How to sync EPEL or any other third-party repositories in Red Hat Satellite 6?

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6.x

Issue

  • How to sync EPEL repositories in Red Hat Satellite 6?
  • How to add third-party repositories in Red Hat Satellite 6?

Resolution

On the Satellite

  • Create a GPG Key to associate with EPEL product (which would be created in step2)

    Content -> Content Credentials -> Create Content Credentials -> Either paste the contents of the EPEL GPG key or import the file
    
  • Create a new product:

    Content ->  Products -> New Product -> specify Name and associate the GPG Key from step1
    

    Note : Only associate the GPG Key to the product, if only a single repository would be available under it. Otherwise the GPG Key can be associated with the repository (step 3)

  • Create a repository under the product:

    Click on the product created in the previous step -> Create Repository -> Specify the details 
    Name
    Type : yum
    URL : Provide the URL of the third-part repsository
    Select GPG Key from drop-down 
    Click Save
    
  • Once the the product and repository have been created

    Click on  repository -> click Sync Now
    
  • Make sure that the repository has been added to the Content View to which the system

On the Content Host

  • Execute the below command to list the available products and note the pool ID of the custom product that was created, plug this in the second command:

    # subscription-manager list --available
    # subscription-manager attach --pool=<pool_id>   
    
  • Now the third party repository should be listed as available, note its repo label and plug it in the second command:

    # subscription-manager repos --list
    #  subscription-manager repos --enable <repo_label>
    

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

24 Comments

If you are planning to sync multiple versions of EPEL (5, 6, or 7), I recommend in Step #2: name the product with the version (e.g. EPEL 6); as the different releases of EPEL have different GPG keys associated with them.

Hi, I managed to add an EPEL product with three repositories and sync all the content Then I noticed that the repos are not visible to the machines registered (2 test hosts at the moment) So I added this GPG key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL

But nothing is showing up. @Mike do you think it's because that's not the right key?

EDIT: tried to associate EPEL 7Server and register --force to re-register but nothing shows up except for the Red Hat repos

Do you know how to debug this issue? There's not much to be done after refresh and repos --list ...

Thanks

I am having the same problem as Michele Frettoli. This solution is incomplete.

Hi Jeremy, I then managed to get it to work.

Try it with only one repo in one product, for example product "EPEL6 Server" with the repo for RHEL6.

Check if you see the repository with: subscription-manager repos --list

If it's not enabled, follow this: https://access.redhat.com/solutions/265523

If it does not show up, check that the GPG key is the right one (EPEL has multiple keys)

IF it does not show up again, verify that the host gets the product entitlement/subscription from satellite: go to "content hosts", and see if the host has "EPEL6 Server" subscription, if not, manually add it and check if you see it:

subscription-manager list --available

then attach the host to the subscription, enable the repo, and try again.

To make the Product visible I added it to the Content View applicable to the servers I wanted to use it on, and published a new version.

To make the Product available I used another approach: I used the discover repo button on top of the Product page. I used the URL link from the epel-release rpm deployment (if fact from the /etc/yum.repo.d/epel.repo file). It give a load of repositories, I deleted the ones I did not need afterwards. E.g. test and beta repos.

I had to flip the checksum to sha1

Ok, but as of 6.3, how can you install an EPEL RPM on the Satellite server ?

This solution worked for us:

# curl -O https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# hammer gpg create \
  --key RPM-GPG-KEY-EPEL-7 \
  --organization "$ORG" \
  --name "EPEL-7"
# hammer product create \
  --gpg-key "EPEL-7" \
  --name "EPEL-7" \
  --description "EPEL 7 Repository" \
  --organization "$ORG"
# hammer repository create \
  --organization "$ORG" \
  --content-type yum \
  --gpg-key "EPEL-7" \
  --name "EPEL-7" \
  --product "EPEL-7" \
  --url "https://dl.fedoraproject.org/pub/epel/7/x86_64/"

On 6.4, you need to select Content-> Content Credentials to create the GPG file.

Can 6.4 handle a custom yum repository with multiple GPG keys ?

In 6.4 there isn't a way to do it via hammer?

I do not know as I am still on 6.2 I was looking for aan example and went here: https://packages.gitlab.com/app/gitlab/gitlab-ce/gpg and I think I originally misread the page. Now I just need to figure out which one to use

The instructions say;

Create a repository under EPEL product Click on EPEL product >> Create Repository >> Fill details Name Type : yum URL : Specify the URL of the EPEL repsository Select GPG Key from drop-down Click Save

Wouldn't it be helpful if your documentation gave the URL that I'm supposed to type?

I am interested in downloading just specific packages from EPEL, and I know this can be done wit reposync and a specific configuration using an includepkgs and/or include parameters in the repo file. Is this possible within Satellite 6?

The only other way of doing this, I think, is to change from being a yum repo, to a local file repo.

Download the files you specifically want from EPEL, beforehand.

Assuming you are on Satellite 6.3 and later, you can take advantage the new ondemand download policy.

When the ondemand policy is set for a repo, Satellite will retrieve the RPMs (as the name states) on demand. Once retrieved, they are kept permanently and served from Satellite directly to clients.

This would accomplish effectively the same goal. See this document which covers the various download policies supported.

We are using EPEL ondemand, but I think this may lead to problems, because it seems EPEL repos don't keep history, I mean, package versions that were superseded by new ones are deleted from the repository. Thus, if you don't publish/promote your EPEL CV frequently, you may end up in a case where the old package is still on the CV repodata but cannot be downloaded anymore. For instance my current CV is a bit old (may-2019) and "yum install coturn" wants "coturn-4.5.1.1-1.el7.x86_64" but only the *-3.el7 version is available today at https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/c/ I guess I would need to download all of EPEL to keep an old CV. Or publish/promote more frequently. But even you do it frequently, if the package was deleted today, you may have to publish/promote again.

Probably should mention this is for Satellite 6.0 to 6.3, GPG key creation for Satellite 6.4 has moved to:

Content >> Content Credentials >> Create Content Credential

From there, there's a drop down between GPG Key and SSL Certificate.

can anyone point me to the repo URL for EPEL 8?

Here are a couple links:

General wiki page: https://fedoraproject.org/wiki/EPEL

URL for RPM with repo info: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

General Info about the repo:

Repo-id : epel

Repo-name : Extra Packages for Enterprise Linux 8 - x86_64

Repo-metalink:

https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=x86_64&infra=$infra&content=$contentdir

Repo-baseurl : rsync://ftp.nluug.nl/fedora-epel/8/Everything/x86_64/ (78 more)

Repo-filename: /etc/yum.repos.d/epel.repo

Is that enough info, or did you need additional?

Here's the one I'm using:

https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/

Through a support case I've got, EPEL repos may not work well with errata related content views. They point out any issues with third party repos and content views is not supported.

There is a bugzilla related to making third party repos work the same way but since third party repos may not honor the same satellite errata types (Security, Bugfix, Enhancement.) it is only listed as an enhancement https://bugzilla.redhat.com/show_bug.cgi?id=1624199

There are so much changes minor-version wise as well. Can we not include all the aspects in one parent document?

https://www.redhat.com/sysadmin/epel-8-repo-satellite-6