I was just listening to episode 283 of The Linux Link Tech Show and Linc asked if it was possible to mirror channels from the RedHat Network behind a firewall. RedHat offers the RHN satellite server and the RHN Proxy Server to do this however may people find these solutions complicated.
You may want to manage your own local RHN repository if your servers are prevented from communicating with the Internet or you wish to carefully control software updates through a DTAP (Design -> Test -> Acceptance -> Production) process. Whatever the reason please make sure you support RedHat by having a subscription for each and every server that you update. If you are not able to afford it please use CentOS instead and you will be able to achieve the same thing for free but without RedHat support. CentOS uses the same code base as RHEL but with the RedHat Trademarks removed.
First register the gateway server with the RedHat Network
If you need to go through a proxy server use
rhn_register --nox --proxy=myproxy:8080
yum-utils package from the RHN.
yum install yum-utils
After this is installed you will be able to use the
reposync command to download the channel locally. You can use “yum repolist” to get a list of the channels you are subscribed to. I’m assuming that you are subscribing to the RedHat Enterprise Linux 5 64 bit version for this example. You can download as many channels as you like if you have the subscription and the disk space.
reposync -p /opt/mylocalrepo/ --repoid=rhel-x86_64-server-5 -l
Now you can yummify the local directory using the
createrepo command. This goes through all the RPM’s and extracts version and dependency information which it uses to generate XML metadata files that the
yum command can understand.
If you add your own RPMs or RPM’s from EPEL, DAG, etc to the repository then you need to re-run the
createrepo command. A sub directory will be created called getPackage that holds all the RedHat RPM’s. You can add your own RPM’s where you like under the channel directory and they will will be picked up by the createrepo command.
Point apache at the local directory so that it’s accessible from an internal url e.g: http://myserver.local/myrepo/. You could also use NFS or FTP if you prefer.
Once that is done you can distribute a yum config file for your new repo to
/etc/yum.repos.d/my.repo on all the internal servers.
[rhel-myrepo] name=My Red Hat Enterprise Linux $releasever - $basearch baseurl=http://myserver.local/myrepo/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
All going well you should be able to see your new repo with the command
>yum repolist Loading "security" plugin repo id repo name status rhel-myrepo My Red Hat Enterprise Linux 5Server - x enabled
You can now disable the Red Hat network by setting
enabled = 0 in
/etc/yum/pluginconf.d/rhnplugin.conf to prevent the server trying to connect directly to the RHN. It’s probably safe to turn the Red Hat Network updates service (
rhnsd) off while you are at it.
All the RPM packages from the RHN channel you are subscribed to and your own RPM’s are available as one seamless whole. Now you can use yum to manage your internal servers and dependencies should be resolved from within the entire repository.
The following command will clean out yum’s cache and remove old header information
yum clean all
Next you can list all packages with updates available in the yum repositories.
yum list updates
If you’re happy then you can update the entire machine by running the command
While updating packages, yum will ensure that all dependencies are satisfied.
EDIT: Added info about “yum repolist” and getPackage following feedback from Linc. He also suggests that a “reposync -l” is enough to download the packages for the channels and he is using “reposync -n -l” in his crontab. I’m testing this now.