Configure a Local Yum Server Mirror on Oracle Linux

0
0
Send lab feedback

Configure a Local Yum Mirror on Oracle Linux

Introduction

The following tutorial shows you how to set up a local Yum mirror, and configure a client to access to the local yum repositories.

Background

Mirroring yum repositories for software distribution helps manage system updates for critical production environments. Common use cases include:

  • Providing access to yum repositories for systems that do not have access to a public network
  • Improving software download times and reducing bandwidth overhead for larger infrastructure
  • Setting up network-based installation strategies
  • Catering for a snapshot style update strategy where testing can be performed against a controlled software distribution environment

Objectives

This lab attempts to replicate the tasks to set up a local yum mirror, and to configure client access to the mirrored repositories in an on premise environment. You will perform some steps in the lab that are not necessarily required due to the configuration and constraints of the lab environment.

In this lab, you:

  • Install the latest version of yum-utils
  • Check storage requirements
  • Install httpd and configure a web server
  • Configure the firewall settings
  • Use reposync to download and create a local repository
  • Configure client access to the local yum mirror

What Do You Need?

If you run the lab in your own environment, ensure the following:

  • Two fully patched systems with Oracle Linux 8 or later installed
  • A minimum of one additional storage device

Prepare a Local Yum Server

You can configure a local server to mirror the yum repositories to systems within your network. Repository mirrors can help reduce network overhead and can speed up system updates. Systems that are not able to connect to the Internet, either directly or by using a proxy, can also use this approach to keep up to date with the latest software.

To prepare the local server, you:

  • Install the latest version of yum-utils on ol-server
  • Check the storage space required to locally mirror the repositories

  1. Read the instructions in the following Oracle Linux Lab Basics guide for connection and other usage instructions.

  2. Open a terminal and connect to the ol-server instance.

  3. Install yum-utils package to ensure you are running the latest version of the software.

    sudo dnf install -y yum-utils

    yum-utils provides the packages and tools needed to create, configure, and manage a local repository. Using the latest version of yum-utils is not the only requirement needed to set up a local mirror.

    You also need to consider the disk space required to store copies of the packages that it hosts. Disk space requirements depend on the yum repositories that you choose to mirror. For more information on disk space considerations when setting up a local mirror, please refer to Chapter 8, Use Software Distribution Mirrors , in the Managing Software in Oracle Linux manual.

  4. Use the repoinfo command to assess your disk space requirements.

    sudo dnf repoinfo

    The output displays the storage requirement of the available repositories.

  5. Alternatively, you can view the storage required by a specific repository by using dnf repoinfo <NAME-OF-REPOSITORY>. For example, ol8_baseos_latest.

    sudo dnf repoinfo ol8_baseos_latest

    Your lab environment provides 50GB of additional block storage attached to ol-server. You use the attached storage to store the mirrored repositories.

Configure a Web Server

In this task, you configure a web server to expose the mirrored repositories to your client system. Although you can use other protocols like FTP, HTTP is often used to serve yum repositories to client systems.

  1. Install the httpd package and its dependencies.

    sudo dnf install -y httpd

  2. Use the systemctl command to enable and start the httpd service for immediate use. The command also starts the service automatically after a system reboot.

    sudo systemctl enable --now httpd.service

    To check the status of the service, type:

    sudo systemctl status httpd.service

    The command shows the status as enabled and active.

  3. Configure firewall rules.

    In environments that use a custom firewall profile or an Oracle Cloud Infrastructure instance, add the HTTP service and open the firewall port for the Apache web service (80).

    1. Add the service:

      sudo firewall-cmd --permanent --add-service=http

    2. Add port 80:

      sudo firewall-cmd --permanent --add-port=80/tcp

    3. Reload the configuration:

      sudo firewall-cmd --reload

      The commands enable the firewall port for the Apache web service and reloads the firewall service.

Create a Base Directory for the Repository

The Oracle documentation suggests a good practice is mirroring remote repositories onto a second disk device. Your lab instance (ol-server) has a 50G block volume (sdb). This block volume is a raw device without a partition or a file system. You create the base directory on this device.

  1. Enable the ocid service. The ocid service performs iSCSI initiator discovery and login on the instance.

    sudo systemctl enable --now ocid.service
    sudo systemctl status ocid.service

  2. Create a single partition on sdb. When prompted, enter:

    • n at the Command prompt to create a new partition
    • Press Enter to except the default values
    • w To save the partition at the second Command prompt.

    See the sample command output.

    sudo fdisk /dev/sdb

    Sample command output:

    Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xfaf78b68.

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): 

Using default response p.
Partition number (1-4, default 1): 
First sector (2048-104857599, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-104857599, default 104857599): 

Created a new partition 1 of type 'Linux' and of size 50 GiB.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

    The command creates the sdb1 device.

  3. Create a file system on sdb1.

    sudo mkfs -t xfs -L OL-Repo /dev/sdb1

    The command creates an 50G XFS file system.

  4. Create a mountpoint directory and mount the file system.

    Use the mkdir command to create the mountpoint.

    sudo mkdir -p /var/yum

  5. Use the mount command to mount the file system.

    sudo mount /dev/sdb1 /var/yum

  6. Use the df command to display the mounted file system.

    df

  7. Create a symbolic link in /var/www/html that points to the base directory.

    sudo ln -s /var/yum /var/www/html/yum

    This is necessary because the base directory for the yum repository is not under /var/www/html

  8. The lab instance comes with SELinux enforcing mode enabled by default, which requires these additional steps:

    • Install the policycoreutils-python-utils package, which contains /usr/sbin/semanage
    • Use the /usr/sbin/semanage command to define the default file type of the repository root directory
    • Use the 1restorecon1 command to apply the file type to the entire repository

    In this lab, you configure the web server as if enforcing mode remains enabled.

    1. Install the policycoreutils-python-utils package. This package contains the management tools used to manage an SELinux environment.

      sudo dnf install -y policycoreutils-python-utils

    2. Run the following two commands to configure fcontext for the repository files.

      • Define the default file type of the repository root directory.

        sudo /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/yum(/.*)?"

      • Apply the file type to the entire repository.

        sudo restorecon -F -R -v /var/yum

        Depending on site requirements, an alternative option is to change enforcing mode from enabled to permissive in the /etc/selinux/config file. Changing the mode to permissive does not require configuring fcontext.

Create the Local Repositories

In this task, you synchronize the local base directory to the remote repositories.

  1. Use the reposync command to synchronize the remote ol8_baseos_latest and ol8_UEKR6 repositories. Include the --delete,--newest-only, and --repoid options to speed up the download process and to reduce the disk space of the local directories.

    Note: The download process takes several minutes to complete.

    sudo /usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata -p /var/yum
    sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata -p /var/yum

    You can ignore any reposync checksum doesn't match messages in this lab.

  2. Use the ls command to list the downloaded directories.

    ls -al /var/yum/
    • Take a moment and explore the repository directories.
    • Updating a yum mirror involves repeating the reposync command each time, so you could script a cron job to automate the task.

  3. Copy and rename the GPG key file. You reference this key file when you add entries into a local repository file in the Configure Client Access to the Yum Server section.

    sudo cp /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle /var/www/html/RPM-GPG-KEY-oracle-ol8

Configure Client Access to the Yum Server

To allow a client acces to the local Yum repositories, create a file called /etc/yum.repos.d/local-ol8.repo.

  1. Open a terminal window and log in to ol-client, for example:

    ssh oracle@<IP_OF_CLIENT_INSTANCE>

  2. Disable existing repositories. This step disables repositories that are entries in the client's oracle-linux-ol8.repo and ol8_UEKR6.repo files.

    In this task, you use the dnf config-manager command to disable the ol8_baseos_latest and ol8_UEKR6 repositories.

    sudo dnf config-manager --disable ol8_baseos_latest ol8_UEKR6

  3. (Optional) Even though you explicitly disabled repositories using dnf config-manager, remaining entries in the respective repository .repo files might be enabled. If you want yum operations to ignore these files and update clients with only the repositories you select, you can:

    1. Change directories to /etc/yum.repos.d.

      cd /etc/yum.repos.d/

    2. Change the .repo extention of oracle-linux-ol8.repo and ol8_UEKR6.repo.

      sudo mv oracle-linux-ol8.repo oracle-linux-ol8.disabled
      sudo mv uek-ol8.repo uek-ol8.disabled

      You can enable repositories using the dnf --enablerepo command option.

  4. Create a local, local-ol8.repo, file in the /etc/yum.repos.d/ directory. This creates a new empty file.

    1. To create:

      sudo vi local-ol8.repo

    2. Add the following entries to the repository file.

      [local_ol8_baseos_latest]
name=Oracle Linux 8 BaseOS Latest ($basearch)
baseurl=http://local-ol8.pub.linuxvirt.oraclevcn.com/repo/OracleLinux/OL8/baseos/latest/$basearch/
gpgkey=http://local-ol8.pub.linuxvirt.oraclevcn.com/repo/OracleLinux/OL8/UEKR6/$basearch/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol8
gpgcheck=1
enabled=1

[local_ol8_UEKR6]
name=Latest Unbreakable Enterprise Kernel Release 6 for Oracle Linux $releasever ($basearch)
baseurl=http://local-ol8.pub.linuxvirt.oraclevcn.com/repo/OracleLinux/OL8/UEKR6/$basearch/
gpgkey=http://local-ol8.pub.linuxvirt.oraclevcn.com/repo/OracleLinux/OL8/UEKR6/$basearch/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol8
gpgcheck=1
enabled=1

  5. Test the configuration.

    1. Use the dnf command to clear the yum metadata cache.

      sudo dnf clean metadata

    2. Use the command dnf repolist to verify that ol-client lists the relevant repositories.

      sudo dnf repolist

For More information

For an additional video and labs on DNF, see:

SSR