adding packages to internal repo

Latest response

We have a handful of RHEL 6.5 clients that connect to our internal repository. I'm new to RHEL, so how does the Repo work? Does it maintain a list of available files for our clients? Or does it simply act as a passthrough to ftp.redhat.com for our clients?

If need to make some new ( new versions or new as in not installed ) to my RHEL clients, do I have to actually 'install' them ( yum install cpp.x86_64 ) onto the Repo server? Or is there a holding place of sorts on my repo server that is populated from RH via yum commands? Thanks.

DC
Log in to join the conversation

Responses

DC Community Member 42 points
31 March 2015 8:25 PM

on one of my clients, I noticed a 'pdate' variable keeps getting tossed into the filepath for packages I'm trying to install. I ran a clean and makecache, then went into our cachedir=/var/cache/yum/$basearch/$releasever ( /var/cache/yum/x86_64/6Server/repo ) and found a file called repomd.xml that seems to be getting it pulled in. From where? Our repo server we have in configured in /etc/yum.repos.d ?

The repomd.xml file has the following

<location xml:base="pdate" href="repodata/.....-filelists.xml.gz"

Where is the pdate coming from? Is the repomd.xml file being rebuilt incorrectly?

Mister 513th's picture Active Contributor 223 points
31 March 2015 10:21 PM

Daniel,

I'll describe how I do it for my RHEL 6 hosts on desperate networks. This may be more than you need, but I'll try to describe in detail what happens.

Using a registered RHEL6 server connected to the Internet I use the reposync command (may need to be added separately with yum) to synchronize any and all repositories I need for my servers on other networks - which do not connect to the Internet.

For example I sync the Red Hat repository called "rhel-6-server-rpms" along with the supplementary and optional rhel-6 repositories.

The reposync command, as far as I use it, simply downloads all, or the latest, RPM packages from the respective repos. Once all the packages are downloaded onto the RHEL6 host, I run the createrepo command to build the metadata information which intern turns the directory of RPMs into a useable yum repository. I then rsync those to an external disk so I can transfer the repos to my dedicated repository server which all my RHEL hosts know about (via a custom repo file in /etc/yum.repos.d/mywork.repo for example).

So if I had all my repos in /repo/ on MY repo server then I might do something like this:

createrepo /repo/rhel-6-server-rpms/
createrepo /repo/rhel-6-server-supplementatry-rpms/

Once the createrepo command completes its execution (takes a while), there will be two new sub-diretories in the directory where you placed all your packages. The sub-dirs are Packages/ and repodata/. I mine might look like this

/repo/rhel-6-server-rpms/Packages/
/repo/rhel-6-server-rpms/repodata/
/repo/rhel-6-server-rpms/*.rpms

The nice thing about reposync and createrepo commands are they have "update" features which will download and update only the latest packages since your last sync.

Typically I keep my repo definition files in /etc/yum.repos.d/mywork.repo

You'll see a .repo files from Red Hat in here or you can place custom .repo files here too. You can have one or many repo definitions in a single .repo file.

You can get the idea of how yum and repos work in RHEL by looking up EPEL repository. Which many of use add to our Red Hat hosts to obtain additional pre-compiled packages which Red Hat does not, or cannot, distribute "out of the box". EPEL is supported by the Fedora Group, which if you don't know already is the "Upstream" version of RHEL. So Fedora 21 may burn into RHEL 8 some day, or something like that.

Here's on repo entry in the epel.repo definition file.

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

Hope is is clear enough.

thomas.jones2@dodiis.mil's picture Guru 6435 points
31 March 2015 10:30 PM

The amusing thing here being that you posted, to a Red Hat hosted forum, a method that can also be used to circumvent license/entitlement enforcement that would normally be handled through Red Hat's Satellite product...

PS Guru 6494 points
1 April 2015 11:57 AM

I would have approached this in the same way.

mrepo is probably worth mentioning too.

If you want to patch disconnected hosts and you haven't purchased Spacewalk, what is the Red Hat sanctioned patching process?

thomas.jones2@dodiis.mil's picture Guru 6435 points
1 April 2015 3:02 PM

Not saying it isn't a usable approach ...just that when we've had consultants on site and you mention implementing such a technique, the usual response is something like (hands on ears) "I can't hear this". That said, posting something that can be used to circumvent licensing to a forum maintained by the licensor is probably falls somewhere outside of the list of things the licensor would typically like to see posted on their forums. =)

Though, I imagine if RedHat really cared about end-point enforcement, they'd implement a system that made it much more difficult to accintentionally exceed your entitlement-basis.

