Creating a private repository on CentOS

For various reasons, notably security under partitioned networks, a public repository for updates and software installation may not be available to the updater (yum or rpm). An example is if the machine to be updated is not connected to the wider internet for security reasons.

One solution is to create a local, secure repository (which does have internet access) that is updated by a controlled enterprise process (e.g. manually copying files or using internet based yum updates) to which internal elements can connect.

Another solution, much simpler but not scalable, is to manually update all machines by copying the packages to each.

This article explains how to create a local repository for CentOS.

 

Updating Directly From Package Files

Obtain the packages to be updated or installed from a public and trusted repositor -- in the case of CentOS, the principal is Red Hat. Copy the package to the local machine and run

     # yum localinstall <path/to/PACKAGE>

 

Creating a Local Repository Server

Besides tools to manage a CentOS repository, this needs a service that can serve files, such as FTP or HTTP. We will be using Apache http server.

Start by creating directories where packages will be stored:

     # mkdir -p /var/www/html/my_repo

If not there already, install Apache httpd server and confirm it is running:

     # yum install httpd

     # service httpd start

It should work out of the box. Remember, however:

  • to configure the server to your requirements
  • to make the directory chosen in the first step readable to the machines that will be using

       # chown -R apache:apache /var/www/html/my_repo

       # chmod -R 755 /var/www/html/my_repo

Install repository manager tools and create the repository:

     # yum install createrepo

     # createrepo /var/www/html/my_repo

Obtain the packages that your elements will need to update to and copy them to your repository directory; in this example, it is /var/www/html/my_repo. Update the repository manager:

     # createrepo --update /var/www/html/my_repo

 

Configuring the Client Machines to use the Local Repository

The machines that are to be updated using your local repository will need to know how to find it and that it should be used. On each of them, create the following file:

     # vi /etc/yum.repos.d/my_repository.repo

     [my_repository]
     name=Company Secure Repository
     baseurl=http://<ADDRESS>/my_repo
     enabled=1
     gpgcheck=0

where  <ADDRESS> is the IP address or the domain name of your repository (e.g., repository.example.com). There are a number of configurations possible, including signing packages. The configuration file above is a simple example that does not provide any special means of security.

Verify the files can be reached from clients in the repository server with, e.g.,

     # wget http://<ADDRESS>/my_repo/repomd.xml

If this step fails, verify your web server configuration.

Your machines are now ready to be updated using your local repository with the following command:

     # yum --disablerepo="*" --enablerepo="my_repo" install <PACKAGE>

 

 Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk