Problem:
Default provisioning templates offer no way to disable the OS default repositories, even when using Katello/Subscription-manager.
This creates a problem for servers that aren’t allowed to connect to the big bad internet.
I’ve fixed it for our templates by cloning the Kickstart default finish template and added this line just after calling redhat-register snippet
sed -i ‘s/enabled=1/enabled=0/g’ /etc/yum.repos.d/*.repo
This just seems a bit hacky to me so there must be a better way that i don’t know of, if anyone has one, please share.
Other than that, is there any way to add an official option to the default templates that i can use to achieve this behaviour so that we can use all the default templates for provisioning?
Expected outcome:
An option to use a host-param to disable default repositories in default templates
Foreman and Proxy versions:
Foreman 3.0
Katello 4.2
Wait a sec… are you talking about during provisioning, or for activity after provisioning is completed?
CentOS, at least in my environment, populates /etc/yum.repos.d with it’s default repositories, and I d agree that it’s a less than desirable situation. These are installed by the centos-release package.
There’s a variety of ways to address that. You have one. You can also ban the release packages that provide those repo files. You can also simply move those files after provisioning, but whenever the release package is updated, those files will come back.
Leaving files in /etc/yum.repos.d is really not a Katello/Foreman issue, it’s an artifact of the distribution itself.
The default provisioning works, as in, the OS installs up to using Finish template, where it fails to complete all the steps due to there repo errors. The Host reboots and is installed, but no extra packages such as puppet are not installed.
I figured this sed command out instead of removing the files exactly because a point-release update would repopulate the files and the error would return on affected hosts, while enabled=0 persists through the update.
If i filter out the release packages that provide these repo files, do you know if i break something else? I’ve no idea what that package provides or what depends on it, but if it’s just the repo files, then it may be the most optimal solution to filter it out of the content-views.
The subscription-manager plugin for yum/dnf got an option “disable_system_repos” which will disable all repositories not managed by it.
This option should be set with latest provisioning templates as the snippet redhat_register got a parameter “only_subscription_manager_repos” if you set this parameter to true.
@Dirk, that is some pretty good treasure. EL7 & newer, I’d assume.
@birkirf … ah… bet I know why you & I see different activity… at the moment, my hosts can connect to the public Internet (I do expect that behavior to change.) I also have added code to my default templates to make the base repos in Katello available during initial provisioning.
This did the trick, and as an added bonus I’m now 1 step closer to being the Linux Dictator that i always wanted to be.
Didn’t know about the disable_system_repos option in sub-man, and now i can stop users (cowboy-sys"admins") from setting up repos directly on machines, even if they are test machines, without talking to me first!
