This is because of the way the ‘Restrict to OS’ feature works. Candlepin compares the “required tags” of the entitlement certificate in /etc/pki/entitlement
rct cat-cert 1795965736968636904.pem
...
Content:
Type: yum
Name: Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
Label: satellite-client-6-for-rhel-8-x86_64-rpms
Vendor: Red Hat
URL: /Default_Organization/Library/content/dist/layered/rhel8/x86_64/sat-client/6/os
GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Enabled: False
Expires: 1
Required Tags: rhel-8-x86_64
Arches: x86_64
with the “provided tags” of the product certificate in /etc/pki/product
or /etc/pki/product-default
:
rct cat-cert 479.pem
...
Product:
ID: 479
Name: Red Hat Enterprise Linux for x86_64
Version: 8.7
Arch: x86_64
Tags: rhel-8,rhel-8-x86_64
Brand Type:
Brand Name:
In this case, the entitlement certificate “requires” the tag rhel-8-x86_64
. Since the product certificate “provides” all of the “required tags” (in this case, just the one), the Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
repository is available.
Note that I say “available” here as opposed to “enabled.” If the required tags were not provided, the repo would simply not be listed at all under subscription-manager repos
.
Since CentOS and other non-RHEL Enterprise Linux distros do not include a product certificate, none of the required tags will ever be provided. This is why the feature only works with RHEL currently.
I’m not sure exactly what it would take to make this feature work with other OSes. I plan to ask the Candlepin team about it.