repository

内部に抱える計算機が多くなるとyum-updateの参照先を内部に抱えたくなる.
ちょうどwindows-updateの配布パッケージを社内に持つように.

ここではそんなリポジトリのミラーを作ってみた(ローカルリポジトリ)

参照先 https://www.server-world.info/query?os=CentOS_7&p=localrepo

RHEL7系+RHEL8系+RHEL9系†

RHEL{7,8,9}系のローカルリポジトリを作ってみる.

ローカルリポジトリサイトは　「repository.sybyl.local」　とします.
httpが動いてればOSは何でもいいです.

ここにRHEL{7,8,9}系のパッケージデータを集めてみた. epelも
参照 https://wiki.rockylinux.org/rocky/repo/

(OSがRHEL7系なら)
yum install httpd rsync createrepo
 
(OSがRHEL8,9系なら)
dnf install httpd rsync createrepo_c
 
(RHEL7系CentOS7)
[root@repository ~]# mkdir -p /var/www/html/repos/centos/7/{os,updates,extras}/x86_64   /var/www/html/repos/fedora/epel/7/x86_64
[root@repository ~]# rsync -avz --delete ftp.riken.jp::centos/7/os/x86_64/Packages/      /var/www/html/repos/centos/7/os/x86_64/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::centos/7/updates/x86_64/Packages/ /var/www/html/repos/centos/7/updates/x86_64/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::centos/7/extras/x86_64/Packages/  /var/www/html/repos/centos/7/extras/x86_64/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::fedora/epel/7/x86_64/Packages/    /var/www/html/repos/fedora/epel/7/x86_64/Packages/
[root@repository ~]# cd /var/www/html/repos/centos/7
[root@repository 7]# for i in "os/x86_64" "updates/x86_64" "extras/x86_64" ; do createrepo $i ; done
[root@repository 7]# createrepo /var/www/html/repos/fedora/epel/7/x86_64
 
(RHEL8系RockyLinux8)
[root@repository ~]# mkdir -p   /var/www/html/repos/rocky/8/{AppStream,BaseOS,Devel,extras,PowerTools}/x86_64/os /var/www/html/repos/fedora/epel/8/{Everything,Modular}/x86_64
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/8/AppStream/x86_64/os/Packages/   /var/www/html/repos/rocky/8/AppStream/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/8/BaseOS/x86_64/os/Packages/      /var/www/html/repos/rocky/8/BaseOS/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/8/Devel/x86_64/os/Packages/       /var/www/html/repos/rocky/8/Devel/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/8/extras/x86_64/os/Packages/      /var/www/html/repos/rocky/8/extras/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/8/PowerTools/x86_64/os/Packages/  /var/www/html/repos/rocky/8/PowerTools/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::fedora/epel/8/Everything/x86_64/Packages/ /var/www/html/repos/fedora/epel/8/Everything/x86_64/Packages
[root@repository ~]# rsync -avz --delete ftp.riken.jp::fedora/epel/8/Modular/x86_64/Packages/    /var/www/html/repos/fedora/epel/8/Modular/x86_64/Packages
[root@repository ~]# cd /var/www/html/repos/rocky/8
[root@repository 8]# for i in "AppStream/x86_64/os" "BaseOS/x86_64/os" "Devel/x86_64/os" "extras/x86_64/os" "PowerTools/x86_64/os" ; do createrepo $i ; done
[root@repository 8]# createrepo /var/www/html/repos/fedora/epel/8/Everything/x86_64
[root@repository 8]# createrepo /var/www/html/repos/fedora/epel/8/Modular/x86_64
 
(RHEL9系RockyLinux9)
[root@repository ~]# mkdir -p   /var/www/html/repos/rocky/9/{AppStream,BaseOS,CRB,devel,extras,plus}/x86_64/os /var/www/html/repos/fedora/epel/9/Everything/x86_64
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/AppStream/x86_64/os/Packages/   /var/www/html/repos/rocky/9/AppStream/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/BaseOS/x86_64/os/Packages/      /var/www/html/repos/rocky/9/BaseOS/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/CRB/x86_64/os/Packages/         /var/www/html/repos/rocky/9/CRB/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/devel/x86_64/os/Packages/       /var/www/html/repos/rocky/9/devel/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/extras/x86_64/os/Packages/      /var/www/html/repos/rocky/9/extras/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::rocky/9/plus/x86_64/os/Packages/        /var/www/html/repos/rocky/9/plus/x86_64/os/Packages/
[root@repository ~]# rsync -avz --delete ftp.riken.jp::fedora/epel/9/Everything/x86_64/Packages/ /var/www/html/repos/fedora/epel/9/Everything/x86_64/Packages/
[root@repository ~]# cd /var/www/html/repos/rocky/9
[root@repository 9]# for i in "AppStream/x86_64/os" "BaseOS/x86_64/os" "CRB/x86_64/os" "devel/x86_64/os" "extras/x86_64/os" "plus/x86_64/os" ; do createrepo $i ; done
[root@repository 9]# createrepo /var/www/html/repos/fedora/epel/9/Everything/x86_64

