How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7, 8 without using Satellite server?

Solution Verified - Updated -


  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Network (RHN)
  • Red Hat Subscription Management (RHSM)
  • reposync


  • What is reposync utility and how to use it?
  • How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7, or 8,8.X without using Satellite server
  • Need to download all packages / rpms from specific channel locally
  • How to make a local repository


RHEL 5,6,7


# mkdir /var/repo
# reposync --gpgcheck -l --repoid=rhel-5-server-els-rpms --download_path=/var/repo --downloadcomps
# cd /var/repo/rhel-5-server-els-rpms
# createrepo -v /var/repo/rhel-5-server-els-rpms
# yum clean all
# yum list-sec
# find /var/cache/yum/ -name *updateinfo.xml*
# mv /var/cache/yum/rhel-5-server-els-rpms/365ae03ca85bb9d3bc509ea9129d1d3fb9a18381-updateinfo.xml.gz /tmp
# cd /tmp
# gzip -d 365ae03ca85bb9d3bc509ea9129d1d3fb9a18381-updateinfo.xml.gz
# mv 365ae03ca85bb9d3bc509ea9129d1d3fb9a18381-updateinfo.xml updateinfo.xml
# cp updateinfo.xml /var/repo/rhel-5-server-els-rpms/repodata/
# modifyrepo /var/repo/rhel-5-server-els-rpms/repodata/updateinfo.xml /var/repo/rhel-5-server-els-rpms/repodata/


Install the required packages

  • Install the "yum-utils" and "createrepo" packages on the registered system.

    # yum install yum-utils createrepo

Create a basic local repository

NOTE: Change <repo-id> to the repository you intend to sync

  • Sync all the packages from a specified repository to a specified directory

    # reposync --gpgcheck -l --repoid=<repo-id>
    for example:
    # reposync --gpgcheck -l --repoid=rhel-6-server-rpms --download_path=/var/www/html
  • In the targeted directory, there will be a new directory named after the Repository ID. All the downloaded packages will be inside this directory.

    # cd /var/www/html/<repo-id>
    # createrepo -v /var/www/html/<repo-id>

Create a local repository that allows clients to use groups

How to download all the metadata for the repository that is being synced which will allow the use of various plugins such as 'yum groupinstall'

  • On RHEL6 and later, reposync supports the --download-metadata and --downloadcomps options. For example:

    # reposync --gpgcheck -l --repoid=repo-id --downloadcomps --download-metadata
    for example:
    # reposync --gpgcheck -l --repoid=rhel-6-server-rpms --download_path=/var/www/html --downloadcomps --download-metadata
  • To have access to the group data for the newly synced repo, please run the createrepo command as follows:

    # cd /var/www/html/<repo-id>
    # createrepo -v  /var/www/html/<repo-id>/ -g comps.xml

Modify the repodata to define which packages are security related.

  • These steps require that the createrepo command has already been run.

    # yum clean all
    # yum list-sec
    # find /var/cache/yum/ -name updateinfo.xml            ##For RHEL 5 use '-name *updateinfo.xml*'
  • From the find command above, identify the updateinfo.xml that matches the <repo-id> that you ran reposync against and move that file into your repodata directory.

    # mv updateinfo.xml /var/www/html/<repo-id>/repodata/updateinfo.xml
    # modifyrepo /var/www/html/<repo-id>/repodata/updateinfo.xml /var/www/html/<repo-id>/repodata
  • How to update security Erratas on system which is not connected to internet ?

Create a local repo with Red Hat Enterprise Linux 8

  • Ensure you have yum-utils-4.0.8-3.el8.noarch or higher installed so reposync correctly downloads all the packages.
  • Sync all enabled repositories and their repodata

    # reposync -p <download-path> --download-metadata --repo=<repo id>

For RHEL 8.X version

-need to create a repo file for 8.x repos since they're not included automatically.

A sample file would look like:

[root@satellite backup]# cat /etc/yum.repos.d/rhel8-mirror.repo
name = Red Hat Enterprise Linux 8.3 for x86_64 - BaseOS (RPMs)
baseurl =
enabled = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
metadata_expire = 86400
enabled_metadata = 1
sslclientcert = /etc/pki/entitlement/xxxxxxxxxxxxxxxxxx.pem
sslclientkey = /etc/pki/entitlement/xxxxxxxxxxxxxxxxxxx-key.pem

name = Red Hat Enterprise Linux 8.2 for x86_64 - BaseOS (RPMs)
baseurl =
enabled = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
metadata_expire = 86400
enabled_metadata = 1
sslclientcert = /etc/pki/entitlement/xxxxxxxxxxxxxxxxxxx.pem
sslclientkey = /etc/pki/entitlement/xxxxxxxxxxxxxxxxxxxx-key.pem

[root@satellite backup]# reposync -r rhel-8.3-for-x86_64-baseos-rpms
rhel-8.3-for-x86_64-baseos-rpms | 4.1 kB 00:00:00
rhel-8.3-for-x86_64-baseos-rpms/group | 302 kB 00:00:00
rhel-8.3-for-x86_64-baseos-rpms/updateinfo | 543 kB 00:00:01
rhel-8.3-for-x86_64-baseos-rpms/primary_db | 26 MB 00:00:04
No Presto metadata available for rhel-8.3-for-x86_64-baseos-rpms
(1/6704): ModemManager-1.8.0-1.el8.x86_64.rpm | 841 kB 00:00:03
(2/6704): ModemManager-1.10.4-1.el8.x86_64.rpm | 927 kB 00:00:04

-Do replace sslclientkey and sslclientcert with your own cert and key file.


