Mirror a Yum Repository on Oracle Linux

Introduction

The task of mirroring a yum repository holds multiple benefits. These include the following:

Provide access to Yum repositories for systems without access to a public network
Improve software download times and reduce the bandwidth overhead of a large infrastructure
Configure local network-based installation strategies
Catering for a snapshot style update strategy where performing testing against a controlled software distribution environment

This tutorial shows how to mirror a yum repository to access to local, offline, or distributed systems.

Objectives

In this tutorial, you'll learn how to:

Prepare a system to host the repository mirror
Install and configure a web server
Download and create a local repository
Configure a system to access the repository mirror

Prerequisites

Two Oracle Linux systems, one for the server and the other as a client
Each system should have Oracle Linux installed and configured with:
- A non-root user account with sudo access
- Access to the Internet
Storage with enough free space to contain the repository mirror

Deploy Oracle Linux

Note: If running in your own tenancy, read the linux-virt-labs GitHub project README.md and complete the prerequisites before deploying the lab environment.

Open a terminal on the Luna Desktop.

Clone the linux-virt-labs GitHub project.

git clone https://github.com/oracle-devrel/linux-virt-labs.git

Change into the working directory.
```
cd linux-virt-labs/ol
```

Install the required collections.

ansible-galaxy collection install -r requirements.yml

Update the Oracle Linux instance configuration.

cat << EOF | tee instances.yml > /dev/null
compute_instances:
  1:
    instance_name: "ol-node-01"
    type: "server"
  2:
    instance_name: "ol-node-02"
    type: "server"
passwordless_ssh: true
use_nginx: true
EOF

Deploy the lab environment.
```
ansible-playbook create_instance.yml -e localhost_python_interpreter="/usr/bin/python3.6" -e "@instances.yml"
```
The free lab environment requires the extra variable local_python_interpreter, which sets ansible_python_interpreter for plays running on localhost. This variable is needed because the environment installs the RPM package for the Oracle Cloud Infrastructure SDK for Python, located under the python3.6 modules.
The default deployment shape uses the AMD CPU and Oracle Linux 8. To use an Intel CPU or Oracle Linux 9, add -e instance_shape="VM.Standard3.Flex" or -e os_version="9" to the deployment command.
Important: Wait for the playbook to run successfully and reach the pause task. At this stage of the playbook, the installation of Oracle Linux is complete, and the instances are ready. Take note of the previous play, which prints the public and private IP addresses of the nodes it deploys and any other deployment information needed while running the lab.

Setup the Local Yum Mirror Server

Open a terminal and connect via SSH to the ol-node-01 instance.
```
ssh oracle@<ip_address_of_instance>
```

Check the size of the repositories to mirror.

This command will guide you in estimating the free disk space requirements on the repository mirror server.

sudo dnf repoinfo

The output lists all the enabled repositories and the current space each repository consumes. Pass the repository name as a parameter to display only a single repository.

Oracle Linux 8:

sudo dnf repoinfo ol8_baseos_latest

Oracle Linux 9:

sudo dnf repoinfo ol9_baseos_latest

Example Output:

[oracle@ol-node-01 ~]$ sudo dnf repoinfo ol8_baseos_latest
Last metadata expiration check: 0:00:25 ago on Mon 02 Sep 2024 01:53:34 PM GMT.
Repo-id            : ol8_baseos_latest
Repo-name          : Oracle Linux 8 BaseOS Latest (x86_64)
Repo-status        : enabled
Repo-revision      : 1725036166
Repo-updated       : Fri 30 Aug 2024 04:42:51 PM GMT
Repo-pkgs          : 23,415
Repo-available-pkgs: 23,398
Repo-size          : 70 G
Repo-baseurl       : https://yum.eu-frankfurt-1.oci.oraclecloud.com/repo/OracleLinux/OL8/baseos/latest/x86_64/
Repo-expire        : 172,800 second(s) (last: Mon 02 Sep 2024 01:53:07 PM GMT)
Repo-filename      : /etc/yum.repos.d/oracle-linux-ol8.repo
Total packages: 23,415

The output shows this repository's current size with the value: Repo-size: 70 G. As repositories are dynamic and grow over time, allocate enough space on the mirror server for package storage.

Create the base directory for the local repositories.
```
sudo mkdir -p /u01/yum
```
Install the Yum-utils CLI compatibility package.
```
sudo dnf install -y yum-utils
```
This package provides the necessary tools to create, configure, and manage a local repository.
Install the Apache HTTP server.
```
sudo dnf install -y httpd
```
Link to the base directory for the local repositories.
```
sudo ln -s /u01/yum /var/www/html/yum
```
Change the SELinux context of the base directory.
Oracle Linux requires these steps as it defaults SELinux to enforcing mode.
```
sudo semanage fcontext -a -t httpd_sys_content_t "/u01/yum(/.*)?"
sudo restorecon -RFv /u01/yum
```
The httpd_sys_content_t allows read access but not write access to files labeled with this SELinux type by httpd.

