Creating a local Red hat repository for use within the specific environment.

  • Article

 

We do have an update infrastructure in place by default for Red Hat VMs created from the Platform image on Azure :
Red Hat Update Infrastructure for on-demand Red Hat Enterprise Linux VMs in Azure
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/update-infrastructure-redhat

 

However, we have seen that some customers having large environments choose to manage the updates centrally and in a more granular manner within their organization.
For this, they need to configure a local repository on one of their servers, by downloading the packages from the RHUI.

 

Here is how we can create this local repository on Azure.

Red Hat shares an article below for creating a local mirror :
How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7 without using Satellite server?
https://access.redhat.com/solutions/23016

 

Run the command below on the server where the repo needs to be configured :
yum install yum-utils createrepo

Create the directory to be used for the repo :
mkdir /testrepo

Run the commands below to check the available repos from RHUI :
yum repolist

 

 

Run the command below to sync them locally in the specified directory :
reposync --gpgcheck -l --repoid=rhui-rhel-7-server-rhui-rpms --download_path=/testrepo

Note there are multiple repo ids available. We need to pick the ones needed, and run the command multiple times if required.

We can download all the packages locally from RHUI using this method.

 

Note :

The packages get updated in RHUI every day and every few hours, and these would need to be synced on the local repo too.
Hence, we may determine an interval as practical for the environment and sync them locally at a appropriate frequency.

 

Once the local repository is ready, this may need to be accessible over a shared url.

We can use FTP or https share for this.

Steps for FTP below :

Install vsftpd package :
yum install -y vsftpd*

Edit the configuration file to have the content below :
vi /etc/vsftpd/vsftpd.conf

#Disable anonymous user Access to secure FTP server
anonymous_enable=NO
Allow local users to login in vsftpd.
local_enable=YES
Enable write access to local users.
write_enable=YES
Uncomment the line chroot_local_user
chroot_local_user=YES
Enable writable chroot.
allow_writeable_chroot=YES

systemctl restart vsftpd.service
systemctl enable vsftpd.service

Apply SELinux context to ftp directory :

semanage fcontext -a -t public_content_rw_t "/<directory>(/.*)?"
restorecon -R /<directory>
setsebool -P ftpd_anon_write 1 OR on

chown ftp /<directory>

The client would be able to access the share using url like below :
ftp://ftp.example.com/path/