7.6. Creating an Enterprise Repository
In Chapter 2, you learned about patch management on RHEL computers. The Red Hat Network Proxy Server is an effective way to cache RPMs for multiple RHEL systems. However, some administrators prefer standard tools, such as apt and yum.
In this section, we'll show you how you can configure a yum-based repository from packages downloaded using the Red Hat Update Agent. If you want to use update other RHEL clients from this repository, you may be required by contract to have valid subscription for each of these clients, even if the packages are covered by an open source license.
Do not use this book to update RHEL systems unless they have a current, valid subscription.
A working RHEL repository requires a combination of the existing installation packages, as well as the updates available over the Red Hat Network. When combined, you'll have a set of packages that includes all the dependencies you might need.
The repository creation process on an RHEL system requires four basic steps:
Depending on the channels you want to mirror, this process may require 2GB or more of downloads. If you have only one or two RHEL systems, you may find this process not to be worth the trouble. However, if you have several dozen RHEL systems, this might save you time and bandwidth.
If you have a substantial number of RHEL systems, you should consider the Red Hat Network Proxy Server described in Chapter 2. However, if you prefer standard tools, such as yum, and have the authorized Red Hat subscriptions for the RHEL clients on your network, you the approach taken in the following sections is a viable alternative.
If you're working with a RHEL rebuild distribution, it's best if you use the patch management tool (yum or apt) configured for that distribution. Then you can keep it up to date by synchronizing your repository with that available from the mirror of your choice.
7.6.1. Creating a RHEL Update Repository
In Chapter 2, you learned to use the Red Hat Update Agent to update RHEL systems. With the right configuration, you can save the updated RPMs as an RHEL update repository. There are several basic steps in this process:
Assign Desired Channels from the Red Hat Network
First, log into the Red Hat Network. Make sure your system is subscribed to the channels from which you want to create your repository.
As shown in Figure 7-5, you can configure your system with available channels, assuming that you have allowed subscriptions to that channel. To find your currently allowed subscriptions, click Channels on the top bar, then click Channel Entitlements on the left pane. Assign the channels of your choice, and then click Change Subscriptions. If you see the following error message, you may need additional subscriptions:
Figure 7-5. Assigning RHEL Channel Subscriptions
The assignment would exceed your allowed subscriptions in one or more channels
To confirm your channel assignments, log into the computer that you intend to use as the repository. The following command should return the channels that you've assigned:
Based on Figure 7-5, the channels that you should see are as follows:
rhel-i386-as-4 rhel-i386-as-4-extras rhel-i386-as-4-hwcert rhel-i386-as-4-sdk rhn-tools-rhel-4-as-i386
Configure the Update Agent to Keep Downloaded RPMs
Log into the computer that you intend to use as a repository. Updated RPMs are stored by default in the /var/spool/up2date directory. Make sure that updated RPMs are not deleted. To do so, run the up2date-config command. You'll see the screen shown in Figure 7-6.
Figure 7-6. Configuring the Update Agent to keep RPMs
If you're in the GUI, you might need to run the up2date-config --nox command to access the options shown in Figure 7-6.
Enter option 17 (the option number may vary). This is associated with the "keepAfterInstall" variable. If set to yes, packages which are downloaded remain available in /var/spool/up2date after they're installed. The next time you download packages from the Red Hat Network, packages will be stored in that directory, and they won't be deleted.
You may also want to disable automatic updates to the up2date RPM, which is usually the option before keepAfterInstall. Any updates to up2date substitutes the default settings in /etc/sysconfig/rhn/up2date. If the up2date RPM is upgraded, you can restore your custom settings from the up2date.rpmnew file in the same directory. Just be aware, if you disable updates of up2date, updates will be disabled the next time there's a new version of up2date available.
Configure the Repository with Appropriate Partitions
As you've seen throughout this book, repositories require gigabytes of space. It often makes sense to configure repositories in separate partitions. For the purpose of this repository, I've configured /var/spool/up2date on a new partition or logical volume.
For details on how you can configure a new partition, refer to any good basic book on Linux administration, including Linux Administration Handbook by Evi Nemeth, Garth Snyder, and Trent Hein (Upper Saddle River, NJ: Prentice Hall, 2002) or Mastering Red Hat Enterprise Linux 3 by Michael Jang (Alameda, CA: Sybex, 2004). If you want more information on these commands or settings, refer to that book. If you have free space on an available partition, you can assign it to /var/spool/up2date. One method would use the following steps, which assume that you've added a new hard drive. The steps may vary widely depending on the hard drive and whether there are existing partitions on that drive.
Download Desired RPMs from the Repository
Now you can download the desired RPMs from the Red Hat Network. You can download just the updates, but because of dependencies, those might not be enough. Therefore, download all available RPMs from the Red Hat Network channels to which you subscribe. This is a multi-step process. With the following command (which specifies a RHEL 4 Workstation channel), you can download the RPMs from your desired channel not currently installed on your system. Shortly, you'll add RPMs from your installation CDs.
up2date -d --installall --channel=rhel-i386-ws-4
There is no separate updates repository on the Red Hat Network. New packages are incorporated into existing channels. Therefore, this command downloads all packages you do not have installed, including any updated RPMs.
Naturally, because there are around 2GB of data on RHEL installation RPMs, the download may be extensive. Depending on the speed of your connection, you may need to wait several hours for downloads. One example is shown in Figure 7-7.
