Local repo updated, but workstations aren't getting updates

General support questions
Post Reply
User avatar
poltr1
Posts: 25
Joined: 2020/01/03 21:43:57
Location: Dayton OH USA

Local repo updated, but workstations aren't getting updates

Post by poltr1 » 2021/05/06 20:03:22

Since I maintain a rather large number (about 50) of CentOS workstations, I thought I could reduce network traffic by creating a local repo, from which the workstations can then get their package updates. I ran createrepo on one of my servers, and have a nightly cron job that performs the reposync. I then mount the drive containing the repo on my workstation, using the mountpoint "/apps/repo". When I run yum update, it doesn't find any new packages to install; I get "No packages marked for update".

Example: I'm running kernel-3.10.0-1160.24.1 on my workstation. I look at /apps/repo/update/Packages and can see kernel-3.10.0-1160.25.1.el7.x86_64.rpm. My baseurl is set to file:///apps/repo/. But running yum update doesn't grab and install the new kernel. I have to alter /etc/yum.repos.d/CentOS-Base.repo and change the baseurl back to mirror.centos.org for it to grab the updated kernel rpm file.

I'm running yum clean all, and rebuilding the database. Is there something else I should be updating, such as the metadata?

Contents of /etc/yum.repos.d/CentOS-Base.repo:

Code: Select all

	.
	.	(comments redacted)
	.
#base distro
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=file:///apps/repo/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=file:///apps/repo/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=file:///apps/repo/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
	.
	.	(centosplus redacted)
	.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Local repo updated, but workstations aren't getting updates

Post by TrevorH » 2021/05/06 21:32:48

I'd recommend just using rsync from an rsync enabled mirror (like mirror.kernel.org for example) and skipping the createrepo step entirely. You can also just run up an http server and point it at your local repo and serve it out to your clients that way. The /etc/yum.repos.d/CentOS-*.repo files are all owned by the centos-release package but if they are modified (i.e. to change the baseurl= to your server) then they will not be replaced when that package is updated.

Here's what I run every night - you'll notice that I exclude a lot of stuff that I have no interest in so that I can save space.

Code: Select all

$ cat /usr/local/bin/repo7mirror.sh 
#!/bin/bash

CURRREL="7.9.2009"

if [ -f /var/lock/subsys/rsync_update7 ]; then
    echo "Updates via rsync already running."
    exit 0
fi

if [ -d /var/www/html/centos/$CURRREL ] ; then
    touch /var/lock/subsys/rsync_update7
    rsync  -avSHP --delete --exclude "*/i386" --exclude "*/i686" --exclude "dotnet" --exclude "nfv" --exclude "rt" --exclude "storage" --exclude "virt" --exclude "isos" --exclude '*/x86_64/drpms' --exclude "cloud" --exclude "paas" --exclude "atomic" --exclude "sclo" mirrors.kernel.org::centos/$CURRREL/ /var/www/html/centos/$CURRREL/ >> /var/log/repo7mirror.log 2>&1
    /bin/rm -f /var/lock/subsys/rsync_update7
else
    echo "Target directory /var/www/html/centos/$CURRREL not present."
fi
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Local repo updated, but workstations aren't getting updates

Post by Whoever » 2021/05/07 02:40:17

TrevorH wrote:
2021/05/06 21:32:48
I'd recommend just using rsync from an rsync enabled mirror (like mirror.kernel.org for example) and skipping the createrepo step entirely. You can also just run up an http server and point it at your local repo and serve it out to your clients that way. The /etc/yum.repos.d/CentOS-*.repo files are all owned by the centos-release package but if they are modified (i.e. to change the baseurl= to your server) then they will not be replaced when that package is updated.
If you have enough control over your network, you can use a proxy to redirect the mirrorlist queries to go to your local repo server.

User avatar
poltr1
Posts: 25
Joined: 2020/01/03 21:43:57
Location: Dayton OH USA

Re: Local repo updated, but workstations aren't getting updates

Post by poltr1 » 2021/05/07 19:28:03

I tried the rsync command, waited a couple of minutes, and got nothing. I suspect Corporate has blocked the port(s) that rsync uses in the firewall. They're *very* fussy about security; trust me on this. I doubt I can even set up an http server without a boatload of approvals. Proxies are right out.

But the code gave me a couple of new ideas; thanks. I was able to browse kernel.org's structure, saw the repodata files in both updates and extras, and wrote this snippet to get the updated rpm files and the repodata files in updates:

Code: Select all

reposync -n --repoid=updates --download_path=/home/repo/
cd /home/repo/updates
curl https://mirrors.edge.kernel.org/centos/7.9.2009/updates/x86_64/repodata/ | grep href | awk -F\" '{ print $2 }' | tail -n +2 > updates_metadata.txt
while read f; do 
  wget -N https://mirrors.edge.kernel.org/centos/7.9.2009/updates/x86_64/repodata/$f; 
done < updates_metadata.txt

The same can be done for extras. kernel.org didn't have mirrors for base or epel.

So, I'm now getting the repodata files, and they're contained with their respective sections (and not at the top-level repodata). When I run the yum update on the workstations, I'll see the new rpm files, but then it can't seem to retrieve them, and complains with the message "no more mirrors to try". I disabled the mirrorlist since I'm not using any mirrors. What next?

User avatar
poltr1
Posts: 25
Joined: 2020/01/03 21:43:57
Location: Dayton OH USA

Re: Local repo updated, but workstations aren't getting updates

Post by poltr1 » 2021/05/10 14:49:09

I needed to do one more step: clean the yum cache on the client. I then ran yum update again, and it's now downloading files.

Since the repo is already mounted as a drive, I would have preferred a copy (cp) instead of http or ftp. I think that would involve less overhead.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Local repo updated, but workstations aren't getting updates

Post by jlehtone » 2021/05/10 15:51:55

You did already have URL of type file:///repopath. Works fine with mounted disks, if the repopath is correct.

Post Reply