If you manage a bunch of Redhat Enterprise Linux servers (RHEL), it can be wasteful or difficult to update packages from the internet each time (or you don’t have enough subscriptions). So let’s create a package repository on a local server which will update every night and allow the other internal servers to access it. This is particularly useful if only one server on your network has internet access or you have a slower connection.
NOTE: You will need a good amount of storage space to do this. I suggest 1TB at minimum. Also create a separate partition just for the web server and rpm files.
Here are some articles that go into more detail on each option:
Can update RPMs from DVD: RPM DVD
Cam update RPMs from a server that has internet access: RPM Internet
Other update options (run own yum server, etc):Update Options
Nice 2 page PDF Yum Cheat Sheet: Yum Commands
Setup the local Redhat repository server
- Setup the repo server first by creating a subscription and selecting the pool of updates. Change the username to your Redhat account, and change the pool_id_from_above (a string of random numbers and letters) to the output give from the command above it.
subscription-manager register --username [email protected] --auto-attach
subscription-manager list --available --all
subscription-manager attach --pool=pool_id_from_above
- Now enable all the repositories that you will need (at least for now). The repo from this example is: “rhel-7-server-rpms” which covers the majority of packages for RHEL 7.x and is enabled by default. To get a list of repos available, look at the “/etc/yum.repos.d/redhat.repo” file or run “yum repolist all”. There is a section for each repo (the repo name starts with a bracket [ ) in that file. There are a lot of them!
- To enable a specific repo for your master machine that you found in that list:
subscription-manager repos --enable rhel-7-server-optional-source-rpms
- Great, now we have the repository locally enabled, lets add a web server so other machines can download them through http. Installing Apache is outside the realm of this tutorial, we can install nginx real pretty easily. You can read more on it here:
Install a Web Server - Nginx
enabled=1' > /etc/yum.repos.d/nginx.repo
#Add the information to yum and install Nginx
yum install nginx
#Start on boot and start it now
systemctl enable nginx.service
systemctl start nginx.service
#Make sure it is active and running OK
systemctl status nginx.service
- Once installed, we need to allow the local firewall to give access to the web server.
#First get a list of the current default zone
#It should be public, now let us list everything in that zone
firewall-cmd --zone=public --list-all
#Now enable http services to that zone (change this to https if you're using SSL)
firewall-cmd --permanent --zone=public --add-service=http
#Verify it is enabled
firewall-cmd --zone=public --list-services
#Reload and make it work
#The last step is to enable HTTP serving from the directory
#SELinux might block your requests by default
#Change /var/www/html to your serving directory
chcon -Rt httpd_sys_content_t /usr/share/nginx/
- Don’t forget to edit your index.html with some useful information. You can turn on directory listing if you want to be nice.
- Now that we have identified all the repositories and have a web server, lets download all the files in one. This will be our local cache. Make sure to put this on a separate partition so you don’t max out a system or root partition. This part will take awhile as it is about 35GB at the time of writing (Feb 2019).
reposync --gpgcheck -l --repoid=rhel-7-server-rpms \
--download_path=/usr/share/nginx/html --downloadcomps --download-metadata
- Now the fun part, let’s configure the repository so it’s all Redhat-y. This involves installing createrepo. This program creates the repo database that yum needs. It might take awhile.
yum install createrepo
createrepo -v rhel-7-server-rpms
#Fix permissions so the web server can read them
chown -R nginx:nginx /usr/share/nginx/
- That is it for the server side of things. Make sure you can browse to your server (http://server_ip) and see the package repo.
Setup the local clients
- Now for each client that you want to use this repo server, we have to add a .repo file to them which points to our internal server/ip
- You will have to duplicate this configuration for each repo that is enabled, you can use the same file or multiple files to keep is more organized.
- Here is the example for our rhel-7-server-rpms repo, replace 192.168.1.100 with your internal ip address or FQDN. Read more here: Redhat
metadata_expire = 86400
baseurl = http://192.168.1.100/rhel-7-server-rpms
name = Local Repository for RHEL 7
enabled = 1
gpgcheck = 0' > /etc/yum.repos.d/rhel-7-server-rpms.repo
- Now we need to let yum update and test it out
#If there are packages to update, give it a shot
Keeping your repository server up to date
The best bet is to create a cron script that runs the reposync and createrepo commands each night when bandwidth is low. Just run the same commands as above and update permissions. I also suggest using the timeout command which kills anything that doesn’t finish by the alloted time. This way you don’t have 10 scripts all trying to sync over each other if they don’t finish.
timeout 120 reposync -q --gpgcheck -l --repoid=rhel-7-server-rpms \ --download_path=/usr/share/nginx/html --downloadcomps --download-metadata
timeout 120 createrepo rhel-7-server-rpms