¶ How to create Rocky Linux 8.x local repository
¶ Phase 1 - Repository sync from a public mirror
¶ Rocky Linux Repository:
Creating a local repository is very useful when you have a lot of servers and downloading from Internet consumes time as well as traffic data. This can also be helpful in situations where servers don't have internet access and are in an isolated environment. We can leverage this local repository to provide all the updates to packages as well as Rocky linux upgrades without ever connecting these servers to internet. We can also save a lot of traffic by pointing all the internal servers to this local repository server.
Pre-requisites:
Storage - 600GB (500GB is the bare minimum recommended by Rocky linux guides, but allocation 600GB would reduce the storage constraints in future)
Rocky Linux team provides a customised script which is hosted on their Github Page. We will be storing all the repo data to /var/www/rocky-linux path. Once you have downloaded the script to your desired path, you need to change the Source Repository URL and Destination path where you will store the repository data. Since we are located in India, we would be using a mirror site near us hosted in Singapore to rsync the repository. Use chmod command to make the script executable. Ex: chmod +x repo-script.sh
Source Repo - rsync://sg.rpmdb.org/rocky
Destination Path - /var/www/rocky-linux
Now its the time to run this script. Make sure you either run this in background or use a tool like screen since downloading 500GB can take a quite amount of time. This script checks if the file list has changed since last run and only runs if the file list has been changed. Additionally, we would also be seeing how to download EPEL Repository for Rocky linux 8.x
¶ EPEL (Extra Packages for Enterprise Linux) Repository:
EPEL repository provides some extra packages needed for Linux and this project is maintained by Fedora. Hence we would also be using a nearest mirror to sync the repository data to our server. EPEL would require another 150-200 GB extra apart from Rocky Linux. This is optional as well and can be ignored if you don't use packages from EPEL in your organization. But EPEL is highly recommended as it has proven to be an essential part for RHEL based distros. For EPEL, we would be using a rsync command and adding the same to a script to run it. Create a logs folder where your epel script is located. We would be storing EPEL rsync logs here, just in case we need those in future for troubleshooting.
#!/bin/bash
rsync -vrlptDSH --delete-delay --delay-updates rsync://repo.extreme-ix.org/epel/8/ /var/www/epel >> "/path/to/your-script/logs/epel.log" 2>&1
Source Repo - rsync://repo.extreme-ix.org/epel/8/
Destination Path - /var/www/epel
Run the above script and preferably use the same method as above to run in background.
¶ Phase 2 - Setting up Apache
Now its time to setup Apache/HTTPD to serve all these files via HTTP/HTTPS depending on your needs. Preferably, HTTP is recommended since HTTPS redirection can sometimes cause repository URLs failing in client machines. Install Apache/HTTPD as per your package manager or any preferred method. Now its time to add two new .conf file named rocky.conf and epel.conf to Apache.
<VirtualHost *:80>
ServerName <YOUR-DOMAIN>
DocumentRoot /var/www/html/rocky/
<Directory "/var/www/html/rocky/">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
rocky.conf
<VirtualHost *:80>
ServerName <YOUR-DOMAIN>
DocumentRoot /var/www/html/epel/
<Directory "/var/www/html/epel/">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
epel.conf
Once these configurations are added you can test your Apache configuration using apachectl configtest
Restart Apache once your are sure the syntax is OK. You can now access all your files using the above domain and directory listing can be seen.
Now its time to configure all client machines to get updates from this server instead of official repository from internet.
¶ Phase 3 - Configuring servers with the local repository
To configure this, we would be using a script, which needs to be run as root on all machines. We would firstly be backing up all the official repositories to /root/repo-backup folder. Then we will be adding both Rocky Linux as well as EPEL repository to these servers and enable them.
