For one of my clients we were deploying 12 Red Hat Enterprise Linux servers. The client has quite strict security rules, therefore patch management via RH Network was not an option. RHN proxy server or Satellite server was out of project budget. At the end I created a central RHEL local repository. We dedicated another RHEL server just for this purpose (thanks to virtualization friendly Red Hat licensing).
- Install minimal RHEL installation
- Dedicate one harddrive for the repository packages
- Disable SElinux for httpd (in /etc/selinux/targeted/booleans)
httpd_disable_trans=1 - Allow access to these two sites on the outgoing firewall:
209.132.183.44 xmlrpc.rhn.redhat.com
92.122.186.196 content-xmlrpc.rhn.redhat.com - Register the installation by running rhn_register and typing registration info
- Mount the repository harddrive into /opt/repository
- Download the repository for the first time:
yum install yum-utils
yum install createrepo
reposync -p /opt/repository/ –repoid=rhel-x86_64-server-5 –l
createrepo /opt/repository - Create script to update the repository: /usr/local/bin/update-repository.sh
echo Update script started at $(date) >> /var/log/update-repository.log
reposync -p /opt/repository/ –repoid=rhel-x86_64-server-5 -l -n
createrepo /opt/repository/
echo Update script ended at $(date) >> /var/log/update-repository.log - make it executable: chmod +x /usr/local/bin/update-repository.sh
- add it to crontab to run every day at 00:15: crontab -e
15 0 * * * /usr/local/bin/update-repository.sh > /var/log/update-repository-result.log - share the repository via http:
ln -s /opt/repository/ /var/www/html/create:/etc/httpd/conf.d/repository.conf<Directory “/var/www/html/repository”>
Options Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory> -
Set up /etc/yum.repos.d/repository.repo on all RHEL clients:
[repository]
name=Red Hat Enterprise Linux $releasever – $basearch
baseurl=http://<URL of the local repository server>/repository
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat - Disable RHN on all clients but the local repository: /etc/yum/pluginconf.d/rhnplugin.conf
[main]
enabled = 0
gpgcheck = 1[rhel-i386-server-5]
enabled = 0
Can i create a same this for RHEL 6.4
This is excellent manual…. Just a single correction …
–repoid instead of -repoid… Above as single – sing with repoid.
Hi, and thanks for this useful tuto.
To complete this setup, you only need one RHN subscription the one for the repo server, right ?
Yes.