1. Unbreakable Linux Network User's Guide for Oracle Linux 6 and Oracle Linux 7
  2. Creating and Using a Local ULN Mirror

5 Creating and Using a Local ULN Mirror

Note:

This documentation is specific to Oracle Linux 6 and Oracle Linux 7. If you're using Oracle Linux 8 or Oracle Linux 9, see Oracle Linux: Managing Software on Oracle Linux.

You can configure a local yum server to mirror the ULN channels within your network. This approach reduces the overhead that is associated with registering and managing systems within ULN, while still provisioning systems with all of the available software and updates that are available on ULN. Systems that are not able to connect to the Internet, either directly or by using a proxy, can also use this approach to keep up to date with the latest software.

This approach requires that the yum server is registered with ULN, has the available disk space to host the mirrored channels and is subscribed to the channels that it hosts. Systems that use the local ULN mirror are dependent on the synchronization of packages on the local yum server with the most recent updates provided by Oracle through ULN. If the local ULN mirror falls out of date, systems within your network may not be able to install critical security updates.

This chapter provides information on the requirements to host a local ULN mirror and the procedure to set up and configure the yum server for this purpose. Instructions are provided for configuring client systems to access and use the local yum server to obtain updates.

Note:

If you are considering mirroring ULN channels on a local yum server, you should also investigate Spacewalk for Oracle Linux. Spacewalk provides tools to help with system maintenance, installation and package management, including tools to easily mirror ULN channels either from an intuitive web interface, or from a command line tool. For more information, see the Spacewalk for Oracle Linux documentation at https://docs.oracle.com/cd/E92593_01/index.html.

Prerequisites for the Local ULN Mirror

The system that you want to set up as a local ULN mirror must meet the following criteria:

  • Must be registered with ULN. See ULN Registration.

  • Must be running Oracle Linux 6 (x86_64) or Oracle Linux 7 (x86_64).

  • Must have at least 6 GB of memory to create the yum metadata.

  • Must have enough disk space to store copies of the packages that it hosts. Consider the following when calculating disk space:

    • Disk space requirements depend on the channels to which you subscribe. In turn, the channels depend on the number of clients to be serviced, including their platforms, operating systems, and other specific packages that each client might be using and which would require updates.

    • Disk space that is used for a mirror is only consumed and is never released. Thus, disk requirements are not static and can increase over time.

    • Packages within the channels are also updated regularly and will further affect the storage requirements on the local yum server.

    For guidance in estimating the disk size requirements for your specific mirror setup, run the following command, which displays information about each ULN channel to which the system is subscribed: 

    $ sudo yum repoinfo

    To display information only for a specific channel, provide the repository ID in the command, for example: 

    $ sudo yum repoinfo ol7_x86_64_latest
Loaded plugins: langpacks, rhnplugin, ulninfo
This system is receiving updates from ULN.
Repo-id      : ol7_x86_64_latest
Repo-name    : Oracle Linux 7 Latest (x86_64)
Repo-status  : enabled
Repo-updated : Tue Feb 23 03:30:36 2021
Repo-pkgs    : 17,366
Repo-size    : 27 G
Repo-baseurl : https://linux-update.oracle.com/XMLRPC/GET-REQ/ol7_x86_64_latest
Repo-expire  : 21,600 second(s) (last: Wed Feb 24 20:43:12 2021)
  Filter     : read-only:present
Repo-excluded: 4,560

repolist: 17,366

    Because repositories are dynamic and grow over time, always plan to allocate substantially greater disk space than what Repo-size specifies. The more resources you can provide for disk space, the more efficient the local server can mirror ULN channels.

Setting up a Local ULN Mirror

To set up a local system as a local ULN mirror:

  1. Enable the system as a Yum Server within ULN System Management. You can do this using the ULN web interface .

    This option disables system specific logic that is applied when a system attempts to subscribe to channels that do not apply to its architecture or platform version. For example, when a system is enabled as a Yum Server within ULN System Management, it is able to subscribe to channels for alternate architectures or operating system versions.

