Self manage foreman/katello with itself? (smart proxy also)


I think I already know the answer: NO, but it might have changed…

can I use my installation of foreman/katello to manage itself? I ask because it might be nice to not have to reserve an extra license at redhat for use only by the foreman server. Especially since it’s a single socket system…

similar question for the smart proxy: can I manage a smart proxy with the central foreman server?

If not, what is considered best practice?

foreman 3.9.1 with Katello 4.11.1 running on redhat 8.9.


Generally I would say and also heard, no it’s not a good idea to manage a Foreman servers repos by itself.
That’s because if you do updates of the application it needs access to the repos during most of the time the foreman-installer runs.

But if you also have a separate smart-proxy, it should be no problem to manage the Foreman server through itself when it’s using the external smart-proxy as endpoint. (the smart-proxy must be online during the update period)
The same for smart-proxies, as long as they are not using themselves as client endpoint it should be no issue. (either the main Foreman server or another external smart-proxy)
I never tested this myself so far, so take it with a small grain of salt.

Cheers, lumarel

You can manage the foreman server with repos on itself. Only during foreman upgrades, you‘ll have to disable the subscription manager plugin and enable local repos before you run foreman-installer. Even the rpm upgrades we first download from the main server, then stop all foreman services, and run the rpm upgrades from the cache. Anything else is no problem.

1 Like

yes, probably a very large grain of salt! :slight_smile:

1 Like

interesting: I thought to do this some years ago but couldn’t figure out the fs paths to use as the local repo. I had the impression that pulp pretty much made it so that you could ONLY go though the foreman/katello service…

is there a filesystem path I can point to for a local repo?



With local repos I have meant the standard repo files in /etc/yum.repos.d/, i.e. the distro repos and the foreman/katello repos.

You cannot use pulp because pulp isn’t running at that time.

Officially this isn’t supported for the reasons mentioned in this thread.

However, to reduce the downtime window we did merge this patch:

Perhaps that unintentionally makes it possible to self-manage.


We use multiple Foreman/Katello installs, and they each point to each other for repos since you can’t really patch from yourself.

It makes sense if you have a test installation of Foreman or something, to go ahead and point your production Foreman infrastructure at that to do the maintenance of the Foreman itself.