Create Local Yum repo using RHN with Security Errata information
Local YUM repository is useful when you do not have internet access on all Linux system.
In my environment some system don't have internet access and some systems has issues with RHN registration.
Redhat has provided reposync command to sync RHN repositories and I was able to do so.
I configured web server to make my repo available using web/http server.Then I pointed to another RHEL system to get updates from local yum.
I was able to see the updates but I could not see the security updates available.
"No packages needed for security; 45 packages available"
By default createrepo command does not include security errata information in repodata and it does not make it available for client system to download updateinfo.xml which contains security errata.
- # yum check-update --security
Limiting package lists to security relevant ones
No packages needed for security; 45 packages available
bind-libs.i686 32:9.8.2-0.30.rc1.el6_6.1 rhel6repo-dc1-nixmgmt01
device-mapper-event-libs.i686 1.02.90-2.el6_6.1 rhel6repo-dc1-nixmgmt01
device-mapper-libs.i686 1.02.90-2.el6_6.1 rhel6repo-dc1-nixmgmt01
glibc-devel.i686 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
jasper-libs.i686 1.900.1-16.el6_6.3 rhel6repo-dc1-nixmgmt01
libcurl.i686 7.19.7-40.el6_6.4 rhel6repo-dc1-nixmgmt01
libssh2.i686 1.4.2-1.el6_6.1 rhel6repo-dc1-nixmgmt01
lvm2-libs.i686 2.02.111-2.el6_6.1 rhel6repo-dc1-nixmgmt01
nss.i686 3.16.2.3-3.el6_6 rhel6repo-dc1-nixmgmt01
nss-softokn.i686 3.14.3-22.el6_6 rhel6repo-dc1-nixmgmt01
nss-util.i686 3.16.2.3-2.el6_6 rhel6repo-dc1-nixmgmt01
openssl.i686 1.0.1e-30.el6_6.5 rhel6repo-dc1-nixmgmt01
I found lot of article's which explains how to create local yum repository using RHN repo or using DVD's but did not found anything useful which explain how to include security Errata in local repo.Configure Local Yum server:
My Setup:
Local YUM Server:
- Operating System - RHEL 6.6 x86_64
- RAM - 2 GB
- vCPU - 1
- OS DIsk - 30 GB
- Disk to Store Repo's = 100GB
- Internet access is available and system is registered with RHN.
Yum Client:
- Operating System - RHEL 6.6 x86_64
- RAM - 2 GB
- vCPU - 1
- Also now am using this repo to update many other production and non-prod systems.
- Considering you have root access server and client systems.
Packages required on server:
- yum-utils
- createrepo
Install above packages if not installed
- #yum install yum-utils
- #yum install createrepo
List repo's which are made available to server. f you do not see required repo's, Login to RHN portal and subscribe your system to different channels.
- #yum repolist
Note down the repo name which you need to sync with and download all packages from it.
My setup is simple so I need to have updates only for operating system, so I would be downloading only updates from rhel-x86_64-server-6 repository.
As per your environment you may consider to download additional repo's locally.
Create directory to save repository packages.
- #mkdir /repo/repositories/rhel6
Make sure you have at lease 30 GB free on this disk to sync one repo.
Run below command to synchronize Base operating system RHN repository Locally.
- #reposync --gpgcheck -l --repoid=rhel-x86_64-server-6 --download_path=/repo/repositories/rhel6 --download-metadata
It will download all available packages with metadata like security errata and package group information file comps.xml.
Above command will download all the available packages from RHN channel. In my setup it took 25 GB space to download all packages.
If you would like save some space and time, you may consider to download only latest available packages by adding -n switch to above command.
Sync only latest packages
- #reposync --gpgcheck -l --repoid=rhel-x86_64-server-6 --download_path=/repo/repositories/rhel6 --download-metadata -n
Once reposync command completed successfully, run below command to create repodata.
- #createrepo -v /repo/repositories/rhel6/rhel-x86_64-server-6 -g /repo/repositories/rhel6/rhel-x86_64-server-6/comps.xml
This will create repodata with local packages information and provide comps.xml path to repodata so that it can include group package information such X Windows.
When next time you run createrepo add --update switch to above command to save some time.
- #createrepo --update -v /repo/repositories/rhel6/rhel-x86_64-server-6 -g /repo/repositories/rhel6/rhel-x86_64-server-6/comps.xml
Adding Security Errata to repodata
Decompress update information file.
