Create a Centos Repository Mirror

Quite a few companies do not allow direct connections from the internal servers to the Internet. This is usually no problem, beside the time, when you want to update your servers.

Building a repository mirror for Centos bypasses this problem. In this case you have one single system, which needs to fetch the updates. All internal system get the updates from this mirror.

This mirror can also be used to host installation packages which you need on your internal machines.

To build your own Centos 7.6 mirror start with the installation of createrepo

yum install createrepo  yum-utils

Create a partition to contain the images and add it to /etc/fstab

parted -s /dev/sdb unit mib mkpart primary 1 100%
pvcreate /dev/sdb1
vgcreate vg00 /dev/sdb1
lvcreate -L 100G -n centos vg00
mkfs.ext4 /dev/vg00/centos
echo `blkid /dev/vg00/centos | awk '{ print $2 }' | tr -d \"` /usr/share/nginx/html/centos ext4 defaults 0 0 >> /etc/fstab
mount /usr/share/nginx/html/centos

Next, create a script which copies the contents of the original repository and refreshes it daily:

DIR=/usr/share/nginx/html/centos
mkdir -p ${DIR}/{base,centosplus,extras,updates,epel,mypackages}
mkdir -p ${DIR}/mypackages/Packages

Use your favorite editor to create /etc/cron.daily/update-centos-repo

#!/bin/bash
DIR=/usr/share/nginx/html/centos/
for REPO in base centosplus extras updates epel mypackages
do
     if [ $REPO != 'mypackages' ]
     then
          reposync -g -l -d -m --repoid=$REPO --newest-only --download-metadata --download_path=${DIR}
     fi
     if [ $REPO = 'base' ]
     then
          createrepo -g comps.xml ${DIR}${REPO}/
     else
          createrepo ${DIR}${REPO}/
     fi
done

Now,  make this script executable:

chmod 755 /etc/cron.daily/update-centos-repos

Your newly created machine will now fetch once a day the changes of the repository. Fetch the content once manually:

/etc/cron.daily/update-centos-repos

To make the repository available for your internal machines, you need a web server. In this case we use nginx

yum install epel-release
yum install nginx
systemctl start nginx
systemctl enable nginx

The local firewall of Centos needs to allow connections to the required ports

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload

and nginx requires a virtual host to allow access to the repository. Create a file centos-mirror in /etc/nginx/conf.d

server {
     listen      80;
     server_name mirror.my.domain;
     root        /usr/share/ngingx/html/centos/;
     location / {
          index     index.php index.html index.htm;
          autoindex on;
     }
}

You need to convince SElinux to give nginx access to the repository

chcon -Rt httpd_sys_content_t /usr/share/nginx/html/centos/

Once you passed all these steps, you can add the repository to you internal Centos machines:

Delete all existing repositories in /etc/yum.repos.d/

Create a file called local-centos-mirror.repo in the directory /etc/yum.repos.d/

[local-base]
name=CentOS Base
baseurl=http://mirror.my.domain/centos/base/
gpgcheck=0
enabled=1

[local-centosplus]
name=CentOS CentOSPlus
baseurl=http://mirror.my.domain/centos/centosplus/
gpgcheck=0
enabled=1

[local-extras]
name=CentOS Extras
baseurl=http://mirror.my.domain/centos/extras/
gpgcheck=0
enabled=1

[local-updates]
name=CentOS Updates
baseurl=http://mirror.my.domain/centos/updates/
gpgcheck=0
enabled=1

[local-epel] 
name=CentOS EPEL 
baseurl=http://mirror.my.domain/centos/epel/ 
gpgcheck=0 
enabled=1

[mypackages]
name=My Packages
baseurl=http://mirror.my.domain/centos/mypackages/
gpgcheck=0
enabled=1

If you have any other rpm files, which you need to provide internally, copy them into the repository “mypackages”

cp xy.rpm /usr/share/nginx/html/centos/mypackages/Packages

Run your daily update script and the rpm-files will be available for installation on your internal machines

Close Menu