「reposync」コマンドでより簡単にできそうだけど、rsyncを使ってます

以上で準備は完了です. 次にこの作ったリポジトリを使ってみます. 「/etc/yum.repos.d/*.repo」のリポジトリ参照先を変更します
（RockyLinux9の場合）

rocky.repo

--- /etc/yum.repos.d/rocky.repo.orig    2023-04-27 14:35:55.000000000 +0900
+++ /etc/yum.repos.d/rocky.repo 2023-07-30 14:16:02.515834020 +0900
@@ -10,8 +10,7 @@
 
 [baseos]
 name=Rocky Linux $releasever - BaseOS
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/BaseOS/$basearch/os/
 gpgcheck=1
 enabled=1
 countme=1
@@ -38,8 +37,7 @@
 
 [appstream]
 name=Rocky Linux $releasever - AppStream
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/AppStream/$basearch/os/
 gpgcheck=1
 enabled=1
 countme=1
@@ -66,8 +64,7 @@
 
 [crb]
 name=Rocky Linux $releasever - CRB
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=CRB-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/CRB/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/CRB/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1

rocky-devel.repo

--- /etc/yum.repos.d/rocky-devel.repo.orig      2023-04-27 14:35:55.000000000 +0900
+++ /etc/yum.repos.d/rocky-devel.repo   2023-07-30 14:19:27.142867010 +0900
@@ -4,8 +4,7 @@
 
 [devel]
 name=Rocky Linux $releasever - Devel WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=devel-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/devel/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/devel/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1

rocky-extras.repo

--- /etc/yum.repos.d/rocky-extras.repo.orig     2023-04-27 14:35:55.000000000 +0900
+++ /etc/yum.repos.d/rocky-extras.repo  2023-07-30 14:18:01.814046124 +0900
@@ -10,8 +10,7 @@
 
 [extras]
 name=Rocky Linux $releasever - Extras
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/extras/$basearch/os/
 gpgcheck=1
 enabled=1
 countme=1
@@ -38,8 +37,7 @@
 
 [plus]
 name=Rocky Linux $releasever - Plus
-mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=plus-$releasever$rltype
-#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/$basearch/os/
+baseurl=http://repository.sybyl.local/repos/rocky/$releasever/plus/$basearch/os/
 gpgcheck=1
 enabled=0
 countme=1

epel.repo

--- /etc/yum.repos.d/epel.repo.orig     2023-04-15 06:22:03.000000000 +0900
+++ /etc/yum.repos.d/epel.repo  2023-07-30 14:31:16.907971561 +0900
@@ -2,8 +2,7 @@
 name=Extra Packages for Enterprise Linux $releasever - $basearch
 # It is much more secure to use the metalink, but if you wish to use a local mirror
 # place its address here.
-#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
-metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
+baseurl=http://repository.sybyl.local/repos/fedora/epel/$releasever/Everything/$basearch/
 enabled=1
 gpgcheck=1
 countme=1

これで「yum update/install」らはローカルリポジトリ「repository.sybyl.local」を参照するようになります.
repoファイルの変数ですが、「$contentdir」->「pub/rocky」、「$releasever」->「9」、「$basearch」->「x86_64」と対応するみたい

↑

ローカルに置いた場合†

ミラーをローカルに配置した場合、あるいはUSBにリポジトリのデータを入れて、それでアプリを入れたい場合

「/mnt/repo/rocky/9/」「/mnt/repo/fedora/epel/9/」にあるなら

[root@rockylinux9 ~]# cd /mnt/repo/rocky/9/
[root@rockylinux9 ~]# dnf localinstall /mnt/repo/rocky/9/AppStream/x86_64/os/Packages/c/createrepo_c-0.20.1-2.el9.x86_64.rpm \
                                       /mnt/repo/rocky/9/AppStream/x86_64/os/Packages/c/createrepo_c-libs-0.20.1-2.el9.x86_64.rpm
 
[root@rockylinux9 ~]# (cd /mnt/repo/rocky/9 ; for i in "AppStream/x86_64/os" "BaseOS/x86_64/os" "CRB/x86_64/os" "devel/x86_64/os" "extras/x86_64/os" "plus/x86_64/os" ; do createrepo $i ; done )
[root@rockylinux9 ~]# createrepo /mnt/repo/fedora/epel/9/Everything/x86_64