Update info file name would be -
e.g. df95e702822e2ca2eec71b11e3d4f34cd36f33af0645e44c1f8ab21c7d2fea6f-updateinfo.xml.gz
- #gzip -d /repo/repositories/rhel6/rhel-x86_64-server-6/*-updateinfo.xml.gz
Rename file to keep only name as updateinfo.xml
- #mv /repo/repositories/rhel6/rhel-x86_64-server-6/*-updateinfo.xml /repo/repositories/rhel6/rhel-x86_64-server-6/updateinfo.xml
Modify repodata to add security errata/update info to repodata
- #modifyrepo /repo/repositories/rhel6/rhel-x86_64-server-6/updateinfo.xml /repo/repositories/rhel6/rhel-x86_64-server-6/repodata
Configure Yum repository in web server for Clients
I have used httpd to configure virtual web server and make this repo available to client systems.
Install required httpd packages, if already not installed.
Modify httpd.conf
Enable name based virtual hosting & add virtual web host/site
- #vi /etc/httpd/conf/httpd.conf
NameVirtualHost 10.x.x.x:80 # Use name-based virtual hosting. ( find it in file)
#At end of the file add virtual host.
### ---> Redhat Linux 6 Repository --> ###
<VirtualHost 10.x.x.x:80>
ServerAdmin Admin@domain.com
DocumentRoot /repo/repositories/rhel6/rhel-x86_64-server-6
ServerName rhel6repo.virtualprh.com
ErrorLog logs/rhel6repo-error_log
CustomLog logs/rhel6repo-access_log common
<Directory "/repo/repositories/rhel6/rhel-x86_64-server-6" >
Options All Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Save file and quit.
Start web server and make auto start after system restart.
- #service httpd start
- #chkconfig httpd on
Yum Client configuration
create yum repo file & add below lines
- #cd /etc/yum.repos.d
- #vi rhel6repo.repo
[rhel6repo-dc1-nixmgmt01]
name= Redhat Linux 6 Repo dc1-nixmgmt01
baseurl=http://rhel6repo.virtualorh.com
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
protect=1
save file and quit.
If your client system is registered with RHN disable it.
Make enabled 0 from 1 to disable rhn
- #vi /etc/yum/pluginconf.d/rhnplugin.conf
[main]
enabled = 0
gpgcheck = 1
Now can run yum commands to view new local repository available and install required packages or security updates.
- # yum repolist
Loaded plugins: downloadonly, product-id, security, subscription-manager
rhel6repo-dc1-nixmgmt01 | 4.1 kB 00:00
repo id repo name status
rhel6repo-dc1-nixmgmt01 Redhat Linux 6 Repo dc1-nixmgmt01 14,589
repolist: 14,589
Check available security updates
- # yum check-update --security
Loaded plugins: downloadonly, product-id,
security, subscription-manager
Limiting package lists to security relevant ones
rhel6repo-dc1-nixmgmt01/updateinfo | 2.5 MB 00:02
20 package(s) needed for security, out of 44 available
curl.x86_64 7.19.7-40.el6_6.3 rhel6repo-dc1-nixmgmt01
device-mapper-event-libs.i686 1.02.90-2.el6_6.1 rhel6repo-dc1-nixmgmt01
device-mapper-libs.i686 1.02.90-2.el6_6.1 rhel6repo-dc1-nixmgmt01
glibc.i686 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
glibc.x86_64 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
glibc-common.x86_64 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
glibc-devel.x86_64 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
glibc-headers.x86_64 2.12-1.149.el6_6.5 rhel6repo-dc1-nixmgmt01
jasper-libs.x86_64 1.900.1-16.el6_6.3 rhel6repo-dc1-nixmgmt01
kernel.x86_64 2.6.32-504.8.1.el6 rhel6repo-dc1-nixmgmt01
kernel-firmware.noarch 2.6.32-504.8.1.el6 rhel6repo-dc1-nixmgmt01
kernel-headers.x86_64 2.6.32-504.8.1.el6 rhel6repo-dc1-nixmgmt01
.............output truncated..........................
Install security updates
- #yum update --security
You can also install any specific package as required
- #yum install <package Name>
With this your local yum server & client configuration is completed.
Create repo file for your local repository to use it on multiple servers:
on Yum server inside repository directory which also a document root for our website create below file and save it.
