The /etc/yum.repos.d/redhat.repo is missed on CentOS 7 after registering on Foreman server

Hello,

My problem is very similar to this one (except - the software versions are different.) CentOS host cannot subscribe to repositories (I did check the “subscription expiration date” - it is correct).

The Foreman-3.1.2/Katello-4.3.1 are installed on top of CentOS7 server. I can register RHEL8 servers with no issues, everything works as expected.
But when I register CentOS7 (7.9.2009) servers - the /etc/yum.repos.d/redhat.repo file does not exists.

As a result - the CentOS7 servers does not see any repositories and there are no errors in the /var/log/rhsm/rhsm.log.

Thank you.


Regards,
Roman

subscription-manager status
-----------------------------------------
System Status Details
-----------------------------------------
Overall Status: Disabled
Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status.

System Purpose Status: Disabled

subscription-manager repos --list
This system has no repositories available through subscriptions.

subscription-manager repo-override --list
Repository: percona-for-centos7_percona-for-centos7
enabled: 0

Repository: rhel-8-for-x86_64-appstream-rpms
enabled: 0

Repository: rhel-8-for-x86_64-baseos-rpms
enabled: 0

Hi @rakis

If the host doesn’t have access to any repos, I wouldn’t expect the redhat.repo file to be created.

If you look at the host details / Repository sets tab, do you see any available repos?

If not, you’ll have to add some in the same content view and lifecycle environment as the host.

Hi Jeremy,

Thank you very much for the prompt response.

Yes, I see all available repos.

Thank you

Hi Jeremy,

I can see the repositories not only in content host’s info, but in the
certificate as well:

[root@smsk-cnt7ad03t ~]# rct cat-cert /etc/pki/entitlement/3367818938369774979.pem | grep Label
Label: centos-7-for-x86_64_centos-7-centosplus-for-x86_64
Label: centos-7-for-x86_64_centos-7-extras-for-x86_64
Label: centos-7-for-x86_64_centos-7-for-x86_64
Label: centos-7-for-x86_64_centos-7-updates-for-x86_64
Label: docker-for-centos7_docker-ce-stable
Label: epel-7-for-x86_64_epel-7-for-x86_64
Label: openresty-for-centos7_openresty-for-centos7
Label: percona-for-centos7_percona-for-centos7


Regards,
Roman

Other than the file missing, what is the problem you are experiencing? Are you unable to do something you want to do?

The current problems are:

  • There is no redhat.repo file - CentsOS does not see repos and cannot download software packages
  • OS does not report back to Foreman - I do not see the list of installed on CentOS7 packages

How did you register the host exactly?

Verify that the required rpms are installed on the client:

[root@foreman ~]# rpm -qa katello-host\*
katello-host-tools-3.5.7-1.el7.noarch
katello-host-tools-fact-plugin-3.5.7-1.el7.noarch
katello-host-tools-tracer-3.5.7-1.el7.noarch
[root@foreman ~]# rpm -qa katello-ca\*
katello-ca-consumer-foreman.example.co-1.0-3.noarch

Make sure to refresh:

[root@foreman ~]# subscription-manager refresh --force
All local data refreshed

Check the identity of the client:

[root@foreman ~]# subscription-manager identity
system identity: 9797757c-9b1c-43aa-9ee7-924c868f75d7
name: foreman.example.com
org name: ORG
org ID: ORG
environment name: Production/centos7-epel7

Verify that the shown system identity is the same as shown on your foreman server on the content page of the client host.

Also make sure that the repositories required are in the content view of the client, i.e. your content view “centos7” contains all the repositories you need. Make sure the current published version of the content view contains those repositories or publish a new version to be sure. Make sure the latest version containing those repositories has been promoted to the lifecycle environment of the client, i.e. in your case “MAIN”.

