I was just listening to episode 283 of The Linux Link Tech Show and Linc asked if it was possible to mirror channels from the RedHat Network behind a firewall. RedHat offers the RHN satellite server and the RHN Proxy Server to do this however may people find these solutions complicated.
You may want to manage your own local RHN repository if your servers are prevented from communicating with the Internet or you wish to carefully control software updates through a DTAP (Design -> Test -> Acceptance -> Production) process. Whatever the reason please make sure you support RedHat by having a subscription for each and every server that you update. If you are not able to afford it please use CentOS instead and you will be able to achieve the same thing for free but without RedHat support. CentOS uses the same code base as RHEL but with the RedHat Trademarks removed.
First register the gateway server with the RedHat Network
rhn_register --noxIf you need to go through a proxy server use
rhn_register --nox --proxy=myproxy:8080
Install the yum-utils package from the RHN.
yum install yum-utilsAfter this is installed you will be able to use the reposync command to download the channel locally. You can use “yum repolist” to get a list of the channels you are subscribed to. I’m assuming that you are subscribing to the RedHat Enterprise Linux 5 64 bit version for this example. You can download as many channels as you like if you have the subscription and the disk space.
reposync -p /opt/mylocalrepo/ --repoid=rhel-x86_64-server-5 -l
Now you can yummify the local directory using the createrepo command. This goes through all the RPM’s and extracts version and dependency information which it uses to generate XML metadata files that the yum command can understand.
createrepo /opt/mylocalrepo/
If you add your own RPMs or RPM’s from EPEL, DAG, etc to the repository then you need to re-run the createrepo command. A sub directory will be created called getPackage that holds all the RedHat RPM’s. You can add your own RPM’s where you like under the channel directory and they will will be picked up by the createrepo command.
Point apache at the local directory so that it’s accessible from an internal url e.g: http://myserver.local/myrepo/. You could also use NFS or FTP if you prefer.
Once that is done you can distribute a yum config file for your new repo to /etc/yum.repos.d/my.repo on all the internal servers.
[rhel-myrepo] name=My Red Hat Enterprise Linux $releasever - $basearch baseurl=http://myserver.local/myrepo/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
All going well you should be able to see your new repo with the command
>yum repolist Loading "security" plugin repo id repo name status rhel-myrepo My Red Hat Enterprise Linux 5Server - x enabled
You can now disable the Red Hat network by setting enabled = 0 in /etc/yum/pluginconf.d/rhnplugin.conf to prevent the server trying to connect directly to the RHN. It’s probably safe to turn the Red Hat Network updates service (rhnsd) off while you are at it.
All the RPM packages from the RHN channel you are subscribed to and your own RPM’s are available as one seamless whole. Now you can use yum to manage your internal servers and dependencies should be resolved from within the entire repository.
The following command will clean out yum’s cache and remove old header information
yum clean all
Next you can list all packages with updates available in the yum repositories.
yum list updates
If you’re happy then you can update the entire machine by running the command
yum update
While updating packages, yum will ensure that all dependencies are satisfied.
EDIT: Added info about “yum repolist” and getPackage following feedback from Linc. He also suggests that a “reposync -l” is enough to download the packages for the channels and he is using “reposync -n -l” in his crontab. I’m testing this now.
Thank you for the directions. I am syncing right now. However, I am only syncing with my base channel i386. I have other servers subscribed to the x86_64 base channel. How do I get this server to be subsribed to both the 32bit and 64bit channels? Rather than creating a repo on two machines. Thanks. Hope you can help. Great post.
In addition to my previous comment:
You stated “You can download as many channels as you like if you have the subscription and the disk space.” How do you do this? You cannot sync with a channel you are not subscribed to. I logged into RHN, and a machine can only be subribed to one base channel. Unless I am missing something.
I would like to know the answer to Parker’s question as well.
Parker is correct you can only sync to channels you are subscribed to. In addition if you are subscribed to x86_64 you get most of the packages in i386. But if you have a i386 server that cannot subscribe to the x86_64. So the solution is to maintain a different server for each architecture. Not elegant at all.
Ken.
Parker you can clone (tar) all the real systems that are subscribed to a different channel (one for each channel). Extract all of them on one machine and chroot into them. Then run reposync and createrepo on a shared folder.
Does this work for all versions of 5 server? IE does it get packages and work for 5.3 and 5.4?
Can you still run items like just security updates with this setup?
Question about what the -l does?
I can’t find this option in the reposync optoins. What does the -l (that is dash lower case L) ?
Thank you.
Just as an FYI your article really help me at all and it saved me a lot of time.
We have only right now 2 repos epel-x86_64 and redhat-x86_64 I think both of them have all the packages pretty much.
Now we have a few RHEL 64bit machines I just picked one and mounted the NFS filesystem there (from the actual main packages server) were I do the syncs once a month like Ken says. The epel one you can do it from everywhere just specifying the –arch parameter on the reposync command.
Hope this helps.
the repodata depend where the getPackage folder are. The repodata folder and the getPackage need to be in the same directory… we can re-use the repodata of rhn!
reposync -p /opt/mylocalrepo/ –repoid=rhel-x86_64-server-5 -l
# -l is for load plugin
yum –disablerepo=* –enablerepo=$RELEASE makecache
cp -f /var/cache/yum/$RELEASE/*.gz /var/cache/yum/$RELEASE/*.xml /opt/mylocalrepo/$RELEASE/repodata