For various reasons, notably security under partitioned networks, a public repository for updates and software installation may not be available to the updater (yum or rpm). An example is if the machine to be updated is not connected to the wider internet for security reasons.
One solution is to create a local, secure repository (which does have internet access) that is updated by a controlled enterprise process (e.g. manually copying files or using internet based yum updates) to which internal elements can connect.
Another solution, much simpler but not scalable, is to manually update all machines by copying the packages to each.
This article explains how to create a local repository for CentOS.
Updating Directly From Package Files
Obtain the packages to be updated or installed from a public and trusted repositor -- in the case of CentOS, the principal is Red Hat. Copy the package to the local machine and run
# yum localinstall <path/to/PACKAGE>
Creating a Local Repository Server
Besides tools to manage a CentOS repository, this needs a service that can serve files, such as FTP or HTTP. We will be using Apache http server.
Start by creating directories where packages will be stored:
# mkdir -p /var/www/html/my_repo
If not there already, install Apache httpd server and confirm it is running:
# yum install httpd
# service httpd start
It should work out of the box. Remember, however:
- to configure the server to your requirements
- to make the directory chosen in the first step readable to the machines that will be using
# chown -R apache:apache /var/www/html/my_repo
# chmod -R 755 /var/www/html/my_repo
Install repository manager tools and create the repository:
# yum install createrepo
# createrepo /var/www/html/my_repo
Obtain the packages that your elements will need to update to and copy them to your repository directory; in this example, it is /var/www/html/my_repo
. Update the repository manager:
# c
reaterepo --update /var/www/html/my_repo
Configuring the Client Machines to use the Local Repository
The machines that are to be updated using your local repository will need to know how to find it and that it should be used. On each of them, create the following file:
# vi
/etc/yum.repos.d/my_repository.repo
[my_repository] name=Company Secure Repository baseurl=http://<ADDRESS>/my_repo enabled=1 gpgcheck=0
where <ADDRESS>
is the IP address or the domain name of your repository (e.g., repository.example.com). There are a number of configurations possible, including signing packages. The configuration file above is a simple example that does not provide any special means of security.
Verify the files can be reached from clients in the repository server with, e.g.,
#
wget http://<ADDRESS>/my_repo/repomd.xml
If this step fails, verify your web server configuration.
Your machines are now ready to be updated using your local repository with the following command:
# y
um --disablerepo="*" --enablerepo="my_repo" install <PACKAGE>
Comments
0 comments
Please sign in to leave a comment.