How to mirror RHN behind your firewall.

I was just listening to episode 283 of  The Linux Link Tech Show and Linc asked if it was possible to mirror channels from the RedHat Network behind a firewall. RedHat offers the RHN satellite server and the RHN Proxy Server to do this however may people find these solutions complicated.

You may want to manage your own local RHN repository if your servers are prevented from communicating with the Internet or you wish to carefully control software updates through a  DTAP (Design -> Test -> Acceptance -> Production) process. Whatever the reason please make sure you support RedHat by having a subscription for each and every server that you update. If you are not able to afford it please use CentOS instead and you will be able to achieve the same thing for free but without RedHat support. CentOS uses the same code base as RHEL but with the RedHat Trademarks removed.

First register the gateway server with the RedHat Network

rhn_register --nox

If you need to go through a proxy server use

rhn_register --nox --proxy=myproxy:8080

Install the yum-utils package from the RHN.

yum install yum-utils

After this is installed you will be able to use the reposync command to download the channel locally. You can use  “yum repolist” to get a list of the channels you are subscribed to. I’m assuming that you are subscribing to the RedHat Enterprise Linux 5 64 bit version for this example. You can download as many channels as you like if you have the subscription and the disk space.

reposync -p /opt/mylocalrepo/ --repoid=rhel-x86_64-server-5 -l

Now you can yummify the local directory using the createrepo command. This goes through all the RPM’s and extracts version and dependency information which it uses to generate XML metadata files that the yum command can understand.

createrepo /opt/mylocalrepo/

If you add your own RPMs or RPM’s from EPEL, DAG, etc to the repository then you need to re-run the createrepo command. A sub directory will be created called getPackage that holds all the RedHat RPM’s. You can add your own RPM’s where you like under the channel directory and they will will be picked up by the createrepo command.

Point apache at the local directory so that it’s accessible from an internal url e.g: http://myserver.local/myrepo/. You could also use NFS or FTP if you prefer.
Once that is done you can distribute a yum config file for your new repo to /etc/yum.repos.d/my.repo on all the internal servers.

[rhel-myrepo]
name=My Red Hat Enterprise Linux $releasever - $basearch
baseurl=http://myserver.local/myrepo/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

All going well you should be able to see your new repo with the command

>yum repolist
Loading "security" plugin
repo id     repo name                                status
rhel-myrepo My Red Hat Enterprise Linux 5Server - x  enabled

You can now disable the Red Hat network by setting enabled = 0 in  /etc/yum/pluginconf.d/rhnplugin.conf to prevent the server trying to connect directly to the RHN. It’s probably safe to turn the Red Hat Network updates service (rhnsd) off while you are at it.

All the RPM packages from the RHN channel you are subscribed to and your own RPM’s are available as one seamless whole. Now you can use yum to manage your internal servers and dependencies should be resolved from within the entire repository.

The following command will clean out yum’s cache and remove old header information

yum clean all

Next you can list all packages with updates available in the yum repositories.

yum list updates

If you’re happy then you can update the entire machine by running the command

yum update

While updating packages, yum will ensure that all dependencies are satisfied.

EDIT: Added info about “yum repolist” and getPackage following feedback from Linc. He also suggests that a  “reposync -l” is enough to download the packages for the channels and he is using “reposync -n -l” in his crontab. I’m testing this now.

This entry was posted in General. Bookmark the permalink.

33 Responses to How to mirror RHN behind your firewall.

  1. Parker says:

    Thank you for the directions. I am syncing right now. However, I am only syncing with my base channel i386. I have other servers subscribed to the x86_64 base channel. How do I get this server to be subsribed to both the 32bit and 64bit channels? Rather than creating a repo on two machines. Thanks. Hope you can help. Great post.

  2. Parker Jardine says:

    In addition to my previous comment:
    You stated “You can download as many channels as you like if you have the subscription and the disk space.” How do you do this? You cannot sync with a channel you are not subscribed to. I logged into RHN, and a machine can only be subribed to one base channel. Unless I am missing something.

  3. Steve says:

    I would like to know the answer to Parker’s question as well.