Verify that it’s published correctly by access /pulp/content/ URI on your foreman server, assuming you don’t use a content proxy (e.g. https://foreman.example.com/pulp/content/)

Check that there are links listed aka ORG/MAIN/centos7/custom/product/reponame/ for each product and repository which are part of that content view. Click on the links and check that it contains something (i.e. repodata and Packages).

Otherwise the output of subscription-manager config might be helpful to continue here…

“How did you register the host exactly?”
I have a small ansible playbook for this


  • name: Gather facts
    setup:
    gather_subset: min
    when: ansible_os_family is not defined

  • name: Configure rhsm
    block:

    • name: Check if system already registered
      stat:
      path: /etc/pki/consumer/cert.pem
      register: certificate

    • name: Configure /etc/hosts
      lineinfile:
      path: /etc/hosts
      line: “_foreman_ip foreman_fqdn
      state: present

    • name: Install Katello certificates
      yum:
      name: “http://foreman_fqdn/pub/katello-ca-consumer-latest.noarch.rpm”
      state: latest
      disable_gpg_check: true
      when: not certificate.stat.exists

    • name: Register CentOS7 server in Foreman/Katello
      command: subscription-manager register --org=“ORG” --activationkey=“org-centos7-main”
      when: not certificate.stat.exists and ansible_distribution_major_version == “7”

    • name: Register RHEL8 server in Foreman/Katello
      command: subscription-manager register --org=“ORG” --activationkey=“org-rhel8-main”
      when: not certificate.stat.exists and ansible_distribution_major_version == “8”

    when: ansible_os_family == “RedHat” and ansible_distribution_major_version | int >= 7

“Verify that the required rpms are installed on the client:”
[root@smsk-cnt7ad03t ~]# rpm -qa katello-host*
[root@smsk-cnt7ad03t ~]# rpm -qa katello-ca*
katello-ca-consumer-foreman_fqdn-1.0-1.noarch

“Make sure to refresh:”
[root@smsk-cnt7ad03t ~]# subscription-manager refresh --force
1 local certificate has been deleted.
All local data refreshed

“Check the identity of the client”
[root@smsk-cnt7ad03t ~]# subscription-manager identity
system identity: 088b956c-d152-4cb0-a356-bf45fbb225a4
name: smsk-cnt7ad03t
org name: ORG
org ID: ORG
environment name: MAIN/centos7

“Verify that the shown system identity is the same as shown on your foreman server on the content page of the client host.”
Yes, they are equal

“Also make sure that the repositories required are in the content view of the client, i.e. your content view “centos7” contains all the repositories you need.
Make sure the current published version of the content view contains those repositories or publish a new version to be sure.
Make sure the latest version containing those repositories has been promoted to the lifecycle environment of the client, i.e. in your case “MAIN”.”
I have verified all the above - everything looks good

“Verify that it’s published correctly by access /pulp/content/ URI on your foreman server, assuming you don’t use a content proxy (e.g. https://foreman.example.com/pulp/content/)
Check that there are links listed aka ORG/MAIN/centos7/custom/product/reponame/ for each product and repository which are part of that content view.”
All repos are available directly (via HTTP), and I can use them if configure manually

“Otherwise the output of subscription-manager config might be helpful to continue here…”
[root@smsk-cnt7ad03t ~]# subscription-manager config
[server]
hostname = foreman_fqdn
insecure = [0]
no_proxy =
port = [443]
prefix = /rhsm
proxy_hostname =
proxy_password =
proxy_port =
proxy_scheme = [http]
proxy_user =
server_timeout = [180]
ssl_verify_depth = [3]

[rhsm]
auto_enable_yum_plugins = [1]
baseurl = https://foreman_fqdn/pulp/content/
ca_cert_dir = [/etc/rhsm/ca/]
consumercertdir = [/etc/pki/consumer]
entitlementcertdir = [/etc/pki/entitlement]
full_refresh_on_yum = 1
inotify = [1]
manage_repos = [1]
package_profile_on_trans = 1
pluginconfdir = [/etc/rhsm/pluginconf.d]
plugindir = [/usr/share/rhsm-plugins]
productcertdir = [/etc/pki/product]
repo_ca_cert = /etc/rhsm/ca/katello-server-ca.pem
repomd_gpg_url =
report_package_profile = [1]

[rhsmcertd]
auto_registration = [0]
auto_registration_interval = [60]
autoattachinterval = [1440]
certcheckinterval = [240]
disable = [0]
splay = [1]

[rhsmd]
processtimeout = [300]

[logging]
default_log_level = [INFO]

- Default value in use

Install the katello-host-tools if you want package upload etc.

