Sync RHEL between satellites via http/https instead of export/import

Hi Community.

We’ve been using Foreman for quite a while in our environment. We’re growing and expanding the Linux operations into more “isolated” environments and for security reasons we’re no longer allowed to have one satellite to manage all environments.
So we want to have a master satellite which feeds a number of secondary satellites. Of course we could do the export/import procedure, but all our current RHEL repos are > 240GB in size, and syncing this even weekly to a number of environments are just not acceptable. Syncing the content is not a big problem, until we introduce a proper manifest in the secondary satellites. Of course the entitlement/client certs are not correct for pulling data from another satellite.

Has anyone got a setup like this working properly with manifests in all levels and a proper registration of all clients?


Hello, i have one satellite connected on internet and second one on air-gap environment. We have 3 months patching procedure, i’m using this command to export only new packages:

hammer content-view version export-legacy --since 2019-06-01T00:00:00Z --organization-id 1 --id 1

then take USB disk into air-gap env, start httpd, then import packages with:

hammer repository synchronize --incremental 1 --organization-id 1 --id 1

for each repository.