: sslclientkey

  7. Once created, I selected Select Action → Sync Now

  8. Received the error message as shown above

There isn’t a supported way to get syncable-format content to an air-gapped Foreman except the following:

The proper way to obtain a “syncable” format repository is

  1. Set up a second, connected (not air-gapped) Foreman server and sync the content you need.
  2. Use hammer content-export --format syncable to export the content.
  3. On the air-gapped Foreman, use hammer content-import to import the content. The products, repositories, and (if applicable) content view versions will be automatically created for you.

For more information, see the documentation

I think I may have figured it out. This appears to be more of a quirk with RHEL 8 as opposed to Foreman.

The Red Hat article in my original post claims that, upon running reposync, the createrepo command shouldn’t be needed. However, when running reposync with the --newest-only option, from what I gather, the repodata folder wasn’t automatically updated to reflect the latest packages. I presume that pulp expects to see - for example - bpg-sans-regular-fonts-1.005-10.el8.noarch.rpm which is missing because I synced only the newest packages, so instead the only available package is bpg-sans-regular-fonts-1.005-11.el8.noarch.rpm.

To resolve this I have to manually run createrepo --update on the repository. Foreman is now able to see all packages, errata, package groups, and module streams.