Technically, this should write the redhat.repo. If it doesn’t check logs in /var/log/messages and /var/log/rhsm/rhsm.log There must be some logs there if you refresh.

If you are comfortable with strace you could run

# strace -f subscription-manager refresh --force

to capture the system calls of subscription-manager. You should see multiple open to redhat.repo, the last one should be the writing one…

Maybe also verify you have the correct subscription-manager installed:

# rpm -q subscription-manager
subscription-manager-1.24.51-1.el7.centos.x86_64
# rpm -V subscription-manager
S.5....T.  c /etc/rhsm/rhsm.conf

The repos in the content view

“Install the katello-host-tools if you want package upload etc.”
we do not need this

“Technically, this should write the redhat.repo.”
You are right, and this is the reason why I have opened this topic…

[root@smsk-cnt7ad03t ~]# subscription-manager refresh --force
1 local certificate has been deleted.
All local data refreshed

/var/log/messages:
Jun 2 07:28:13 smsk-cnt7ad03t dbus[658]: [system] Activating service name=‘com.redhat.SubscriptionManager’ (using servicehelper)
Jun 2 07:28:13 smsk-cnt7ad03t dbus[658]: [system] Successfully activated service ‘com.redhat.SubscriptionManager’
Jun 2 07:28:18 smsk-cnt7ad03t subscription-manager: Added subscription for ‘Content Access’ contract ‘None’
Jun 2 07:28:18 smsk-cnt7ad03t subscription-manager: Added subscription for product ’ Content Access’
Jun 2 07:28:18 smsk-cnt7ad03t subscription-manager: Removed subscription for ‘Content Access’ contract ‘None’
Jun 2 07:28:18 smsk-cnt7ad03t subscription-manager: Removed subscription for product ’ Content Access’

/var/log/rhsm/rhsm.log:
2022-06-02 07:28:13,996 [INFO] rhsmd:25825:MainThread @ rhsm_d.py:382 - D-Bus API: com.redhat.SubscriptionManager provided by rhsmd is deprecated
2022-06-02 07:28:13,996 [INFO] rhsmd:25825:MainThread @ rhsm_d.py:383 - Consider using D-Bus API: com.redhat.RHSM1 provided by rhsm.service
2022-06-02 07:28:14,009 [INFO] subscription-manager:25813:MainThread @connection.py:915 - Connection built: host=foreman-fqdn port=443 handler=/rhsm auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2022-06-02 07:28:14,016 [INFO] subscription-manager:25813:MainThread @ connection.py:915 - Connection built: host=foreman-fqdn port=443 handler=/rhsm auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2022-06-02 07:28:14,016 [INFO] subscription-manager:25813:MainThread @ connection.py:915 - Connection built: host=foreman-fqdn port=443 handler=/rhsm auth=none
2022-06-02 07:28:18,710 [INFO] subscription-manager:25813:MainThread @ entcertlib.py:132 - certs updated:
Total updates: 2
Found (local) serial# [5865825667487249288L]
Expected (UEP) serial# [49082609264898216]
Added (new)
[sn:49082609264898216 ( Content Access,) @ /etc/pki/entitlement/49082609264898216.pem]
Deleted (rogue):
[sn:5865825667487249288 ( Content Access,) @ /etc/pki/entitlement/5865825667487249288.pem]
2022-06-02 07:28:24,732 [INFO] subscription-manager:25813:MainThread @ connection.py:915 - Connection built: host=foreman-fqdn port=443 handler=/rhsm auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2022-06-02 07:28:24,735 [INFO] rhsmd:25825:MainThread @ connection.py:915 - Connection built: host=foreman-fqdn port=443 handler=/rhsm auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False

