Create your own local Redhat Package Repo Cache

By Vince

If you manage a bunch of Redhat Enterprise Linux servers (RHEL), it can be wasteful or difficult to update packages from the internet each time (or you don’t have enough subscriptions). So let’s create a package repository on a local server which will update every night and allow the other internal servers to access it. This is particularly useful if only one server on your network has internet access or you have a slower connection.

NOTE: You will need a good amount of storage space to do this. I suggest 1TB at minimum. Also create a separate partition just for the web server and rpm files.

Here are some articles that go into more detail on each option:

Can update RPMs from DVD: RPM DVD

Cam update RPMs from a server that has internet access: RPM Internet

Other update options (run own yum server, etc):Update Options

Nice 2 page PDF Yum Cheat Sheet: Yum Commands

Setup the local Redhat repository server

  •  Setup the repo server first by creating a subscription and selecting the pool of updates. Change the username to your Redhat account, and change the pool_id_from_above (a string of random numbers and letters) to the output give from the command above it.

subscription-manager register --username [email protected] --auto-attach
subscription-manager list --available --all
subscription-manager attach --pool=pool_id_from_above
yum update
  • Now enable all the repositories that you will need (at least for now). The repo from this example is: “rhel-7-server-rpms” which covers the majority of packages for RHEL 7.x and is enabled by default. To get a list of repos available, look at the “/etc/yum.repos.d/redhat.repo” file or run “yum repolist all”. There is a section for each repo (the repo name starts with a bracket [  ) in that file. There are a lot of them!
yum repolist all
  • To enable a specific repo for your master machine that you found in that list:
subscription-manager repos --enable rhel-7-server-optional-source-rpms
  • Great, now we have the repository locally enabled, lets add a web server so other machines can download them through http. Installing Apache is outside the realm of this tutorial, we can install nginx real pretty easily. You can read more on it here:

Install a Web Server - Nginx

echo '[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1' > /etc/yum.repos.d/nginx.repo

#Add the information to yum and install Nginx
yum updateinfo
yum update
yum install nginx

#Start on boot and start it now
systemctl enable nginx.service
systemctl start nginx.service

#Make sure it is active and running OK
systemctl status nginx.service
  • Once installed, we need to allow the local firewall to give access to the web server.
#First get a list of the current default zone
firewall-cmd --get-default-zone

#It should be public, now let us list everything in that zone
firewall-cmd --zone=public --list-all
firewall-cmd --get-services

#Now enable http services to that zone (change this to https if you're using SSL)
firewall-cmd --permanent --zone=public --add-service=http

#Verify it is enabled
firewall-cmd --zone=public --list-services

#Reload and make it work
firewall-cmd --reload

#The last step is to enable HTTP serving from the directory
#SELinux might block your requests by default
#Change /var/www/html to your serving directory
chcon -Rt httpd_sys_content_t /usr/share/nginx/
  • Don’t forget to edit your index.html with some useful information. You can turn on directory listing if you want to be nice.
  • Now that we have identified all the repositories and have a web server, lets download all the files in one. This will be our local cache. Make sure to put this on a separate partition so you don’t max out a system or root partition. This part will take awhile as it is about 35GB at the time of writing (Feb 2019).
reposync --gpgcheck -l --repoid=rhel-7-server-rpms \
 --download_path=/usr/share/nginx/html --downloadcomps --download-metadata
  • Now the fun part, let’s configure the repository so it’s all Redhat-y. This involves installing createrepo. This program creates the repo database that yum needs. It might take awhile.
yum install createrepo

cd /usr/share/nginx/html
createrepo -v rhel-7-server-rpms

#Fix permissions so the web server can read them
chown -R nginx:nginx /usr/share/nginx/
  • That is it for the server side of things. Make sure you can browse to your server (http://server_ip) and see the package repo.

Setup the local clients

  • Now for each client that you want to use this repo server, we have to add a .repo file to them which points to our internal server/ip
  • You will have to duplicate this configuration for each repo that is enabled, you can use the same file or multiple files to keep is more organized.
  • Here is the example for our rhel-7-server-rpms repo, replace 192.168.1.100 with your internal ip address or FQDN. Read more here: Redhat
echo '[rhel-7-server-rpms]
metadata_expire = 86400
baseurl = http://192.168.1.100/rhel-7-server-rpms
name = Local Repository for RHEL 7
enabled = 1
gpgcheck = 0' > /etc/yum.repos.d/rhel-7-server-rpms.repo
  • Now we need to let yum update and test it out
yum updateinfo

#If there are packages to update, give it a shot
yum update

Keeping your repository server up to date

The best bet is to create a cron script that runs the reposync and createrepo commands each night when bandwidth is low. Just run the same commands as above and update permissions. I also suggest using the timeout command which kills anything that doesn’t finish by the alloted time. This way you don’t have 10 scripts all trying to sync over each other if they don’t finish.

timeout 120 reposync -q --gpgcheck -l --repoid=rhel-7-server-rpms \ --download_path=/usr/share/nginx/html --downloadcomps --download-metadata

timeout 120 createrepo rhel-7-server-rpms