Results 1 to 2 of 2

Thread: YUM Multi-Repository setup

Hybrid View

  1. #1
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882

    YUM Multi-Repository setup

    by elovkoff
    (Transferred from the wiki by Peter)

    Objective: Our Company has 5 geographical sites. 3 of them have Linux sevrers. Linux versions deployed are - Red Hat 9, Red Hat 7.3. We need to have a security infrastructure in place that will allow us to:

    • Download security updates from the internet to the single repository
    • To update all company Linux sevrers over the private network from that repository

    Solution: Install YUM on Fedora Core 2 to serve as the dedicated central repository. Configure the rest of the Linux servers as the clients for that repository.
    Requirements:- Lots of space (Base RPMS for RH7.3 and RH9 take up to 5G, update RPMS can take up to 1.5G). I have a 36G Hard drive just in case, who knows maybe some day we'll through in some other distros into our network - My setup runs on P4 256RAM PC-class box, I'm sure though that PIII will do the job as well. - Wget should be installed in order for download script to function

    Implementation: The following was configured in order for this to work in production environment:

    Note:
    The configuration here explains how to configure everything to run with root user, it is the easiest way but not the most secure - if you're interested in setting it up under the regular user credentials - just follow the link provided for yum_repository.sh script late; this kind of a set up is a bit out of scope of this document I've decided to use Fedora Core 2 as it comes built in with yum and most of the articles I've found on the Internet are fc2-related.

    SERVER CONFIGURATION:


    1. Install dedicated server for YUM updates. Nothing special here as FC2 comes with yum RPM built in.
    2. Make sure you install httpd (web server) as it will provide updates - clients will request its URL in order to get the update. a. Create the directory structure for updates you need i. cd /var/www/html ii. mkdir -p yum/redhat/9 (under 9 create 2 directories - -base- and -updates- iii. Same structure needs to be created for 7.3 - under yum/redhat create the 7.3 directory, under which -base- and -update- directories should be created. b. Copy the base RPMS - you can either download it off the Internet or you can simply copy them form the installation CDs - I copied them from the CDs. cp /mnt/cdrom/RedHat/RPMS/* /var/www/html/yum/redhat/9/base You should copy them to the -base- directory of every distro you want to have a repository for. After that you should create the headers for the base repository - run the following command while located in -base- directory: yum-arch . (-.- Here means -this directory- and not the end of the sentence J Remember - this should be done for every repository you configure.
    3. Copy the yum_repository.sh script to some directory on your server (I've placed it in /usr/bin). This script allows you to: a. Download security updates from the internet b. Download updates for specific Linux OS versions and place it in a different repositories c. Perform GPG checks of the downloaded packages Yum_repository.sh script can be obtained from here (as well as another how-to for setting up YUM) http://www.fedoranews.org/alex/tutorial/yum/1.shtml Configure the script according to your needs.


    There are a couple of things worth mentioning regarding this script:


    • I had problems performing the gpg checks for signed packages so I had to disable this feature: Look for the following line in the script YUM_ARGS="-c" and comment it out. The way to figure out you if have problems with gpg checks - start the script and then look in the /tmp/yum_repository.log for the errors or simply grep this file for -Problem with gpg-. You can always enable gpg checks on the client side by specifying -gpgcheck=1- in the yum.conf file. Another indication that the script with this setting didn-t run is that first time you download updates it should create -headers- directory; when there is a problem with gpg checks it will not create this directory.
    • In order for this script to run under root you should disable ID checks in the script - you should comment out some lines in the script: (see example)

    Code:
    #[ 1$(/usr/bin/id -u) -eq 10 ] && {
      # # /bin/echo " Why running this as superuser? Try as a normal user and check"
      # /bin/echo "
      # write permissions to local repository directories."
      # /bin/echo "
      # Exiting.."
      # exit 1
      #}


    • When you configure mirror directories and update directories make sure they start with correct numbering [0] - if the first starts with [1] then it would not work Also - if the first one starts with correct value [0] but the second has [2] then download for [2] would not work. The numbering should be consequential. 4. Basically this script does 2 things: a. Downloads what you say it should download and place it according to your settings b. After download has been executed it runs yum-arch for the downloaded stuff to create the rpm headers. After the correct script execution you should see pretty much the following in the yum_repository.log file:

    Code:
    ...
      # Download complete for http://distro.ibiblio.org/pub/linux/distributions/fedora/linux..
      # Yum-arch started: Thu Feb 19 00:43:19 BRT 2004
      # Yum-arch complete for /var/ftp/pub/linux/fedora/1/updates/
    ACTUAL script config: After the script tweaking you should actually specify where it will take updates from. Here is what I have specified in my script:
    Code:
    # Red Hat Updates Mirror - RH9
      MIRROR_URL[0]="http://download.fedora.us/fedora/redhat/9/i386/yum/updates/"
        MIRROR_DIR[0]="/var/www/html/yum/RedHat/9/updates" 
    
      # Red Hat Updates Mirror - RH7.3
      MIRROR_URL[1]="http://download.fedoralegacy.org/redhat/7.3/updates/i386/"
      MIRROR_DIR[1]="/var/www/html/yum/RedHat/7.3/updates"
    That should get you going with this script.
    If script runs successfully you can specify the cron entry for this script to be scheduled. In order to execute it every 6 hours specify the following in the cron file:
    Code:
    1 */6 * * * /usr/bin/yum_repository.sh
    (or whatever the location of your script is)
    BASICALLY, we are done with the server part, now we have to configure the clients to get the updates form the server.