“If you are comfortable with strace you could run
strace -f subscription-manager refresh --force”
Thanks, I will try

“Maybe also verify you have the correct subscription-manager installed:”
[root@smsk-cnt7ad03t ~]# rpm -q subscription-manager
subscription-manager-1.24.51-1.el7.centos.x86_64
[root@smsk-cnt7ad03t ~]# rpm -V subscription-manager
S.5…T. c /etc/rhsm/rhsm.conf

[root@smsk-cnt7ad03t ~]# strace -o subscription-manager.txt -f subscription-manager refresh --force
1 local certificate has been deleted.
All local data refreshed
[root@smsk-cnt7ad03t ~]# grep redhat.repo subscription-manager.txt
26010 open("/etc/yum.repos.d/redhat.repo", O_RDONLY <unfinished …>
26010 open("/var/lib/rhsm/repo_server_val/redhat.repo", O_RDONLY <unfinished …>
26010 open("/var/lib/rhsm/repo_server_val/redhat.repo", O_RDONLY <unfinished …>
26010 open("/etc/yum.repos.d/redhat.repo", O_RDONLY) = -1 ENOENT (No such file or directory)

[root@smsk-cnt7ad03t ~]# touch /etc/yum.repos.d/redhat.repo
[root@smsk-cnt7ad03t ~]# strace -o subscription-manager2.txt -f subscription-manager refresh --force
1 local certificate has been deleted.
All local data refreshed
[root@smsk-cnt7ad03t ~]# grep redhat.repo subscription-manager2.txt
26069 open("/etc/yum.repos.d/redhat.repo", O_RDONLY <unfinished …>
26069 open("/var/lib/rhsm/repo_server_val/redhat.repo", O_RDONLY) = -1 ENOENT (No such file or directory)
26069 open("/var/lib/rhsm/repo_server_val/redhat.repo", O_RDONLY) = -1 ENOENT (No such file or directory)
26069 open("/etc/yum.repos.d/redhat.repo", O_RDONLY) = 7

[root@smsk-cnt7ad03t ~]# ls -l /etc/yum.repos.d/redhat.repo
-rw-r--r-- 1 root root 0 Jun  2 07:37 /etc/yum.repos.d/redhat.repo

Please make sure to use preformatted text for logs, console output etc. (``` in a line before and after) It’s much more readable.

That’s only half of it. Always make sure the it’s published and promoted. Your screenshot only shows what would go into the next version.

Sure? Before you wrote:

as one of your current problems…

Everything looks pretty much like on my clients, except that I don’t use simple content access, but that shouldn’t matter.

I do have /var/lib/rhsm/repo_server_val/redhat.repo. I don’t know if that matters.

You could try to set default_log_level in /etc/rhsm/rhsm.conf to DEBUG and then run the refresh again to see if it explains why it skips the write part.

Otherwise I guess one of the developers who knows subscription-manager needs to find out why it doesn’t write the redhat.repo

ok, will do

it is

As far as I understood from this link - it is not required anymore

Thank you, I will try

Interesting. I must have missed that.I still have it installed on all my clients. And if I am not mistaken, you would still need it anyway if you want to use host traces.

I do not have such package on RHEL8 server, but I can see its packages in Foreman

I tried - there are no errors in the /var/log/rhsm/rhsm.log

The article yum failing due to corrupted repo file. says that /var/lib/rhsm/repo_server_val/redhat.repo must be auto-generated after the subscription-manager refresh, but on my CentOS7 servers this not happens.

An because there is no /var/lib/rhsm/repo_server_val/redhat.repo the /etc/yum.repos.d/redhat.repo is also missed.

I have upgraded to foreman-3.2/katello-4.4 - did not help