  4. ken_fallon says:

    Parker is correct you can only sync to channels you are subscribed to. In addition if you are subscribed to x86_64 you get most of the packages in i386. But if you have a i386 server that cannot subscribe to the x86_64. So the solution is to maintain a different server for each architecture. Not elegant at all.

    Ken.

  5. Glisha says:

    Parker you can clone (tar) all the real systems that are subscribed to a different channel (one for each channel). Extract all of them on one machine and chroot into them. Then run reposync and createrepo on a shared folder.

  6. Mark says:

    Does this work for all versions of 5 server? IE does it get packages and work for 5.3 and 5.4?

    Can you still run items like just security updates with this setup?

  7. JD Henderson says:

    Question about what the -l does?
    I can’t find this option in the reposync optoins. What does the -l (that is dash lower case L) ?

    Thank you.

  8. Roberto says:

    Just as an FYI your article really help me at all and it saved me a lot of time.

    We have only right now 2 repos epel-x86_64 and redhat-x86_64 I think both of them have all the packages pretty much.

    Now we have a few RHEL 64bit machines I just picked one and mounted the NFS filesystem there (from the actual main packages server) were I do the syncs once a month like Ken says. The epel one you can do it from everywhere just specifying the –arch parameter on the reposync command.

    Hope this helps.

  9. Android says:

    the repodata depend where the getPackage folder are. The repodata folder and the getPackage need to be in the same directory… we can re-use the repodata of rhn!

    reposync -p /opt/mylocalrepo/ –repoid=rhel-x86_64-server-5 -l
    # -l is for load plugin

    yum –disablerepo=* –enablerepo=$RELEASE makecache

    cp -f /var/cache/yum/$RELEASE/*.gz /var/cache/yum/$RELEASE/*.xml /opt/mylocalrepo/$RELEASE/repodata

  10. arumon says:

    Hi,

    Somebody pleasee update the client side configuration also.

    Regards,
    Arumon

  11. Mark Jones says:

    All,

    Is there any way to keep the security errata tags by doing this? Currently, using the security plugin it does not see items tagged as security only.

    So when i run yum update –security it doesn’t see them at all.

    Any ideas?

  12. Peter says:

    Quick question, great write up…..

    In regards to the channels that yum is subscripted too. In your instructions you make referance to using

    reposync -p /opt/mylocalrepo/ –repoid=rhel-x86_64-server-5 -l

    I was able to use that command and it worked GREAT….My question is as follows when trying to subscribe to another arch such as the 32 bit.

    Im using:
    reposync -p /opt/mylocalrepo/ –repoid=rhel-i386-server-5 -l

    But when i do it downloads nothing, and i havent found a list of the known channels i can subscribe too on the RH site for the 32 bit version. my repolist command shows the above channel so im confused.

    Would you happen to know where a update list per RHN is that i can use with my RHN ID? Or some info there of?

  13. CloudAdmin says:

    The easiest way to check the Channel ID for reposync to work, log into RHN, click on Channels then select your version. After the page refreshes you can expand the selection (in this case Red Hat Enterprise Linux Server 5. Click on the architecture link to the right (in blue). when the page refreshes, you will the third line down titled “Label”, that will give you the name to put in the resposync command.
    for Virtualization:
    reposync -p -repoid=rhel-x86_64-server-vt-5 -l
    for i386
    reposync -p -repoid=rhel-x86-server-5 -l
    which is why you did not get any packages when you ran reposync.

    also man reposync will give you all the flags for the reposync command. Also – when updating you will want to add the flag -n for new packages only.

    good day,
    CA

  14. MikeF says:

    Does anyone have a reply to Mark Jones about the security tag on the errata, I see the same thing and would like to be able to install just security errata.

    Thanks,
    Mike

  15. AndreaStella says:

    @MikeF
    If you reuse tags as Android suggested above, you pick up security tags just fine.
    Verified here and it works.

  16. Mohamed Lrhazi says:

    Anyone knows if there are any legal issues with this practice? Does Red Hat allow its customers to do this and does it support them?

    Thanks a lot.

  17. Tal Hazan says:

    Another idea is to create shared mountpoint (NFS) on each subscribed system.

    Then run the suggested idea above and sync repositories to a central location.