I first ran into the "we don't talk about fight-club" response when discussing Satellite with an on-site consultant. At the time, whether you were using Satellite for just Red Hat or to also make repositories for your CentOS, SciLin and other Linux clients, each Satellite-serviced non-RH endpoint consumed an endpoint-management entitlement (even if it didn't consume any other RH product entitlements).

DC Community Member 42 points
1 April 2015 4:54 PM

Chris, thanks much for the help. I may end up going down that route. What I can't figure out is why it seems that my repo files are download to /var/www/html/repo ( which would explain, I guess, why my other linux clients point to him as http://xx.xx.xx.xx/repo ) .

I'm wondering if I shouldn't just start over with a new repo setup as I can't tell how this was originally setup and support has been less than helpful trying to resolve the repomd.xml issue.

CS Active Contributor 167 points
2 April 2015 4:19 PM

Sorry, but we pay a TON of money to RH for support. And the last time I checked RH is not on certain Government Networks, only insecure Internet. We pay for support for every host and vHhost we own, plus some (annual growth). Either customers are honest or not - whether you talk about it or not. Dishonest ones, aren't talking about it openly. We all get audited now don't we? There's a pointy haired boss somewhere looking around. Even if we use Satellite, the method is the same - desperate networks (ones that don't EVER touch the outside world).

Also, since I'm no rocket scientist (obviously), someone who IS dishonest is already doing this method. Hell, why did RH provide reposync in the first place? It's not rocket science. Most people who want to "cheat" would simply use CentOS, which I don't agree with outside of a learning environment. Now that chaps my ass.

I'm sorry, but I don't l like to be accused of something (nor my very hard-working team) when I'm trying to help and share with people who are trying to learn themselves. I guess this is why some people don't bother to participate in the community.

Also, always remember there are different requirements for different organizations outside of yours!

"Community Leader" my butt.

DC Community Member 42 points
2 April 2015 6:23 PM

FWIW, I've been working with support and have not been told what was done before I got into this position, or what I'm trying to fix is 'wrong' or 'illegal'.

So, back to the original question and trying to flesh out a little more from Chris' instructions. If my yum.conf has
cachedir=/var/cache/yum/$basearch/$releasever

Does that mean if I run a reposync, everything is donwloaded to /var/cache/yum/x86_64/6Server ? Are there special options to ensure I'm getting everything? Support said to just start a reposync by itself and let it run and it will grab everything that I don't have and updates to what I already have.

Thinking that /var/cache/yum/x86_64/6Server where it downloads everything to, I then copied/rsync this to my repo location ( ours is /var/www/html/repo ) and then ran createrepo on /var/www/html/repo/rhel-x86_64-server-6 and /var/www/html/repo/rhel-x86_64-server-optional-6 . Didn't take very long at all.

Also found out that we have a repoUpdate.sh script that runs every day.

CS Active Contributor 167 points
2 April 2015 8:51 PM

There's lots of information out there concerning reposync, ironically a lot of info directly coming from Red Hat. Go figure.

I normally only use -r REPONAME -p DESTINATION and sometimes -n for only grabbing the latest packages. It acts similar to rsync.

Here's a good starter doc from Red Hat themselves. https://access.redhat.com/solutions/9892

DC Community Member 42 points
3 April 2015 5:11 PM 
#!/bin/bash

echo "Remove any empty files from the repository directories"
find /var/www/html/repo -size 0 -print0 |xargs -0 rm

echo "Yum clean all to start fresh with yum repos"
yum clean all

echo "Yum check-update to load newest information"
yum check-update

echo "Reposync EPEL"
reposync -p /var/www/html/repo/ --repoid=epel -l

echo "Reposync RHEL SERVER"
reposync -p /var/www/html/repo/ --repoid=rhel-x86_64-server-6 -l

echo "Reposync RHEL Optional"
reposync -p /var/www/html/repo/ --repoid=rhel-x86_64-server-optional-6 -l

echo "Create Repository Update"
createrepo --update /var/www/html/repo

echo "Completed Updating Repository at /var/www/html/repo/"
PS Guru 6494 points
4 April 2015 7:20 AM

If you are going down the path of writing custom scripts to sync a large number of repos, I would recommend checking out mrepo by Dag Wieers

http://dag.wiee.rs/home-made/mrepo/

It works with RHN and does an excellent job of mounting local media (ie. install disks) as repositories as well as syncing from RHN.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.