RHEL – local repository

For one of my clients we were deploying 12 Red Hat Enterprise Linux servers. The client has quite strict security rules, therefore patch management via RH Network was not an option. RHN proxy server or Satellite server was out of project budget. At the end I created a central RHEL local repository. We dedicated another RHEL server just for this purpose (thanks to virtualization friendly Red Hat licensing).

1. Install minimal RHEL installation
2. Dedicate one harddrive for the repository packages
3. Disable SElinux for httpd (in /etc/selinux/targeted/booleans)
   httpd_disable_trans=1
4. Allow access to these two sites on the outgoing firewall:
   209.132.183.44  xmlrpc.rhn.redhat.com
   92.122.186.196  content-xmlrpc.rhn.redhat.com
5. Register the installation by running rhn_register and typing registration info
6. Mount the repository harddrive into /opt/repository
7. Download the repository for the first time:
   yum install yum-utils
   yum install createrepo
   reposync -p /opt/repository/ –repoid=rhel-x86_64-server-5 –l
   createrepo /opt/repository
8. Create script to update the repository: /usr/local/bin/update-repository.sh
   echo Update script started at $(date) >> /var/log/update-repository.log
   reposync -p /opt/repository/ –repoid=rhel-x86_64-server-5 -l -n
   createrepo /opt/repository/
   echo Update script ended at $(date) >> /var/log/update-repository.log
9. make it executable: chmod +x /usr/local/bin/update-repository.sh
10. add it to crontab to run every day at 00:15: crontab -e
    15 0 * * * /usr/local/bin/update-repository.sh > /var/log/update-repository-result.log
11. share the repository via http:
    ln -s /opt/repository/ /var/www/html/create:
    /etc/httpd/conf.d/repository.conf
    <Directory “/var/www/html/repository”>
    Options Indexes +FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>

12. Set up /etc/yum.repos.d/repository.repo on all RHEL clients:
    [repository]
    name=Red Hat Enterprise Linux $releasever – $basearch
    baseurl=http://<URL of the local repository server>/repository
    enabled=1
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat

13. Disable RHN on all clients but the local repository: /etc/yum/pluginconf.d/rhnplugin.conf
    
    [main]
    enabled = 0
    gpgcheck = 1[rhel-i386-server-5]
    enabled = 0  

Openfiler running from 2GB SD card

I am building my home lab for VMware vSphere testing. To use advanced features vSphere offers external storage is a must. There are many options. My choices were to buy NAS (my favorite is Iomega StorCenter ix4-200d which is even on vSphere HCL), use my file server linux box with NFS exports or build an open source NAS that supports iSCSI. vSphere supports NFS, so standard linux with NFS-kernel-server is an option, however you cannot use vStorage thin provisioning. I needed flexibility, which buying NAS would not offer (5×1 TB RAID5 for my files and 2x 500GB RAID1 for vSphere) and so decided to change my file server into an Openfiler appliance. This way I could still use it as file server with samba shares for my Windows station and also as iSCSI storage for vSphere ESX 4 hosts. To maximize the number of disks I could put into the box I decided to boot it from SD card. Unfortunately that is not an easy task. There are many guides on the Openfiler forum, however at the end I came up with my own solution with the help of VMware Workstation.

• Download ISO from here
• Create VM in Workstation with similar setup as the physical machine that will be used for Openfiler. In my case with 2 GB HDD, 2 GB RAM and 3 e1000 NICs.
• Install Openfiler with linux text expert option
• Select Druid partitioning option and make these partitions:

/boot	100 MB EXT2
/	1200 MB EXT2
/var	512 MB EXT2
	No swap!

• After installation, log in via web interface  and update Openfiler. Use background update. It takes some time. Reboot.
• Before moving the installation to SD card we must add USB storage drivers to boot image:

cd /boot
mv initrd-2.6.29.6-0.6.smp.gcc3.4.x86_64.img initrd-2.6.29.6-0.6.smp.gcc3.4.x86_64.img.old
mkinitrd –preload ehci-hcd –with usb-storage initrd-2.6.29.6-0.6.smp.gcc3.4.x86_64.img 2.6.29.6-0.6.smp.gcc3.4.x86_64

• Edit the fstab options to protect the limited writes of SD card with noatime option and moving some folders to ramdrive

nano /etc/fstab

LABEL=/                 /                       ext2    defaults,noatime        0 0
LABEL=/boot             /boot                   ext2    defaults,noatime        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620          0 0
tmpfs                   /dev/shm                tmpfs   defaults,noatime        0 0
/proc                   /proc                   proc    defaults,noatime        0 0
/sys                    /sys                    sysfs   defaults,noatime        0 0
LABEL=/var              /var                    ext2    defaults,noatime        0 0
tmpfs                   /tmp                    tmpfs   defaults,noatime        0 0
tmpfs                   /var/tmp                tmpfs   defaults,noatime        0 0

• Do any additional customizations (admin password, NIC setup, etc.)
• Once we are done we can transfer the image to SD card. For that I used another linux VM with Debian. I added the VMDK disk from Openfiler VM and plugged in SD with physical access to Debian VM (little icon in the right corner of VMware Workstation – Disconnect from Host).
  • With fdisk create /boot / and /var partitions same size and filesystem as in Openfiler install
  • copy boot partition with dd (/dev/sdb is Openfiler disk, /dev/sdd is SD card

dd /dev/sdb1 /dev/sdd1

• copy the rest with cp

mkdir /mnt1
mkdir /mnt2
mount -t ext2 /dev/sdb2 /mnt1
mount -t ext2 /dev/sdd2 /mnt2
cp -a /mnt1 /mnt2
umount /mnt1
umount /mnt2
mount -t ext2 /dev/sdb3 /mnt1
mount -t ext2 /dev/sdd3 /mnt2
cp -a /mnt1 /mnt2
umount /mnt1
umount /mnt2

• label the partition so they can be mounted properly

e2label /dev/sdd1 /boot
e2label /dev/sdd2 /
e2label /dev/sdd3 /var

• We are done. Now the SD card is ready to be inserted into the physical Openfiler machine.