    Enable the Yum Server option using the ULN web interface

    1. Using a browser, log in at https://linux.oracle.com with the ULN user name and password that you used to register the system

    2. On the Systems tab, click the link named for your system in the list of registered machines.

    3. On the System Details page, click Edit.

    4. On the Edit System Properties page, select the Yum Server check box and click Apply Changes.

  2. Subscribe the system to the channels that you intend to mirror. You can do this either using the ULN web interface, or by using the uln-channel command.

    Note:

    You must subscribe the system to the latest and addons channels for the installed operating system release (Oracle Linux 6 or Oracle Linux 7) and the relevant system architecture to be able to install the uln-yum-mirror package. This package contains the uln-yum-mirror script that enables the system to act as a local ULN mirror.

    If you subsequently update the list of channels to which the system is subscribed, the uln-yum-mirror script updates the channels that the system mirrors.

    If you have an Oracle Linux Support account and you want the yum server to host Ksplice packages for local Ksplice Offline clients, subscribe to the Ksplice for Oracle Linux channels for the architectures and Oracle Linux releases that you want to support.

    For a complete and up-to-date list of the available release channels, log on to ULN at https://linux.oracle.com.

    To subscribe your system to the channels that you want to mirror, use the ULN web interface .

    Subscribe your system to channels using the ULN web interface

    1. Log in to https://linux.oracle.com with your ULN user name and password.

    2. On the Systems tab, click the link named for the system in the list of registered machines.

    3. On the System Details page, click Manage Subscriptions.

    4. On the System Summary page, select channels from the list of available or subscribed channels and click the arrows to move the channels between the lists.

    5. When you have finished selecting channels, click Save Subscriptions.

  3. Install the Apache HTTP server. 

    # yum install httpd

  4. Create a base directory for the yum repositories, for example /var/yum or /var/www/html/yum. 

    # mkdir -p /var/www/html/yum

    Note:

    The yum repository owner must have read and write permissions on this directory.

  5. If you created a base directory for the yum repository that is not under /var/www/html and SELinux is enabled in enforcing mode on your system:

    1. Use the semanage command to define the default file type of the repository root directory hierarchy as httpd_sys_content_t: 

      # /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/yum(/.*)?"

    2. Use the restorecon command to apply the file type to the entire repository. 

      # /sbin/restorecon -R -v /var/yum

  6. If you created a base directory for the yum repository that is not under /var/www/html, create a symbolic link in /var/www/html that points to the repository, for example: 

    # ln -s /var/yum /var/www/html/yum

  7. Edit the HTTP server configuration file, /etc/httpd/conf/httpd.conf, as follows:

    1. Specify the resolvable domain name of the server in the argument to ServerName. 

      ServerName server_addr:80

      If the server does not have a resolvable domain name, enter its IP address instead.

    2. Verify that the setting of the Options directive in the <Directory "/var/www/html"> section specifies Indexes and FollowSymLinks to allow you to browse the directory hierarchy, for example: 

      Options Indexes FollowSymLinks

    3. Save your changes to the file.

  8. Start the HTTP server, and configure it to start after a reboot.

    • On Oracle Linux 6, type the following commands: 

      # service httpd start
# chkconfig httpd on

    • On Oracle Linux 7, enter the following commands: 

      # systemctl start httpd
# systemctl enable httpd

  9. If you enabled a firewall on your system, configure it to allow incoming HTTP connection requests on TCP port 80.

    • On Oracle Linux 6, type the following commands: 

      # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# service iptables save

    • On Oracle Linux 7, type the following commands: 

      # firewall-cmd --add-service=http
# firewall-cmd --permanent --add-service=http

  10. Install the uln-yum-mirror package: 

    # yum install uln-yum-mirror

    This package contains the uln-yum-mirror script that enables the system to act as a local ULN mirror.

