Yum update is overwriting CentOS and EPEL repo files and enabling previously disabled repos

Clients are registered to Foreman and using Foreman repos for CentOS and EPEL package updates instead of the default CentOS and EPEL mirrors. The default repos in /etc/yum.repos.d are all disabled in their individual repo files with “enabled=0”

Expected outcome:
yum update completes and the CentOS and EPEL repo files in yum.repos.d are untouched or the repos at least stay disabled

Current outcome:
yum update completes and the CentOS and EPEL repo files in yum.repos,d are overwritten and the repos are all enabled again by default.

For EPEL, I suspect I can just “yum remove epel-release*” to remove the repository entirely to fix that. Is there a similar CentOS package I need to yum remove as well to remove the CentOS default repos in yum.repos.d so they won’t enable themselves again every time I yum update? Or is there another way to prevent this behavior from happening?

We use the following workaround:

We replace all the repo files (except the one created by the subscription-manager) in /etc/yum.repos.d/ with a file that contains nothing but the following comment:

# This yum repository needs to be empty so that only subscribed repos are used!

This has the effect of preventing RPM packages from altering these files with every upgrade because they were “already altered by the user”.

A bit crude, but works for us. Make sure you back up the original repo files if you want an easy way back. :wink:

That’s the part that’s confusing to me is that typical CentOS behavior for conf files etc. is to NOT overwrite files if they’ve been edited. In those cases it copies the new files in with a *.rpmnew extension (or something similar). So even though I’ve edited the CentOS-Base.repo file and added the “enabled=0” line for all repos, it’s overwriting my edited file. Thanks for your workaround!

Maybe repo files are special, and CentOS just always wants you to use upstream CentOS repos?

I guess you could also try to find out what package each repo file belongs to (using rpm -qf <path_to_repo_file>, and then uninstall those packages. Not sure if that would work dependency wise.