  • createrepo is not required for RHEL 8. reposync will download everything including the repodata.


  • To keep the sync current, for example, cronjobs can be used. The createrepo command supports --update to efficiently update existing repositories.
  • The locally created repository is typically used by other RHEL clients via LAN, for example via HTTP/HTTPS (for example provided by the apache webserver which is part of RHEL), via FTP (i.e. vsftpd) or NFS (nfs-utils package). Share this local repository with the offline systems to update the offline systems.
  • reposync utility can only mirror repositories which the system is entitled to.
  • Related information How do I delete old packages in local repository server?

Root Cause

Red Hat provides a utility called reposync which can be used to download the packages from the CDN. In order to download all packages from a specific channel, the system should be subscribed to that channel. If the system is not subscribed to the required channel then reposync will not be able to download and sync those packages on local system.

Diagnostic Steps

  • createrepo-0.9.9-26.el6.noarch which is part of RHEL6.9GA has an issue regarding --update, refer to bz1434369 for details.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


I am trying to reposync an upstream red hat repository server to a downstream red hat repository server. The goal is to have a local copy of the repos so that clients in a private subnet can use the downstream repo to update.

Is there a guide to do this? or is this configuration not supported?

Happy New Year!

If you find the information in this article not sufficient, the following article may help to solve your request:

  1. Creating a Local Repository and Sharing With Disconnected/Offline/Air-gapped Systems [Master Article]

Best regards,

Could you add link to near to "Accessing multiple repositories without the appropriate, active, subscription of RHEL version on 'single' system is not supported and will be considered as abuse of subscription."? The KCS describe consolidation of RHEL 6, 7, 8 reposync processes into one server with container. And it's appropriate use case. Container cannot consolidate different architectures(Power, Z, ARM..), but I expect "RHEL 6, 7, 8 on x86_64" is enough for many users,.

Can we sync package for Rhel6, Rhel7 , Rhel 8 , from Rhel 8 itself ? or do we need different servers for different version of redhat ?

I may have been mislead on this but based on things I had read a while ago elsewhere, in order for the system to be able to download the packages each version of RHEL 5, 6, 7, and 8 need to have separate repo server running the version of the OS of for that specific repo.

It is not supported to synchronize the content through reposync command for every major release version of the single server. It is recommended to use the separate servers for each major release versions for downloading the packages or synchronizing the contents for the respective release versions because for running reposync commands, it is mandatory to enable the respective release version specific repositories on the servers which may not be possible through standard process for enabling the repositories through subscription-manager commands.

Is it supported to synchronize repositories for every release on the single machine through reposync ?

To do that, you should run some containers. Each container should be based on image of version(6,7,8) of RHEL, and bind a directory with host one to share rpm files.
Run reposync in each of them on subscribed RHEL 8 will work to sync RHEL 6,7,8 repositories. This is standard process for subscription-manager in containers.

For reference, following solution uses docker container to access RHEL 6 repositories from RHEL 7, but you can do basically same thing with podman and RHEL 8.


In case of RHEL 8, re-syncing an existing local copy of a repo by using -n flag with reposync will keep the existing packages?



The -n option tells reposync to only download the latest version of each package it finds. Your existing packages will not be affected. If you want the existing packages to be deleted, there is a "--delete" option which, if used with -n, will only keep the latest versions downloaded.

There is currently an open bug for RHEL 8 reposync and using the "-n" option. If you find a package is missing, you should either download it manually and put it in the repository, or use a full reposync to ensure there is no missing content.

Bug 1833074 - reposync --newest-only does not download the latest package

For those who want to sync content for multiple RHEL versions to one (or more) servers, take a look at my Ansible playbook.

Is it okay to export the local repos from our subscribed system to a repo manager like Spacewalk via apache and provide the chanels to our offline systems??

Thanks! Newbie here

IANAL, but I think we are not doing technically anything here which "verifies if a system is entitled to receive the packages", so if you have a proper subscription for the system. This solution here is purely for technically allowing you to mirror and share repos with RPMs on your network. Whether you download a kernel errata package to your LAN and scp it to multiple systems, or whether you use reposync, or Spacewalk/apache, that makes little difference.

In all of these cases you have by other means to ensure that you are entitled to use these packages on other systems, reposync is not taking care of that. Satellite and subscription manager can do that, I think.

I've noticed the Red Hat 8 reposync processes have changed and the man page indicates there is no need to run createrepo.    

Red Hat 7 Example:   * Run reposync to download the files * Run createrepo to create repomd files

Red Hat 8 Example: * Run reposync * No need to run createrepo and the createrepo binary no longer exists

Issue: When simultaneously running reposync on multiple VM's, the md checksum will not be the same on all VM's When using Red Hat 7, we worked around this issue by using the --simple-md-filenames option to the createrepo command. Is there some similar solution for Red Hat 8?

There's a typo in the instructions: "From the find command above, identify the updateinfo.xml that matches the ???? that you ran reposync against and move that file into your repodata directory." Please fix.

Thanks, fixed. The markup code correctly had <repo-id>, but as it was unqoted the parser had eaten that when rendering the page.

How to sync only the src.rpm packages?

Hi, just use the repo-id of repos containing SRPMS. For RHEL 7 you could find those with the following command:

$ egrep '^\[.*source.*\]$' /etc/yum.repos.d/redhat.repo 

Please note that above example is from a host with Red Hat Developer Subscription for Individuals. So you might see fewer repos when using another subscription.