You can change the repository backup path in below script and even run as any user who has write access to /etc/yum.repos.d folder
#!/bin/bash
/usr/bin/mkdir -p /root/repo-backup
/usr/bin/mv /etc/yum.repos.d/*.repo /root/repo-backup
/usr/bin/cat << EOF > /etc/yum.repos.d/localrepo.repo
[localrepo-base]
name=RockyLinux BaseOS
baseurl=http://<YOUR-DOMAIN>/\$releasever/BaseOS/\$basearch/os/
gpgcheck=0
enabled=1
[localrepo-appstream]
name=RockyLinux AppStream
baseurl=http://<YOUR-DOMAIN>/\$releasever/AppStream/\$basearch/os/
gpgcheck=0
enabled=1
[extras]
name=Rocky Linux \$releasever - Extras
baseurl=http://<YOUR-DOMAIN>/\$releasever/extras/\$basearch/os/
gpgcheck=0
enabled=1
[epel]
name=Extra Packages for Enterprise Linux
baseurl=http://<YOUR-DOMAIN>/Everything/$basearch
enabled=1
gpgcheck=0
EOF
/usr/bin/cat << EOF > /etc/yum.repos.d/localrepo.repo.disabled
[epel-debuginfo]
name=Extra Packages for Enterprise Linux - Debug
baseurl=http://<YOUR-DOMAIN>/Everything/\$basearch/debug
enabled=0
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux - Source
baseurl=http://<YOUR-DOMAIN>/Everything/source/tree/
enabled=0
gpgcheck=0
[baseos-debug]
name=Rocky Linux \$releasever - BaseOS - Source
baseurl=http://<YOUR-DOMAIN>/\$releasever/BaseOS/\$basearch/debug/tree/
gpgcheck=0
enabled=0
[appstream-debug]
name=Rocky Linux \$releasever - AppStream - Source
baseurl=http://<YOUR-DOMAIN>/\$releasever/AppStream/\$basearch/debug/tree/
gpgcheck=0
enabled=0
[ha-debug]
name=Rocky Linux \$releasever - High Availability - Source
baseurl=http://<YOUR-DOMAIN>/\$releasever/HighAvailability/\$basearch/debug/tree/
gpgcheck=0
enabled=0
[powertools-debug]
name=Rocky Linux \$releasever - PowerTools - Source
baseurl=http://<YOUR-DOMAIN>/\$contentdir/\$releasever/PowerTools/\$basearch/debug/tree/
gpgcheck=0
enabled=0
[resilient-storage-debug]
name=Rocky Linux $releasever - Resilient Storage - Source
baseurl=http://<YOUR-DOMAIN>/\$releasever/ResilientStorage/\$basearch/debug/tree/
gpgcheck=0
enabled=0
[ha]
name=Rocky Linux $releasever - HighAvailability
baseurl=http://<YOUR-DOMAIN>/\$releasever/HighAvailability/\$basearch/os/
gpgcheck=0
enabled=0
[nfv]
name=Rocky Linux $releasever - NFV
baseurl=http://<YOUR-DOMAIN>/\$releasever/nfv/\$basearch/os/
gpgcheck=0
enabled=0
[plus]
name=Rocky Linux $releasever - Plus
baseurl=http://<YOUR-DOMAIN>/\$releasever/plus/\$basearch/os/
gpgcheck=0
enabled=0
[powertools]
name=Rocky Linux $releasever - PowerTools
baseurl=http://<YOUR-DOMAIN>/\$releasever/PowerTools/\$basearch/os/
gpgcheck=0
enabled=0
[resilient-storage]
name=Rocky Linux $releasever - ResilientStorage
baseurl=http://<YOUR-DOMAIN>/\$releasever/ResilientStorage/\$basearch/os/
gpgcheck=0
enabled=0
[rt]
name=Rocky Linux $releasever - Realtime
baseurl=http://<YOUR-DOMAIN>/\$releasever/RT/\$basearch/os/
gpgcheck=0
enabled=0
EOF
/usr/bin/yum clean all
/usr/bin/yum repolist
rocky-epel-setup.sh
Once the script is run, you can see in the output the local repository list which are enabled. We have created two files here using script named, /etc/yum.repos.d/localrepo.repo and /etc/yum.repos.d/localrepo.repo.disabled First file contains the enabled repositories and second consists of extra repositories which are disabled by default. You can enable them later if needed by copying the content from disabled file to first file.
Now you can try yum update or yum install <package-name> and all your packages will now be installed using this local repository mirror server.