    Build antoher server that will serve the repositories by using that shared mountpoint will provide all other systems services.

    i don’t think red hat will like it tho :)

  18. Tim says:

    Sometime in the past few weeks, the reposync syntax changed. I had to change my reposync command to the following in order to get downloads working:

    reposync --gpgcheck -l --repoid=rhel-x86_64-server-5 --download_path=/usr/local/repo
    

    This Redhat KB article was updated on March 28, 2011 with the syntax that works:

    How do I create a local mirror of the latest update for Red Hat Enterprise Linux 5 without using Satellite server?

  19. Pingback: Configuring yum locally.

  20. Pingback: Patching in offline systems

  21. Pingback: rpm gui packages

  22. Pingback: Registered by RHEL5 Workstation with Red Hat on the Internet Easy Questions

  23. Chris says:

    If you want to download only security updates you need to re-install the security plugin on the client:

    yum install yum-security

    After the plugin installed you will be able to run:

    yum update –security

  24. Hil says:

    This is what I did for CentOS 6 (and actually 5, but to save space just showing 6)…

    – Build a CentOS server that has internet access and pick the options to set it up as a web server with plenty of disk space (~7GB per repo).
    – Install yum-utils and createrepo
    – Make the directories:
    — /var/www/html/pub/centos
    — /var/www/html/pub/keys
    — /var/www/html/pub/yum_repos
    – Create the file /etc/reposync.conf with the following:
    ### Start REPOSYNC.CONF ###
    ##############################################################
    # CENTOS 6 32-bit
    ##############################################################
    [centos-6-i386-base]
    name = CentOS 6 i386 – Base
    baseurl = http://mirror.centos.org/centos/6/os/i386/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-i386-updates]
    name = CentOS 6 i386 – Updates
    baseurl = http://mirror.centos.org/centos/6/updates/i386/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-i386-extras]
    name = CentOS 6 i386 – Extras
    baseurl = http://mirror.centos.org/centos/6/extras/i386/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-i386-plus]
    name = CentOS 6 i386 – Plus
    baseurl = http://mirror.centos.org/centos/6/centosplus/i386/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [epel6-i386]
    name=Extra Packages for Enterprise Linux 6 – i386
    baseurl=http://download3.fedora.redhat.com/pub/epel/6/i386
    failovermethod=priority
    gpgkey=http://download3.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
    gpgcheck=1
    enabled=1
    includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \
    jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \
    perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \
    perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \
    perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \
    perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \
    perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \
    perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \
    perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \
    perlAlgorithm-Diff python-cheetah python-dmidecode python-hashlib python-netaddr PyYAML \
    python-simplejson rhino tzdata-java udns*

    [rpmforge-el6-i386]
    name = RPMforge for Enterprise Linux 6 – i386
    baseurl = http://apt.sw.be/redhat/el6/en/i386/dag
    gpgkey = http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
    gpgcheck=1
    includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \
    perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo

    ##############################################################
    # CENTOS 6 64-bit
    ##############################################################
    [centos-6-x86_64-base]
    name = CentOS 6 x86_64 – Base
    baseurl = http://mirror.centos.org/centos/6/os/x86_64/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-x86_64-updates]
    name = CentOS 6 x86_64 – Updates
    baseurl = http://mirror.centos.org/centos/6/updates/x86_64/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-x86_64-extras]
    name = CentOS 6 x86_64 – Extras
    baseurl = http://mirror.centos.org/centos/6/extras/x86_64/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [centos-6-x86_64-plus]
    name = CentOS 6 x86_64 – Plus
    baseurl = http://mirror.centos.org/centos/6/centosplus/x86_64/
    gpgkey = http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    gpgcheck=1

    [epel6-x86_64]
    name=Extra Packages for Enterprise Linux 6 – x86_64
    baseurl=http://download3.fedora.redhat.com/pub/epel/6/x86_64
    failovermethod=priority
    gpgkey=http://download3.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
    gpgcheck=1
    enabled=1
    includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \
    jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \
    perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \
    perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \
    perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \
    perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \
    perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \
    perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \
    perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \
    perlAlgorithm-Diff python-cheetah python-dmidecode python-hashlib python-netaddr PyYAML \
    python-simplejson rhino tzdata-java udns*

    [rpmforge-el6-x86_64]
    name = RPMforge for Enterprise Linux 6 – x86_64
    baseurl = http://apt.sw.be/redhat/el6/en/x86_64/dag
    gpgkey = http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
    gpgcheck=1
    includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \
    perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo
    ### End REPOSYNC.CONF ###

    – Create the file /etc/cron.daily/reposyncjob and make it executable with the following:
    ### Start REPOSYNCJOB ###
    # Check to see if another process is running.
    LOCKFILE=/var/run/repo_sync.lock
    if [ -f $LOCKFILE ]
    then
    echo “Another instance already running. Aborting.”
    exit 1
    fi
    trap “{ rm -f $LOCKFILE ; exit 255; }” EXIT
    touch $LOCKFILE

    destdir=”/var/www/html/pub/centos”

    reposync –repoid=centos-* -c /etc/reposync.conf -p $destdir -d -l -g -n -q > /dev/null
    reposync –repoid=epel* -c /etc/reposync.conf -p $destdir -d -l -g -n -q > /dev/null
    reposync –repoid=rpmforge-el* -c /etc/reposync.conf -p $destdir -d -l -g -n -q > /dev/null

    ls -1 $destdir | while read fn
    do
    if [ -d $destdir/$fn ]
    then
    createrepo $destdir/$fn > /dev/null
    fi
    done
    ### End REPOSYNCJOB ###

    – Get the keys for each repository.
    — cd /var/www/html/pub/keys
    — wget http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6
    — wget http://download3.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL
    — wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
    – Import the keys so yum reconizes the keys: rpm –import *
    – Now you should be able to start the mirror process. Execute: /etc/cron.daily/reposyncjob
    – Create your custom yum repo configuration. Create the file (as an example): /var/www/html/pub/yum_repos/servername-CentOS.repo
    ### START servername-CENTOS.REPO ###
    [base]
    name=CentOS-$releasever – Base
    baseurl=http://servername/pub/centos/centos-$releasever-$basearch-base/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY-CentOS-$releasever
    gpgcheck=1

    #released updates
    [updates]
    name=CentOS-$releasever – Updates
    baseurl=http://servername/pub/centos/centos-$releasever-$basearch-updates/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY-CentOS-$releasever
    gpgcheck=1

    #additional packages that may be useful
    [extras]
    name=CentOS-$releasever – Extras
    baseurl=http://servername/pub/centos/centos-$releasever-$basearch-extras/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY-CentOS-$releasever
    gpgcheck=1

    #additional packages that extend functionality of existing packages
    [centosplus]
    name=CentOS-$releasever – Plus
    baseurl=http://servername/pub/centos/centos-$releasever-$basearch-plus/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY-CentOS-$releasever
    gpgcheck=1
    enabled=0

    # Enterprise Linux Extra Packages
    [epel]
    name=epel$releasever
    baseurl=http://servername/pub/centos/epel$releasever-$basearch/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY-EPEL
    gpgcheck=1

    # RPMForge Extra Packages
    [rpmforge]
    name=rpmforge-el$releasever
    baseurl=http://servername/pub/centos/rpmforge-el$releasever-$basearch/
    gpgkey=http://servername/pub/keys/RPM-GPG-KEY.dag.txt
    gpgcheck=1
    ### END servername-CENTOS.REPO ###

    =============
    On the client server
    =============
    – mkdir /etc/yum.repos.d/old
    – cd /etc/yum.repos.d
    – mv * /etc/yum.repos.d/old
    – wget http://servername/pub/yum_repos/servername-CentOS.repo
    – yum clean

  25. OTLabs says:

    Noy you can use:
    createrepo --update --workers=6 /opt/repos/

  26. Steven says:

    I have setup a RHEL 5 (server abc) with reposync and able to download the rpm from RHN. Have create the repo for it as well without issue.

