Setting up a private yum repository

This is section from my web pages Musings/Experiments With A Virtual Data Center

Setting up the yum repository

To set up the yum repository I used the instructions from:
Creating A Local Yum Repository (CentOS) and
How To Set Up A Local Yum Repository On Fedora 8 .
They contained complimentary information

The first step is create the repository directories:
/var/www/html/centos/5.2/os
/var/www/html/centos/5.2/updates

mkdir -pv /var/www/html/centos/5.2/os/i386
mkdir -pv /var/www/html/centos/5.2/updates/i386

Copy the CentOS release RPMs from the install media to /var/www/html/centos/5.2/os directory.

Copy the release GPG signing key, RPM-GPG-KEY-CentOS-5 from the install media to /var/www/html/centos/5.2

Install the createrepo software package from the install media or via yum.

These steps are mechanical.

Creating the yum repository index files withcreaterepo

Next you have to create the repository for the install RPMs:

createrepo /var/www/html/centos/5.2/os/i386/

This creates the repo files in: /var/www/html/centos/5.2/os/i386/repodata:
filelists.xml.gz
other.xml.gz
primary.xml.gz
repomd.xml

Now that we have the OS repo, we now need to create the update repo. There are two ways to do this: copy over the complete update repo from one of the CentOS mirrors or hand build a repo with selected updates.

The second way is how I would do this in a production environment. After an OS patch was checked and passed by development and QA, it would then be installed in the updates directory in the private yum repository. Each time a patch is added to the updates directory, the repository data needs to be rebuilt with:

createrepo /var/www/html/centos/5.2/updates/i386/

If I were doing this, I might also only put the original OS install packages that I wanted to allow on our production servers. When a need for a new package was discovered, then that package would be put in the repositories os directory.

In my environment I did not do either of these. The os repository is all of the available packages and the updates repository is a mirror of the CentOS mirrors.

You mirror the CentOS mirror with rsync:

/usr/bin/rsync -iavrt rsync://mirrors.kernel.org/centos/5.2/updates/i386/
/var/www/html/centos/5.2/updates/i386/

To keep the local mirror in sync with the CentOS mirrors run rsync periodically out of cron:

crontab -e root
23 11 * * * /usr/bin/rsync -iavrt rsync://mirrors.kernel.org/centos/5.2/updates/i386/
/var/www/html/centos/5.2/updates/i386/

If you are doing the rsync then you do not need to rebuild the repository data since that data is part of the rsync data.

Setting up the servers to use the yum repository

Setting up the servers to use the yum repository has two parts:
Adding entries in /etc/yum.conf to list the private repositories.
Removing the CentOS repository files from /etc/yum.repos.d

You need to add to the /etc/yum.conf file:

#base OS
[base]
name=CentOS-$releasever - Base
baseurl=http://vm.bb.harker.com/centos/$releasever.2/os/$basearch/
gpgcheck=1
gpgkey=http://vm.bb.harker.com/centos/RPM-GPG-KEY-CentOS-5

#released updates 
[updates]
name=CentOS-$releasever - Updates
baseurl=http://vm.bb.harker.com/centos/$releasever.2/updates/$basearch/
gpgcheck=1
gpgkey=http://vm.bb.harker.com/centos/RPM-GPG-KEY-CentOS-5

Now a problem that I found was that yum was setting the internal yum variable $releasever to 5 not 5.2. I did a quick google search and came up empty. My workaround was to add the .2 to the baseurl value in yum.config. Hopefully time will give me an answer.

With the yum.config file installed and the CentOS repository files removed from /etc/yum.repos.d it is time to test:

yum update

And it works!

Deploying yum files with cfengine

All of this work has been getting to this step for me. I have the servers up and running. I have cfengine installed and working. And I have my private yum repository up and working. So now I am ready to deploy my first file/configuration with cfengine.

What I want to do:
Deploy a custom yum.conf file
Delete the OS repository files from /etc/yum.repos.d

Where to put the files to deploy

I am going to store all of the configuration files and information on the cfengine master server in the directory /masterfiles. Cfengine related files are in /masterfiles/cfengine. Site wide defaults, files to be installed on all servers are in /masterfiles/node.

The yum.conf file is placed in /masterfiles/node/etc.

Deploying the yum.conf

To deploy the yum.conf file on all hosts you add these lines to the copy: directive:

$(master_node)/etc/yum.conf     dest=/etc/yum.conf
                                mode=644
                                backup=true
                                type=checksum
                                server=$(policyhost)
                                trustkey=true

To test this you can run cfagent manually on any host:
cfagent -v -q

Removing the OS repository files from /etc/yum.repos.d

To remove the CentOS-Base.repo and CentOS-Media.repo files you first test for their existence in the control: directive: 
  has_centos_base = ( ReturnsZero( /usr/bin/test -s /etc/yum.repos.d/CentOS-Base.repo ) )
  has_centos_media = ( ReturnsZero( /usr/bin/test -s /etc/yum.repos.d/CentOS-Media.repo ) )

Then in the shellcommands: directive you remove the files if the variables have been set:

  !has_centos_base::
    "/bin/rm /etc/yum.repos.d/CentOS-Base.repo"

  !has_centos_media::
    "/bin/rm /etc/yum.repos.d/CentOS-Media.repo"