Quite a few companies do not allow direct connections from the internal servers to the Internet. This is usually no problem, beside the time, when you want to update your servers.
Building a repository mirror for Centos bypasses this problem. In this case you have one single system, which needs to fetch the updates. All internal system get the updates from this mirror.
This mirror can also be used to host installation packages which you need on your internal machines.
To build your own Centos 7.6 mirror start with the installation of createrepo
yum install createrepo yum-utilsCreate a partition to contain the images and add it to /etc/fstab
parted -s /dev/sdb unit mib mkpart primary 1 100%
pvcreate /dev/sdb1
vgcreate vg00 /dev/sdb1
lvcreate -L 100G -n centos vg00
mkfs.ext4 /dev/vg00/centos
echo `blkid /dev/vg00/centos | awk '{ print $2 }' | tr -d \"` /usr/share/nginx/html/centos ext4 defaults 0 0 >> /etc/fstab
mount /usr/share/nginx/html/centosNext, create a script which copies the contents of the original repository and refreshes it daily:
DIR=/usr/share/nginx/html/centos
mkdir -p ${DIR}/{base,centosplus,extras,updates,epel,mypackages}
mkdir -p ${DIR}/mypackages/PackagesUse your favorite editor to create /etc/cron.daily/update-centos-repo
#!/bin/bash
DIR=/usr/share/nginx/html/centos/
for REPO in base centosplus extras updates epel mypackages
do
if [ $REPO != 'mypackages' ]
then
reposync -g -l -d -m --repoid=$REPO --newest-only --download-metadata --download_path=${DIR}
fi
if [ $REPO = 'base' ]
then
createrepo -g comps.xml ${DIR}${REPO}/
else
createrepo ${DIR}${REPO}/
fi
doneNow, make this script executable:
chmod 755 /etc/cron.daily/update-centos-repos
Your newly created machine will now fetch once a day the changes of the repository. Fetch the content once manually:
/etc/cron.daily/update-centos-repos
To make the repository available for your internal machines, you need a web server. In this case we use nginx
yum install epel-release yum install nginx systemctl start nginx systemctl enable nginx
The local firewall of Centos needs to allow connections to the required ports
firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --zone=public --permanent --add-service=https firewall-cmd --reload
and nginx requires a virtual host to allow access to the repository. Create a file centos-mirror in /etc/nginx/conf.d
server {
listen 80;
server_name mirror.my.domain;
root /usr/share/ngingx/html/centos/;
location / {
index index.php index.html index.htm;
autoindex on;
}
}You need to convince SElinux to give nginx access to the repository
chcon -Rt httpd_sys_content_t /usr/share/nginx/html/centos/
Once you passed all these steps, you can add the repository to you internal Centos machines:
Delete all existing repositories in /etc/yum.repos.d/
Create a file called local-centos-mirror.repo in the directory /etc/yum.repos.d/
[local-base] name=CentOS Base baseurl=http://mirror.my.domain/centos/base/ gpgcheck=0 enabled=1 [local-centosplus] name=CentOS CentOSPlus baseurl=http://mirror.my.domain/centos/centosplus/ gpgcheck=0 enabled=1 [local-extras] name=CentOS Extras baseurl=http://mirror.my.domain/centos/extras/ gpgcheck=0 enabled=1 [local-updates] name=CentOS Updates baseurl=http://mirror.my.domain/centos/updates/ gpgcheck=0 enabled=1 [local-epel] name=CentOS EPEL baseurl=http://mirror.my.domain/centos/epel/ gpgcheck=0 enabled=1 [mypackages] name=My Packages baseurl=http://mirror.my.domain/centos/mypackages/ gpgcheck=0 enabled=1
If you have any other rpm files, which you need to provide internally, copy them into the repository “mypackages”
cp xy.rpm /usr/share/nginx/html/centos/mypackages/Packages
Run your daily update script and the rpm-files will be available for installation on your internal machines