    Question:
    1) Could I centralize RHEL 4 into the same server abc – RHEL 5?
    I tried to download RHEL 4 using /usr/bin/reposync -l –repoid=rhel-x86_64-es-4
    I am just getting the below message without any download.
    Config time: 0.076
    Running “init” handler for “rhnplugin” plugin
    Looking for repo options for [rhel-x86_64-server-5]
    Reading Local RPMDB
    rpmdb time: 0.000
    repo time: 0.000
    Setting up Package Sacks

    I tried to copy the RHEL 4 server systemid and replace the RHEL 5 (server abc) systemid and run /usr/bin/reposync -l –repoid=rhel-x86_64-es-4
    This time I get the below:
    Loading “rhnplugin” plugin
    Config time: 0.076
    Running “init” handler for “rhnplugin” plugin
    There was an error communicating with RHN.
    RHN channel support will be disabled.

    Error Message:
    Please run rhn_register (or up2date –register on Red Hat Enterprise Linux 3 or later)
    as root on this client
    Error Class Code: 9
    Error Class Info: Invalid System Credentials.
    Explanation:
    An error has occurred while processing your request. If this problem
    persists please enter a bug report at bugzilla.redhat.com.
    If you choose to submit the bug report, please be sure to include
    details of what you were trying to do when this error occurred and
    details on how to reproduce this problem.

    Reading Local RPMDB
    rpmdb time: 0.000
    repo time: 0.000
    Setting up Package Sacks

    The main objective is to use ONE server RHEL 5 for centralize download of patch from RHN for RHEL 4/5/6 version. How could that be done?

  27. Hil says:

    Updated for backward compatibility: createrepo $destdir/$fn > /dev/null has been changed to createrepo –checksum sha $destdir/$fn > /dev/null

  28. Steve says:

    I’m working in a D.O.D facility with no internet access to the servers yet I have over a dozen RHEL (4, 5, and 6) servers that I need to get updates to. Is it possible to build 1 server (preferably RHEL 6) to be a yum repo server, download all the updates for 4, 5, and 6, copy them to a portable/external HD, then copy them to this server that has access to our internal servers that need updated?

    Thanks in advance for your help!

  29. amit says:

    Hi,

    I am trying to configure yum repository following your article.

    IF i configure repository on base OS RHEL 6.8 64 bit,will this server to all RHEL 6.x 64 bit version OS or only RHEL 6.8 version only.
    Please clarify.

    Thanks in advance.

    Regards,
    Amit

  30. amit says:

    Hi All,

    I setup local yum repository for my company’s local environment.
    Now there are 10,000 packages in the folder /opt/rhel6repo where i downloded rpm from RHN.While i am trying to yum list on yum server,only 4050 rpms are shown,is there something wrong.

    On the yum client machine,whee i want to install packages,only 4000+ rpms are shown.

    I think count should match on yum server and client machines.Please suggest if something is wrong.

    Thanks in advance.

    Regards,
    Amit

    On yum server,this is the mismatch::

    yum list|wc -l

    4050
    yum repolist all
    Loaded plugins: aliases, changelog, downloadonly, kabi, presto, product-id, rhnplugin, security, subscription-manager, tmprepo, verify, versionlock
    This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    This system is receiving updates from RHN Classic or RHN Satellite.
    Loading support for Red Hat kernel ABI
    repo id repo name status
    rhel-source Red Hat Enterprise Linux 6Server – x86_64 – Source disabled
    rhel-source-beta Red Hat Enterprise Linux 6Server Beta – x86_64 – Source disabled
    rhel-x86_64-server-6 Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) enabled: 10,835
    repolist: 10,835

  31. Lucky says:

    Hi all,

    Amit, my be you can try :

    #yum clean all
    # yum repolist

    In your client servers.

    That clean all old headers from the cache and then catch the new ones.

    Best regards.

    Lucky

  32. Anthony says:

    Thanks for the excellent walk-through — this helped me set this up at my new job.

    I suggest adding the scantily-documented –download-metadata switch to reposync to grab the comp.xml file for package groups. I had a user complain about package group installation (eg. “X Window System”) not working and it took me a while to figure out that this wasn’t grabbed by default. This file is then fed to createrepo with the –groupfile switch.

  33. Anthony says:

    I also found that one can have repos defined in /etc/yum.repos.d but disabled to keep yum from accidentally seeing them, but which reposync can use just fine. Just an alternative to keeping separate config files.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>