Question if clients use a yum .repo file to access a Local Satellite

Latest response

I'm working thru an audit for RHEL5/RHEL6 systems in my production environment. I currently run a Red Hat Satellite v5.8.

Question I'm getting asked if there are .repo files that local clients (RHEL 5 VMs/RHEL 6 VMs are using to get their patches. I haven't answered the question because I don't have enough information as this time.

However I believe the RHEL VMs don't use a .repo file, they are using files under /etc/sysconfig/rhn/up2date and
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

I can show the URL for the server along with the SSL-CERT too.

Am I correct in my thinking?

thanks

Responses

Hi Chris,

One customer I assist still has a Satellite 5.7 Satellite, and after bootstrapping a client system, I don’t specifically recall additional /etc/yum.repos.d/*.repo files being created/modified, but it’s behind the scenes (I suspect along the lines you describe, I can confirm later when I’m with that customer, I’m at a different location at the moment).

However, one caveat, sometimes developers or other teams might install their own yum repositories within /etc/yum.repos.d/*.repo files without the primary admin teams’ knowledge. I generally discover this when patching and see oddball yum errors on development systems often for things like exotic editions of python, or whatever they are interested in. I often have to at least temporarily disable their custom yum repo that became deprecated per my management directives and then proceed with system patching and coordinate with the teams telling them about their disabled yum repos.

It might be worthwhile to push a job through your satellite 5.8 system to all client to search each client’s system perhaps using spacecmd and then use spacecmd to harvest there results. I can give examples of such a script at a later time if needed. I have one System Group in Satellite 5.x called “everything_really_everything” and then I can push a spacecmd script (or use the satellite’s web UI) and then watch the results come in.

Kind Regards, - RJ

True statement for repos for exotic software like oracleasm, which I do have some local repos files for certain systems.

However I'm mainly interested in RH Satellite and getting updates from .repo for regular packages.

thanks

What I do is assign the channels I wish into an activation key (for satellite 5/6) and then upon registration, the channels are assigned. I’m “pretty sure” (can confirm later) that it doesn’t modify the out-of-the-box standard /etc/yum.repos.d/*.repo files that are standard. The general repo files after a new system build have nothing within a freshly kickstarted system.

I’ve never modified the /etc/yum.repos.d/*.repo files for the specific Red Hat centric channels I wish to assign. I import the channels into my satellites, (ingest with that method I provided you some years ago), and then take it from there. I do not edit/modify the *.repo files for RedHat centric channels.

Let me know if I can help further, I’ll be happy to clarify etc.

Kind Regards,

-RJ

Just confirmed with GSS:

Satellite 5.x clients don't use .repo file.

Can't speak for RH Sat v6.

thanks

That matches my experience. I've never adjusted any .repo files for standard Red-Hat related channels, ever (satellite connected).