    Note:

    If you have not subscribed the system to the correct Oracle Linux latest and addons channels for your system, the command fails with the following error: 

    No package uln-yum-mirror available

  11. To configure the operation of the /usr/bin/uln-yum-mirror script, edit the /etc/sysconfig/uln-yum-mirror file.

    For example, if the base directory for the yum repositories is not /var/www/html/yum, set the value of the REP_BASE parameter to the correct base directory: 

    REP_BASE=/var/yum

    Installing the uln-yum-mirror package also configures an anacron job (/etc/cron.daily/uln-yum-mirror) that updates the local yum repositories once every day. You can disable this job by setting the value of CRON_ENABLED to 0: 

    CRON_ENABLED=0

    For more information about the configuration options in /etc/sysconfig/uln-yum-mirror file, see ULN Mirror Configuration .

    The repositories are populated when the anacron job runs the /usr/bin/uln-yum-mirror script. Alternatively, you can run the script manually at any time to update the repositories. See Updating the Repositories on a Local ULN Mirror .

ULN Mirror Configuration

The /etc/sysconfig/uln-yum-mirror file contains the following configuration parameters that affect the behavior of the /usr/bin/uln-yum-mirror script:

ALL_PKGS

Specifies whether uln-yum-mirror mirrors all versions of every available package or downloads only the latest version of each package. The default value of 1 causes uln-yum-mirror to mirror all versions of every available package. A value of 0 causes uln-yum-mirror to download only the latest version of each package.

CRON_ENABLED

Specifies whether uln-yum-mirror runs automatically once per day. The default value of 1 enables uln-yum-mirror to be run automatically as an anacron job. A value of 0 disables the job. You must run uln-yum-mirror manually to update the packages.

HARDLINK_RPMS

Specifies whether uln-yum-mirror runs hardlinkpy to create hard links between identical RPMs after the mirror process finishes. The default value of 1 enables hard linking, which saves storage space. It is not possible to create hard links across file systems. Set the value to 0 if the repository storage spans more than one file system.

LOG_OUTPUT

Specifies whether uln-yum-mirror logs its output. The default value of 1 enables logging. A value of 0 disables logging.

REP_BASE

Specifies the base directory for the repositories. The default setting is /var/www/html/yum. Do not change this setting unless you customize the configuration of the HTTP server.

REP_EL
REP_ENG
REP_OL
REP_OVM
REP_UEK

Specify the names of the repositories. If required, you can configure alternate names.

REPO_FILE_DIR

Not currently used.

SRC

Specifies whether uln-yum-mirror mirrors source RPMs in addition to binary RPMs. The default value of 0 prevents uln-yum-mirror from mirroring source RPMs. A value to 1 causes uln-yum-mirror to mirror source RPMs.

YUM_GLOBAL_CACHE

Specifies the yum global cache directory. The default setting is /var/cache/yum. Do not change this setting unless you customize the configuration of the HTTP server.

Updating the Repositories on a Local ULN Mirror

To update the repositories for the subscribed channels immediately without waiting for the anacron job to run or if you have disabled the job, enter the following command on the local ULN mirror server: 

# /usr/bin/uln-yum-mirror

Note:

If you have not yet set up the contents of the repositories, it can take many hours to download all the packages.

Configuring yum on a Local ULN Mirror

The following procedure configures the yum command on a server that is acting as a local ULN mirror to install package updates from itself rather than from ULN. This type of configuration can be important when the system is configured to mirror channels for alternate platforms or architectures. Because channel subscription logic is disabled for a system that is configured as a Yum Server within ULN System Management, the system could potentially install packages from channels with conflicting architectures or platforms. For this reason, you may want to configure the system to use the local ULN mirror that it is hosting, which enables you to control the system's own channel or repository subscriptions.

Note that the procedure does not affect the operation of the uln-yum-mirror script.

