This topic provides instructions for creating the RHEL YUM repository server required for Kubernetes cluster deployment.
Pre-requisites
One RHEL 8.x VM with subscription-manager enabled is needed, which will be used as YUM-Server. You must perform the following steps in the YUM-Server as a root user.
Procedure
- Install the following package, which includes the utilities necessary to set up the repository.
#yum install yum-utils
- Create the following directories to hold the main OS repositories.
# mkdir -p /u01/repo/Rhel # mkdir -p /u01/repo/logs # mkdir -p /u01/repo/scripts
- Enable the YUM repositories in the following files:
The following example is with the default Installation of RHEL:
The
rhel-8-for-x86_64-baseos-rpmsandrhel-8-for-x86_64-appstream-rpmsrepositories must be enabled in/etc/ yum.repos.d/redhat.repofile (enabled flag should be set to 1. For example:enabled=1The reposync command is used to synchronize a remote YUM repository to a local directory.
Execute the following commands to retrieve the packages using YUM.# /usr/bin/reposync --newest-only --download-metadata --repoid=rhel-8-for-x86_64-baseos-rpms -p /u01/repo/Rhel # /usr/bin/reposync --newest-only --download-metadata --repoid=rhel-8-for-x86_64-appstream-rpms -p /u01/repo/Rhel
For the first time, the repositories sync could take some time.
- Create a resync CRON job by performing the following steps:
- A resync of the YUM repositories involves repeating the reposync. You can script them and run them from the CRON. Create a script named
/u01/repo/scripts/repo_sync.shwith the following contents.#!/bin/bash LOG_DIR=/u01/repo/logs LOG_FILE=$LOG_DIR/repo_sync_$(date +%Y.%m.%d).log if [ "$(ls -A "$LOG_DIR")" ]; then # If the directory is not empty, uncomment the find command find "$LOG_DIR"/repo_sync* -mtime +5 -delete >> "$LOG_FILE" 2>&1 else : fi # Sync repositories /usr/bin/reposync --newest-only --download-metadata --repoid=rhel-8-for-x86_64-baseos-rpms -p /u01/repo/Rhel >> $LOG_FILE 2>&1 /usr/bin/reposync --newest-only --download-metadata --repoid=rhel-8-for-x86_64-appstream-rpms -p /u01/repo/Rhel >> $LOG_FILE 2>&1 - Run the executable file.
chmod u+x /u01/repo/scripts/repo_sync.sh
- Set up a CRON job to run the scripts on a daily basis. The following script runs each day at 01:00. Use the
crontab -ecommand to edit your user's CRON table:crontab -eNote: Add the following line at the end of the file:0 1 * * * /u01/repo/scripts/repo_sync.sh > /dev/null 2>&1
Save and exit the editor.
- Install the Apache HTTP servers, start it and make sure it restarts automatically on reboot. If you are using the Linux firewall, you must connect to port 80.
# yum install -y httpd # systemctl start httpd # systemctl enable httpd
- A resync of the YUM repositories involves repeating the reposync. You can script them and run them from the CRON. Create a script named
- Set permissions to Security-Enhanced Linux (SELinux).
The modifications can be made permanent by changing the SELINUX parameter in the
/etc/ selinux/configfile. The file contains an explanation of the allowable values.# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
- Present the repositories using the HTTP server.
# mkdir -p /var/www/html/repo/Rhel/rhel-8-for-x86_64-baseos-rpms # cp -R /u01/repo/Rhel/rhel-8-for-x86_64-baseos-rpms/ /var/www/html/repo/Rhel/ # mkdir -p /var/www/html/repo/Rhel/rhel-8-for-x86_64-appstream-rpms # cp -R /u01/repo/Rhel/rhel-8-for-x86_64-appstream-rpms/ /var/www/html/repo/Rhel/
- Copy the GPG key to the HTTP server.
# cp /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release /var/www/html/RPM-GPG-KEY-redhat-release