Enable the HTTP server to browse the base directory of the local repository.

Edit the HTTP server configuration file.

sudo sed -i "/^#ServerName www.example.com:80/a ServerName $(hostname -i):80" /etc/httpd/conf/httpd.conf

Verify the HTTP server configuration allows the following of symbolic links.

sudo cat /etc/httpd/conf/httpd.conf | grep "/var/www/html" -A20

The output shows the Options Indexes FollowSymLinks for the mirror base directory location.

Example Output:

[oracle@ol-server ~]$ sudo cat /etc/httpd/conf/httpd.conf | grep "/var/www/html" -A20
DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important. Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

Start and enable the web server.
```
sudo systemctl enable --now httpd
```
Verify the web server service is running.
```
sudo systemctl status httpd
```
The output shows the status as active (running).

Enable incoming HTTP connections through the firewall.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

Sync Repositories to the Local Yum Mirror

Administrators can mirror any repository available on the Oracle Linux yum server, provided the definition exists in /etc/yum.repos.d on the mirror server. This ability includes repositories for mixed clients such as Oracle Linux 9 and Oracle Linux 7. For more details on configuring for hybrid clients, see the Oracle Linux documentation links at the end of this tutorial.

Mirror the designated repository to the base directory.
Oracle Linux 8:
```
sudo dnf reposync --delete --download-metadata -p /u01/yum --repoid ol8_addons
```
Oracle Linux 9:
```
sudo dnf reposync --delete --download-metadata -p /u01/yum --repoid ol9_addons
```
Note: Running this command for the first time takes a while to complete. The selection of the ol8_addons repository in this demo is solely to save time and space when running this lab.
Leaving off the --repoid option mirrors all the mirror system's enabled repositories.
Warning: Ensure enough free space exists on the mirror server if mirroring all the repositories.
See the upstream documentation for the additional options available to the DNF reposync plugin.

Administrators must repeat this command when syncing the latest packages from the Oracle Linux Yum server. Automating this action is possible via scripting and using systemd timers.

Configure Client Access to the Local Mirror

Clients require access to the local repository mirror to receive updates and errata fixes.

Open a terminal and connect via SSH to the ol-node-02 instance.
```
ssh oracle@<ip_address_of_instance>
```

Import the GPG key.

Oracle Linux 8:

sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-ol8
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-ol8

Oracle Linux 9:

sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol9 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-ol9
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-ol9

Use the GPG key specific to your client's OS. See https://yum.oracle.com/faq.html#a10 for more information.

Disable existing repositories.
Oracle Linux 8:
```
sudo dnf config-manager --disable ol8_addons
```
Oracle Linux 9:
```
sudo dnf config-manager --disable ol9_addons
```
This command disables the specific Oracle Linux yum server repository. This repository definition is in the /etc/yum.repos.d/oracle-linux-ol8.repo file, along with several other available repositories. See the Oracle Linux documentation for details on disabling all the repositories and how to ignore them in any DNF operations.

Create a local repository definition file.

Tip: To distinguish the local repositories from the public yum repositories, prefix the names of their entries with a string such as local_.

Oracle Linux 8:

cat << 'EOF' | sudo tee /etc/yum.repos.d/local-yum.repo > /dev/null
[local_ol8_addons]
name=Oracle Linux 8 Addons ($basearch)
baseurl=http://ol-node-01/yum/ol8_addons
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ol8
gpgcheck=1
enabled=1
EOF

Oracle Linux 9:

cat << 'EOF' | sudo tee /etc/yum.repos.d/local-yum.repo > /dev/null
[local_ol9_addons]
name=Oracle Linux 8 Addons ($basearch)
baseurl=http://ol-node-01/yum/ol9_addons
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ol9
gpgcheck=1
enabled=1
EOF

Verify the Client Configuration.

Clear the yum metadata cache.
```
sudo dnf clean metadata
```
Get a list of available repositories.
```
sudo dnf repolist
```
Notice the local_ol8_addons in the list.

List available packages in the repository.

Oracle Linux 8:

sudo repoquery -a --repoid local_ol8_addons

Oracle Linux 9:

sudo repoquery -a --repoid local_ol9_addons

Next Steps

The client's output displays a list of the packages available on the local yum mirror, showing the configuration and sync work. See the Related Links section below for further topics and training around DNF and mirroring repositories.