Still struggling to create a functional katello/foreman, CentOS installation-server …
Right now, I’m on foreman 2.1.4 & katello 3.16.1
Is there a preferred way to limit the newly born server to only use the repositories provided by katello/foreman?
I have no internet access in my deployment network and because of this; I got many places in the installation procedure that has to wait for dnf to timeout for the default CentOS* repositories.
Is the setting “only_subscription_manager_repos” doing anything in this regards? If so, I cannot get it to work.
If the answer is to create prescript to disable all repositories in allt the repofiles … so be it, but it feels a bit artificial. Is the pre-script executed so it sees both /etc/yum.repos.d & /mnt/sysimage/etc/yum.repos.d , and do I need to disable the repos in both places?
No, no real progress. Just ugly workarounds.
I didn’t succeed in disabling the default repositories in a %pre - script, so I took an alternate , even uglier, route:
You have to find everything that want to use the default repositories and unset/comment it out. This also means that you have to take care of needed packages during %install rather than any later stage.
Up until now I had my whole setup scripted with hammer, just to be able to easily remake it completely. It also proves a good documentation, But cloning and editing the templates this way feels tricky. Maybe using ‘patch’ could simplify it to some extent …
only_subscription_manager_repos is the host parameter that you want for this scenario. It should be setting the disable_system_repos flag in your /etc/yum/pluginconf.d/subscription-manager.conf or /etc/dnf/plugins/subscription-manager.conf
After looking in all the wrong places I finally found that ‘only_subscription_manager_repos’ is committed in: 3e693b0713fa43db600bc55fbf3476b9fa9f780a ( Fixes #30415) from aug 25 2020
But that isn’t in foreman-2.1.4-1.el7 - built on 15 Oct 2020 …
Maybe it’s not in the stable edition yet?
How can I get this function without breaking everything else?
Would it work to download just the register_redhat.erb and put it in the correct place?
Create a new snippet named Kickstart default custom packages and make it contain at least subscription-manager
This will ‘force’ the Kickstart installation to not contact EPEL and more importantly, install subscription-manager in the initial package installation step.
As mentioned, the Ansible role I mentioned, can save you a lot of work! (Also check out my blog at Foreman :: Foreman Config as Code !)
@Bugenhagen ah good find, you’re right about only_subscription_manager_repos being in the latest foreman. To fix, I suppose you could just clone the redhat_register provisioning template from within the UI and edit in the change here: https://github.com/theforeman/foreman/pull/7823
Have a CentOS 8 VM not access to Internet and so I set disable_system_repos=1 in /etc/dnf/plugins/subscription-manager.conf and then added the VM with:
subscription-manager register --org=“XXX” --activationkey=“key-dummy”
I noticed the system registration took a long time so looking in /var/log/rhsm/rhsm.log I see:
2020-10-26 12:27:18,090 [ERROR] subscription-manager:39922:MainThread @profile.py:81 - Unable to create sack object: Failed to download metadata for repo ‘AppStream’: Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=$infra [Connection timed out after 30000 milliseconds]
So it seems subscription-manager ignore the disable_system_repos=1 setting when you register a new host and try to reach out to http://mirrorlist.centos.org coming from /etc/yum.repos.d/CentOS-AppStream.repo.
I actually noticed that when performing a yum update with “disable_system_repos=1” I see:
# yum update
Updating Subscription Management repositories.
subscription-manager plugin disabled 6 system repositories with respect of configuration in /etc/dnf/plugins/subscription-manager.conf
The update works fine but right when it has finished (after “Installed products updated” is printed) the updates hangs and after a while it time out again with:
2020-10-26 13:08:09,901 [ERROR] yum:40232:MainThread @profile.py:81 - Unable to create sack object: Failed to download metadata for repo ‘AppStream’: Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=$infra [Connection timed out after 30001 milliseconds]
After provisioning a new server, (Even with a working “only_subscription_manager_repos”, I still need to add ‘subscription-manager’ to %packages. Otherwise the “dnf -y install subscription-manager” high up in redhat-register.erb will timeout on “CentOS-8 AppStream”)
- there is still problem with the default repo-files.
I’m on:
# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 3.16.1.2-Unknown
subscription management rules: 5.40
subscription-manager: 1.26.20-1.el8_2
but it seems that the only command that adheres to disable_system_repos=1 , is “dnf repolist”. “subscription-manager repos” - just hangs. Installing packages works … but just before completion they hang. Interrupting the command dumps
Looking at https://bugzilla.redhat.com/show_bug.cgi?id=1713626 closer it seems the tester actually never used a machine with no access to Internet so he never seen the connection attempts to the outside after the packages are installed. I can replicate his exact results if I use a machines with internet access from a proxy for example.