Figure 7-7. Downloading updates
Add RPMs from the Installation CDs
Now you should add the RPMs from the RHEL installation CDs. If you have the physical CDs, the mount command is elementary. If you have the ISO files (as I do), the mount command requires a small trick. For example, when I've stored the ISOs on my /mnt/test partition, I can mount the first RHEL ISO with the following command:
mount -o loop /mnt/test/RHEL4-i386-AS-disc1.iso /media/cdrecorder
You can then copy the RPMs to the /var/spool/up2date directory with the following command:
cp -ar /media/cdrecorder/RedHat/RPMS/* /var/spool/up2date/
Naturally, when the process is complete with the first CD, you'll want to unmount and repeat the process with the other RHEL CDs until you've copied all available RPMs to the /var/spool/up2date directory.
7.6.2. Yummifying the RHEL Update Repository
After you've configured the files you need in the RHEL repository, you can set it up as a yum repository. As described earlier in this chapter, this requires the yum-arch or createrepo commands, depending on your distribution. The createrepo package was adapted for Fedora Core 3. Because RHEL 4 was built from Fedora Core 3, we'll use this package to "yummify" this repository.
If you haven't already done so, install the yum and createrepo RPMs. As discussed earlier in this chapter, they are not currently available from RHEL 4 channels. However, compatible versions are available from Fedora Core 3 repositories. Download guidelines are described earlier in this chapter.
Now you can yummify your repository with one of the following commands, whichever is appropriate to your distribution:
yum-arch /var/spool/up2date createrepo /var/spool/up2date
If successful, you'll find headers/ or repodata/ subdirectories in the /var/spool/up2date directory. I've used the second command on my RHEL 4 system, with downloaded updates and installation RPMs that I've just described.
7.6.3. Sharing the RHEL Repository
Now you can share the RHEL 4 repository that you've just created. You can configure the Apache or NFS servers described earlier. Unfortunately, as described earlier, the vsFTP service does not follow symlinks, for the security reasons described earlier. In this case, we'll configure the server that we did not configure before, the Apache Web Server. We won't go into detail on how to configure Apache on your system; we'll just create a basic configuration that you can use for a RHEL repository.
If you want more information on how you can configure Apache on RHEL, there are many excellent books available, including Apache Administrator's Handbook by Rich Bowen (Indianapolis, IN: Sams Publishing, 2002).
In this case, I've just installed the httpd RPM package on RHEL 4. To make sure it works, start the daemon with the following command:
If you see a message related to "Could not determine the server's fully qualified domain name," do not be concerned. There is no URL specified in the default version of the Apache configuration file, httpd.conf, in the /etc/httpd/conf directory.
Test the result. If you're on the computer with the repository, open a browser and navigate to 127.0.0.1. If the service is working, you'll see the Red Hat Enterprise Linux Test Page. Test the result on a remote computer. I've configured the repository computer with an URL of yum.example.com, and therefore can navigate to that URL to see the same test Web page.
By default, Apache files on this distribution are stored in the /var/www/html directory. You already have a repository in the /var/spool/up2date directory. To allow apache to work with the repository, you need to link directories. One method is with the following command:
ln -s /var/spool/up2date /var/www/html/up2date
If everything goes right, you should be able to navigate to the up2date/ directory on the Apache server. In my case, I've navigated to http://yum.example.com/up2date/. However, that doesn't work at first. I've started with the default RHEL 4 Apache configuration file. For more information, see the error_log in the /var/log/httpd directory. The key error message from this file is
Directory index forbidden by rule: /var/www/html/
To address this issue, I've modified the messages associated with the Apache root directory. The default configuration file includes the following stanza about 25 percent of the way into the file:
<Directory /> Options FollowSymLinks AllowOverride None </Directory>
The Options directive you need is Indexes, which leads me to substitute the following command line:
Options Indexes FollowSymLinks
Now, you can try the desired URL again. You should see a result similar to Figure 7-8, with a list of files linked from the /var/spool/up2date repository.
Figure 7-8. A RHEL 4 yum Repository
Naturally, you can also share /var/spool/up2date with an NFS server by using the techniques described earlier in this chapter.
7.6.4. Configuring Updates to the RHEL Repository
After you've added the packages you need to /var/spool/up2date, it is up to you to maintain that RHEL repository. While the Red Hat Network does not include a rsync server, the effect from updates is essentially the same. You can repeat the same commands described earlier, and only new packages are downloaded. However, obsolete packages are not removed from the local mirror.
However, if you've copied all of the installation files to the /var/spool/up2date directory, this is not necessary. You just need the updated RPMs, which are available with the following command:
If you want to keep using /var/spool/up2date, make sure that you never restore the defaults associated with the Red Hat Update Agent. Otherwise, the updated RPMs would be deleted after the next update. (You may also want to disable upgrades to the up2date RPM, as described in an earlier note.)
7.6.5. Configuring Clients to Use the RHEL Repository
Naturally, if you've created a repository on a RHEL computer, you may want to use it for that computer. You've already downloaded and installed the yum RPM package. You can now create a configuration file in the /etc/yum.repos.d directory similar to those you've created in Chapter 6. In this case, the repository is local; therefore, you can specify the file:/// (that's three forward slashes) label described earlier to point to the /var/spool/up2date directory.
For example, I've entered the following in the local.repo file in the /etc/yum.repos.d directory:
[local] name=Mike's local RHEL 4 repo baseurl=file:///var/spool/up2date gpgcheck=1 enabled=1
Now I can use the yum commands described in Chapter 6 to update the system with the repository. Naturally, you can configure other RHEL 4 clients to use the same repository. Based on the Apache server configured earlier, I've modified the aforementioned local.repo file accordingly:
[local] name=Mike's local RHEL 4 repo baseurl=http://yum.example.com/up2date gpgcheck=1 enabled=1