To configure a server that is acting as a local ULN Mirror to be able to install updated packages from itself:

  1. Use the following command to list the channels that the server is mirroring from ULN: 

    # yum repolist
Loaded plugins: rhnplugin, security
This system is receiving updates from ULN. 
0 packages excluded due to repository protections
repo id                   repo name                                    status
ol6_x86_64_addons         Oracle Linux 6 Add ons (x86_64)              367
ol6_x86_64_latest         Oracle Linux 6 Latest (x86_64)               35,995
ol6_x86_64_UEKR3_latest   Latest Unbreakable Enterprise Kernel
                          Release 3 for Oracle Linux 6 (x86_64)        41

    In this example, the server mirrors the ol6_addons, ol6_x86_64_latest, and ol6_x86_64_UEKR3_latest channels from ULN.

  2. Edit /etc/yum/pluginconf.d/rhnplugin.conf and disable the mirrored channels by adding the following stanza for each channel: 
    [repo_id]
enabled=0
    For example, to disable the ol6_addons, ol6_x86_64_latest, and ol6_x86_64_UEKR3_latest channels, you would add the following stanzas: 
    [ol6_addons]
enabled=0

[ol6_x86_64_latest]
enabled=0

[ol6_x86_64_UEKR3_latest]
enabled=0

    Note:

    If you subsequently subscribe the system to any additional channels on ULN, you must also disable those channels in /etc/yum/pluginconf.d/rhnplugin.conf.

  3. Configure the server as a yum client as described in Configuring Access to a Local ULN Mirror .

Configuring Access to a Local ULN Mirror

If you have set up a local ULN mirror, you can configure your local Oracle Linux systems to receive yum updates from that server.

To configure an Oracle Linux system as a yum client:

  1. Import the GPG key: 

    # rpm --import /usr/share/rhn/RPM-GPG-KEY

  2. Disable any existing yum repositories configured in the /etc/yum.repos.d directory. You can either edit any existing repository files and disable all entries by setting enabled=0 or you can use yum-config-manager: 

    # yum-config-manager --disable \*

    Alternately, you can rename any of the files in this directory so that they do not use the .repo suffix. This causes yum to ignore these entries. For example: 

    # cd /etc/yum.repos.d
# for i in *.repo; do mv $i $i.disabled; done

  3. In the /etc/yum.repos.d directory, create the file local-yum.repo, which contains entries such as the following for an Oracle Linux 6 yum client: 

    [local_ol6_latest]
name=Oracle Linux $releasever - $basearch - latest
baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=1
enabled=1

[local_ol6_UEKR3_latest]
name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever - $basearch - latest
baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/UEKR3/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=1
enabled=1

[local_ol6_addons]
name=Oracle Linux $releasever - $basearch - addons
baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/addons/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=1
enabled=1

    To distinguish the local repositories from the ULN repositories, prefix the names of their entries with a string such as local_.

    Replace local_uln_mirror with the IP address or resolvable host name of the local ULN mirror.

    Note that the correct GPG key file must exist at the path specified for the gpgkey parameter. You can download the GPG keys used to sign all of the Oracle Linux release packages from the Oracle Linux yum server. See https://yum.oracle.com/faq.html#a10 for more information.

    The example configuration enables the local_ol6_latest, local_ol6_UEKR3_latest, and local_ol6_addons channels.

  4. To test the configuration:

    1. Clear the yum metadata cache: 

      # yum clean metadata

    2. Use yum repolist to verify the configuration, for example: 

      # yum repolist
 Loaded plugins: rhnplugin, security
 This system is receiving updates from ULN. 
0 packages excluded due to repository protections
repo id                         repo name                                    status
local_ol6_addons                Oracle Linux 6 - x86_64 - latest             367
local_ol6_x86_64_latest         Oracle Linux 6 - x86_64 - latest             35,995
local_ol6_x86_64_UEKR3_latest   Unbreakable Enterprise Kernel Release 3 
                                for Oracle Linux 6 - x86_64 - latest         41

      If yum cannot connect to the local ULN mirror, check that the firewall settings on the local ULN mirror server allow incoming TCP connections to the HTTP port (usually, port 80).

  5. You can now run yum update to pick up new updates from the local ULN mirror.