CentOS Update Server and Local Repository
If you have a large number of CentOS servers, it is probably a good idea to have private update repositories on the local network. If each server has to download the same update over the public network connection, it will waste a lot of bandwidth. Not only will having private repos save network through-put, but there will also be a place to distribute your own custom RPM software packages.
The first thing to do is get a full copy of the release version of the OS from the installation media. Find a mirror that has the DVD image at CentOS isos downloads. Here, we are working with CentOS 5.2 64-bit.
Now let's pull down all the latest updates from a mirror. You can find a good rsync mirror at the CentOS mirror list.
Now that you have a local copy of the install media and all the latest RPMs, they should be shared out via http. For http access to the repo, install apache httpd and edit /etc/httpd/conf/httpd.conf, replacing instances of "/var/www/html" with "/repo". Make sure to update the "DocumentRoot" and "Directory" entries.
We will also have to allow access through the repo server firewall for the local network. Edit /etc/sysconfig/iptables and add in the bellow line before the final DROP statement, substituting in your own subnet.
and reload iptables:
On the systems where we wish to receive updates, we will need to create a .repo file, so our new repositories are used. Substitute in the IP of your own repo server. You may also have to disable the default repo file placed in by the installer, CentOS-Base.repo.
I prefer to use yum via cron and on boot. Enable this with the following:
Notice that there is a "local" repository in the repo config above. This is a directory to hold our own custom RPMs. Any RPMs placed here can be installed via yum on other systems. Once new RPMs are place in, run createrepo to generate the metadata required by yum.
Once there is a working repo server, updates to the repo dirs can be automated
Now the repo will rsync daily with the latest updates. Then your other systems will do a yum-cron and install the updates. Make sure to substitute in your favorite and closest mirror. Enjoy your yum!
The first thing to do is get a full copy of the release version of the OS from the installation media. Find a mirror that has the DVD image at CentOS isos downloads. Here, we are working with CentOS 5.2 64-bit.
# mkdir -p /repo/CentOS/5.2/iso
# cd /repo/CentOS/5.2/iso
# wget -c http://ftp.usf.edu/pub/centos/5.2/isos/x86_64/CentOS-5.2-x86_64-bin-DVD.iso
# mkdir -p /repo/CentOS/5.2/os
# mount -o loop /repo/CentOS/5.2/iso/x86_64/CentOS-5.2-x86_64-bin-DVD.iso /mnt
# rsync -avP /mnt/CentOS /repo/CentOS/5.2/os/
# umount /mntNow let's pull down all the latest updates from a mirror. You can find a good rsync mirror at the CentOS mirror list.
# mkdir -p /repo/CentOS/5.2/updates
# rsync -iqrtCO --exclude="*debuginfo*" --exclude="debug/" rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64 /repo/CentOS/5.2/updates/Now that you have a local copy of the install media and all the latest RPMs, they should be shared out via http. For http access to the repo, install apache httpd and edit /etc/httpd/conf/httpd.conf, replacing instances of "/var/www/html" with "/repo". Make sure to update the "DocumentRoot" and "Directory" entries.
# yum -y install httpd
# vim /etc/httpd/conf/httpd.conf
# chkconfig httpd on ; service httpd startWe will also have to allow access through the repo server firewall for the local network. Edit /etc/sysconfig/iptables and add in the bellow line before the final DROP statement, substituting in your own subnet.
-A RH-Firewall-1-INPUT -s 192.168.1.0/255.255.255.0 -p tcp --dport 80 -j ACCEPT
and reload iptables:
# service iptables restartOn the systems where we wish to receive updates, we will need to create a .repo file, so our new repositories are used. Substitute in the IP of your own repo server. You may also have to disable the default repo file placed in by the installer, CentOS-Base.repo.
# cat /dev/null > /etc/yum.repos.d/CentOS-Base.repo
# vim /etc/yum.repos.d/internal.repo# CentOS base from installation media
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://192.168.1.100/CentOS/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
# CentOS updates via rsync mirror
# rsync://mirror.cogentco.com/CentOS/5/updates/i386
# rsync://mirror.cogentco.com/CentOS/5/updates/x86_64
[update]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://192.168.1.100/CentOS/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
# localy built and misc collected RPMs
[local]
name=CentOS-$releasever - Local
baseurl=http://192.168.1.100/local/el$releasever/$basearch
enabled=1
gpgcheck=0
protect=0
I prefer to use yum via cron and on boot. Enable this with the following:
# yum -y install yum-protectbase yum-updateonboot yum-cron
# chkconfig yum-updatesd off ; service yum-updatesd stop
# chkconfig yum-updateonboot on
# chkconfig yum-cron onNotice that there is a "local" repository in the repo config above. This is a directory to hold our own custom RPMs. Any RPMs placed here can be installed via yum on other systems. Once new RPMs are place in, run createrepo to generate the metadata required by yum.
# mkdir -p /repo/local/el5/x86_64
# mv *.rpm /repo/local/el5/x86_64/
# createrepo -v --update /repo/local/el5/x86_64Once there is a working repo server, updates to the repo dirs can be automated
# touch /etc/cron.daily/update_repo
# chmod +x /etc/cron.daily/update_repo
# vim /etc/cron.daily/update_repo# CentOS updates
echo "####### rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64"
/usr/bin/rsync -iqrtCO --exclude="*debuginfo*" --exclude="debug/" rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64 /repo/CentOS/5.2/updates/
Now the repo will rsync daily with the latest updates. Then your other systems will do a yum-cron and install the updates. Make sure to substitute in your favorite and closest mirror. Enjoy your yum!
'Hacking' 카테고리의 다른 글
| Basic of Reverse Engineering (0) | 2008.11.06 |
|---|---|
| Basic of Reverse Engineering (0) | 2008.11.06 |
| OpenLDAP structure (0) | 2008.10.29 |
| Linux open files (0) | 2008.10.28 |
| Microsoft Urgent Patch (0) | 2008.10.25 |
