Any way to sync RedHat repos (Using subscribtion-manager) ?

[Cloud-Kid]

Hello there,

Is there any way to use the tool for Rhel servers using official RedHat suscription ? I don't know munch about RedHat suscription but I'm sure there may be a way.

Thanks !

[lbr38]

Hello

I'll see what I can do and keep you in touch

[FalconXC4]

Yes please this is a big issue for me too!

[lbr38]

I have find a way to sync those repositories just let me a bit more time to test and release the version.

Spoiler: you will need to register a host to Redhat (Redhat subscription) then retrieve the content of your Redhat private key and certificate, and also the Redhat CA certificate. You will find their path in /etc/yum.repos.d/redhat.repo.

[lbr38]

Okay I released version 4.2.0, here are the steps to sync Redhat repositories with Repomanager. This is a manual process for now, I will see in the future how to do all of this through the web interface when I have more time to work on it.

1. You will need a Redhat8 or Redhat9 host/server with a valid subscription (see https://access.redhat.com/solutions/253273)

2. Once your host is registered, you should have access to Redhat rpm repositories (you can try with yum update). Just for you to understand: Redhat repositories are private and only accessible with a certificate and private key (this is what subscription provides). Now that you are registered, you can retrieve the certificate and private key content and import them into Repomanager to be able to sync Redhat repositories (see below).

3. From your registered host, retrieve the certificate, private key and Redhat CA certificate content. You can find their location in /etc/yum.repos.d/redhat.repo:

Simply cat the content of each file and copy/paste it to a text aditor (lines from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----).

cat /etc/rhsm/ca/redhat-uep.pem
cat /etc/pki/entitlement/733946906105629479-key.pem
cat /etc/pki/entitlement/733946906105629479.pem

4. Now go back to your Repomanager server and enter the docker container:

   docker exec -it repomanager /bin/bash

5. Create a redhat directory:

   mkdir /var/lib/repomanager/ssl/redhat

6. Put the certificate, private key and CA certificate content in it:

   cd /var/lib/repomanager/ssl/redhat

vim certificate.crt # paste the content of the certificate

vim private.key # paste the content of the private key

vim ca-certificate.crt # paste the content of the CA certificate

7. Set permissions:

   chown -R www-data:www-data /var/lib/repomanager/ssl/redhat
   chmod 400 /var/lib/repomanager/ssl/redhat/*

8. Go to the Repomanager web interface, open the Manage sources repos panel, you will find the two main Redhat repositories named redhat-baseos and redhat-appstream. Edit each of them and provide the path to the certificate, private key and CA certificate:

9. Save and try to sync the repositories.

Tell me if it is clear and I will add this to the official documentation. Thanks!

[FalconXC4]

Hi, Thank you very much for the update! Unfortunatly I do not have the SSL fields in the "Manage sources repos" panel. Do you have any advice?

[...]

[lbr38]

The SSL fields are visible when editing an existing source repository:

You should see the redhat-baseos and redhat-appstream source repositories (4.2.0 imported them). You can add new repositories if you want but you will have to edit them to see the SSL fields (I want to keep the process of "adding" very simple with not too much advanced parameters).

[Cloud-Kid]

Okay ! Thanks for the info, I couldn't find it either ! It's not straightfoward but maybe it can be edited as a dropdown menu to keep things coherent while keeping it nice and tidy

I can test it next week and I keep you in touch !

[FalconXC4]

Hi, Thank you very much, tested yesterday and it works like a charm!

[Cloud-Kid]

It works ! I still think it can appear as a dropdown or a checkbox for like "advanced options" at creation but feel free to close the issue if you do not plan or have tlme to edit it. Thanks again !