と準備しつつ、「/etc/yum.repos.d/*.repo」のすべてを別の場所に移して下記ファイルを作る

[root@rockylinux9 ~]# mkdir /etc/yum.repos.d.backup
[root@rockylinux9 ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d.backup/
[root@rockylinux9 ~]# vi /etc/yum.repos.d/local-rocky.repo
[local-baseos]
name=local - BaseOS
baseurl=file:///mnt/repo/rocky/9/BaseOS/x86_64/os
gpgcheck=0
enabled=1
 
[local-appstream]
name=local - AppStream
baseurl=file:///mnt/repo/rocky/9/AppStream/x86_64/os
gpgcheck=0
enabled=1
 
[local-crb]
name=local - CRB
baseurl=file:///mnt/repo/rocky/9/CRB/x86_64/os
gpgcheck=0
enabled=1
 
[root@rockylinux9 ~]# vi /etc/yum.repos.d/local-epel.repo
[local-epel]
name=local - epel
baseurl=file:///mnt/repo/fedora/epel/9/Everything/x86_64
enabled=1
gpgcheck=0
 
[root@rockylinux9 ~]#

っでキャッシュを作り直します

[root@rockylinux9 ~]# dnf clean all
[root@rockylinux9 ~]# dnf makecache
local - epel                                171 MB/s |  22 MB     00:00
local - BaseOS                               62 MB/s | 2.1 MB     00:00
local - AppStream                           128 MB/s | 7.6 MB     00:00
local - CRB                                  66 MB/s | 2.3 MB     00:00
Metadata cache created.
 
[root@rockylinux9 ~]#

これでローカルに置いたレポジトリを使えるようになります

↑

ubuntuのローカルリポジトリ†

使っているノードがubuntuなら「apt-mirror」が便利らしいが、ここではRHEL系の上で行いたい
「debmirror」が簡単に作れるそうな https://github.com/bviktor/debmirror-runner
っがRocky9向けには用意されていない様子..

yum install --enablerepo=epel debmirror

まずkeyが必要. 簡単にubuntu22.04の/usr/share/keyrings/ubuntu-archive-keyring.gpgを持ってくる. っで

mkdir /opt/UbuntuMirror/mirrorkeyring
gpg --no-default-keyring --keyring /opt/UbuntuMirror/mirrorkeyring/trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg

として「/opt/UbuntuMirror/mirrorkeyring/trustedkeys.gpg」を作る.
あとは/etc/debmirror.confのパラメータを弄る

--- /etc/debmirror.conf.orig    2022-10-03 20:46:52.000000000 +0900
+++ /etc/debmirror.conf 2023-07-30 20:12:26.499895169 +0900
@@ -12,7 +12,7 @@
 # files.
 
 # Location of the local mirror (use with care)
-# $mirrordir="/path/to/mirrordir"
+$mirrordir="/var/www/html/repos/ubuntu";
 
 # Output options
 $verbose=0;
@@ -20,14 +20,14 @@
 $debug=0;
 
 # Download options
-$host="ftp.debian.org";
+$host="ftp.riken.jp";
 $user="anonymous";
 $passwd="anonymous@";
-$remoteroot="debian";
-$download_method="ftp";
-@dists="sid";
-@sections="main,main/debian-installer,contrib,non-free,non-free-firmware";
-@arches="i386";
+$remoteroot="ubuntu";
+$download_method="rsync";
+@dists="jammy,jammy-security,jammy-updates";
+@sections="main,restricted,universe,multiverse";
+@arches="amd64";
 # @ignores="";
 # @excludes="";
 # @includes="";
@@ -36,9 +36,9 @@
 $omit_suite_symlinks=0;
 $skippackages=0;
 # @rsync_extra="doc,tools";
-$i18n=0;
+$i18n=1;
 $getcontents=0;
-$do_source=1;
+$do_source=0;
 $max_batch=0;
 
 # @di_dists="dists";

その後にミラーリポジトリを作らせる

export GNUPGHOME=/opt/UbuntuMirror/mirrorkeyring
debmirror

参照先 https://help.ubuntu.com/community/Debmirror
出来上がったリポジトリのサイズは「203GB」でした.

次に構築したubuntuリポジトリを参照させる.

root@ubuntu22:~# vi /etc/apt/sources.list
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy main restricted
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-updates main restricted
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy universe
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-updates universe
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy multiverse
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-updates multiverse
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-backports main restricted universe multiverse
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-security main restricted
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-security universe
deb [arch=amd64] http://repository.sybyl.local/repos/ubuntu/ jammy-security multiverse
 
root@ubuntu22:~# 
root@ubuntu22:~# apt update

リポジトリを更新したら「apt update」を実施します. これで作ったローカルリポジトリが参照され、閉鎖環境でアプリの更新が可能となる
クライアントの「/etc/hosts」には「repository.sybyl.local」のエントリーを載せる

御品書き
■samba スキーマ拡張
ユーザ登録(1,2)
NFS DFS VSS GPO SSO
win参加 RSAT lin参加
 透過的ファイル圧縮