- #vi rhel6repo.repo
[rhel6repo-dc1-nixmgmt01]
name= Redhat Linux 6 Repo dc1-nixmgmt01
baseurl=http://rhel6repo.virtualprh.com
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
protect=1
To configure local yum repo client on any new server, run below commands- #cd /etc/yum.repos.d
- #wget http://rhel6repo.virtualprh.com/rhel6repo.repo
Bash script to update Local yum repository
I have created below shell script to do:
- Download updated packages from RHN.
- Create repodata
- Update repodata with security Errata information
- Send email to me if any steps get failed.
What you need to use it:
- Save this file as .sh
- Register your server with RHN
- Create directory to save package and modify path in below script if needed.
- Schedule this script to run every day and download latest available packages.
Download script from this link - rhel-syncrepo.sh
________________________________________________________________________________
#!/bin/bash
#Log File -
today=$(date +"%d-%m-%Y")
LOG=/tmp/reposync-$today.log
my_hostname=$(hostname)
FatalRecipient='Haridas.Vhadade@virtualprh.com'
FatalSubject="Error received while RHN repo sync $my_hostname"
function Fatal () {
echo -e "$@" | mail -s "$FatalSubject" "$FatalRecipient"
exit 1
}
echo "-----------------------------------------------------------------------------------" &> $LOG
echo -e "###\t\tStarting RHEL 6 Repo Sync from RHN at `date +"%k:%M %d/%m/%Y"`\t\t###" &>> $LOG
echo "-----------------------------------------------------------------------------------" &>> $LOG
#Clean Yum Cache
yum clean all &>> $LOG
if [ $? -ne 0 ]
then
echo "Error rceived while yum clean " &>> $LOG
Fatal "Error rceived while running yum clean "
exit 1
fi
#Sync RHEL 6 x86_64 Repo from RHN
/usr/bin/reposync --gpgcheck -l --repoid=rhel-x86_64-server-6 --download_path=/repo/repositories/rhel6 --download-metadata &>> $LOG
if [ $? -ne 0 ]
then
echo "Error rceived while reposync " &>> $LOG
Fatal "Error rceived while running reposync "
exit 1
fi
#Update repodata
createrepo --update -v /repo/repositories/rhel6/rhel-x86_64-server-6 -g /repo/repositories/rhel6/rhel-x86_64-server-6/comps.xml &>> $LOG
if [ $? -ne 0 ]
then
echo "Error rceived while running update repodata " &>> $LOG
Fatal "Error rceived while running update repodata "
exit 1
fi
#Delete old updateinfo.xml
rm -f /repo/repositories/rhel6/rhel-x86_64-server-6/updateinfo.xml &>> $LOG
#extract updateinfo.xml
gzip -d /repo/repositories/rhel6/rhel-x86_64-server-6/*-updateinfo.xml.gz &>> $LOG
if [ $? -ne 0 ]
then
echo "Error rceived while extracting gzip updateinfo xml " &>> $LOG
Fatal "Error rceived while extracting gzip update info xml "
exit 1
fi
#Rename xml file to updateinfo.xml
mv /repo/repositories/rhel6/rhel-x86_64-server-6/*-updateinfo.xml /repo/repositories/rhel6/rhel-x86_64-server-6/updateinfo.xml &>> $LOG
#Modify repodata with update info
modifyrepo /repo/repositories/rhel6/rhel-x86_64-server-6/updateinfo.xml /repo/repositories/rhel6/rhel-x86_64-server-6/repodata &>> $LOG
if [ $? -ne 0 ]
then
echo "Error rceived while updating repodata with updateinfo xml " &>> $LOG
Fatal "Error rceived while updating repodata with update info xml "
exit 1
fi
echo "-----------------------------------------------------------------------------------" &> $LOG
echo -e "###\t\tCompleted RHEL 6 Repo Sync from RHN at `date +"%k:%M %d/%m/%Y"`\t\t###" &>> $LOG
echo "-----------------------------------------------------------------------------------" &>> $LOG
echo "RHEL 6 Repo Sync from RHN Completed" | mail -s "RepoSync RHEL 6 x86_64 Completed" "$FatalRecipient"
________________________________________________________________________________
Note, Am just sharing the solution which worked for me, there are many ways to accomplish anything. Use it at your own risk.
No comments:
Post a Comment