Redhat offers a great tool with Redhat satellite server especially with Satellite 6. But the price is quite high, and if you need to provides packages and updates to multiple separated environments it’s out of the picture.
(For those who are interessted – Katello is the upstream project of Redhat’s Satellite 6).
So the question is now, how to get the the Redhat repos to your deployment server.
First a subscription is needed and only channels/repos included in this subscription can be synchronized.
If we have the channels/repos availalbe on our system which we want to use to sync we can use reposync to pull all the repositoriers from the internet.
The follwoing example shows a list of repositories which are available on my machine:
The easiest way to sync a repo is to just call the following command:
Important is to add the -l option to the command. The command enables the yum-plugins and to be able to sync directly from Redhat those plugins have to be enabeld!
But I think the most people don’t want to run the synchronization by hand and some metadata also would be nice – so you can use/adapt the following script and add it as a cronjob.
So, what does this script do?
Because it’s intended to be used as a cronjob it logs the sync-process to /var/log/reposync – I don’t do any logrotation because the files are quite small and the cronjobs runs only once a week – so there is not too much space used by the logfiles and I clean them from hand. but if its ran more often you should think about log rotation.
Reposync itself creates a subfolder in the spceified directory which is named like the repoid and contains the metadata (comps & updateinfo + a directory called getPackage which contains the rpm-packages). The comps-file contains all the group-infos and updateinfo is needed if you want to use yum just for security updates.
Herefor the yum-plugin “yum-plugin-security” is a good choice.
With the “–download-metadata” parameter in the reposync command the updateinfo.xml-files are also downloaded (as far as they exist for the repo). Normaly the file is downloaded in the following format: <HASH>-updateinfo.xml.gz
To use the updateinfo-file in your synchronized repo the file has to be gunziped and renamed to updateinfo.xml – so the hash at the beginning of the filname needs to be striped away. Otherwise it is likely that the updates are not recognized correctly! So convert your downloaded updateinfo-metadata file to updateinfo.xml and run use modify repo to update your repository with the security update informations from the updateinfo.xml.