    CLIENT CONFIGURATON:

    1. Install yum rpm on the client servers/stations. Yum rpms for 9 and 7.3 red hat versions are available on www.fedoralegacy.org site. 2. Configure yum.conf located in /etc. You should point it to the YUM sevrer you have just installed. Let-s say the IP address of the YUM sevrer you have just installed is 10.0.84.95. Then yum.conf file should look like that:
    Code:
    [root@blgftp1 root]# cat /etc/yum.conf
       
      [main]
      cachedir=/var/cache/yum
      debuglevel=2
      logfile=/var/log/yum.log
      pkgpolicy=newest
      distroverpkg=redhat-release
      tolerant=1
      exactarch=1
      retries=20
       
      [base]
      name=Red Hat $releasever - $basearch - Base
      baseurl=http://10.0.84.95/yum/RedHat/9/base
       
      [updates-released]
      name=Red Hat $releasever - $basearch - Released Updates
      baseurl=http://10.0.84.95/yum/RedHat/9/updates
    3. After that you can start using the updates with -yum update- command. In the case you want to schedule this command and answer -yes- automatically to yum questions asked during the update then you should use yum -y update command.

    LOG ROTATION SETTINGS

    You might want to rotate yum_repository.log as it can grow, in order to rotate it place the following in the /etc/logrotate.conf
    Code:
    /tmp/yum_repository.log {
      compress
      nomail
      missingok
      notifempty
      rotate 2
      size 2M
      }

  2. #2
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    SOME COMMENTS REGARDING THE USAGE:
    a) If you want to see which rpm have been updated during the update then check the logfile=/var/log/yum.log. This file gets populated only if the update is successful; otherwise it will be blank (if this is the first time) or will have no entries for the failed update. b) If you want to redownload the headers from the server then remove all subdirectories under /var/cache/yum and re-initiate the update. Actually the easiest way to do that is to run -yum clean- c) If you want to use updates automatically then you should schedule cron with yum -y update command d) In the case when server/station gets updated for the first time and there LOTS of updates to be applied - sometimes the update gets stuck on the glibc update. In this case just reboot the box and reinitiate the update. e) Yum notifications regarding the success/failure of the update - could not find the info regarding that
    SOME ERRORS ENCOUNTERED DURING THE YUM UPDATE:
    1. -segmentation fault- errors during the client update - remove subdirectories under /var/cache/yum and try again 2. -identical dependency loop exceeded- during the client update - usually it complains about specific package. Uninstall this package if you don-t need it and run the update again, or uninstall/reinstall this rpm if you need it and then run the update 3. Error: MD5 Signature check failed for /var/cache/yum/731server/packages/gnumeric-1.0.5-3.i386.rpm You may want to run yum clean or remove the file: /var/cache/yum/731server/packages/gnumeric-1.0.5-3.i386.rpm Exiting. - In this particular case it has nothing to do with MD5 - it is an indication that /var partition ran out of space. Solution - in yum.conf point the -cachedir = - to the directory on other partition that has more space. I've created /home/yum for that matter.
    CREATING CUSTOMIZED YUM PACKAGES:
    If you have lots of client machines and you don-t want to edit yum.conf manually then you can try the following solution to hardcode the settings into the yum rpm for clients:
    Example is for Fedora yum package but you can do the same for other distros. a) Get the source RPM (SRPM) from either your CD or the Fedora Download Server (or your friendly neighborhood mirror, of course). The package you want is yum-2.0.7-1.1.src.rpm. As root, install this package with the command rpm -i yum-2.0.7-1.1.src.rpm. b) RPM sources are kept in the /usr/src/redhat folder, with the source files in SOURCES and the spec files in SPECS. You need to edit both the default yum.conf file and the yum.spec file. First, edit /usr/src/redhat/SOURCES/yum.conf.fedora. Next, edit /usr/src/redhat/SPECS/yum.spec, changing the line:
    Release: 1.1
    to:
    Release: 1.2
    This change gives our customised RPM precedence over the stock one. Now you can build the RPM with the command
    rpmbuild -ba /usr/src/redhat/SPECS/yum.spec.
    The resultant RPM is stored in /usr/src/redhat/RPMS/noarch, and can be installed with the command
    rpm -U /usr/src/redhat/RPMS/noarch/yum-2.0.7-1.2.noarch.rpm.

Similar Threads

  1. Add a mirror to a repository
    By ossandu in forum Linux - Software, Applications & Programming
    Replies: 5
    Last Post: 09-02-2009, 05:34 AM
  2. Yum Repository Baseurl
    By manoj.rhce in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 12-25-2008, 05:32 AM
  3. Multi-service; multi IP NIC; firewall: 3 questions
    By Dark Horse in forum Security
    Replies: 0
    Last Post: 07-08-2007, 07:39 PM
  4. Nyquist's RH 9 repository
    By Scott_Tiger in forum Linux - General Topics
    Replies: 2
    Last Post: 05-20-2003, 01:50 AM
  5. Multi system setup
    By Kernel_Killer in forum Linux - Software, Applications & Programming
    Replies: 8
    Last Post: 03-08-2003, 09:12 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •