User Guide

Create a mirror of the RPM repository

This chapter illustrates how to set-up a RPM Repository Mirror for speeding up NetEye update and upgrade processes. The procedure requires a dedicated mirror machine where the Pulp3 repository will be installed and a NetEye installation capable of pulling updates from the mirror machine.

Prerequisites

The mirror machine must meet the following requirements:

  • Run a Rocky Linux 8.7 machine with at least 100GB of free space

  • Must be reachable, from the NetEye Master, during the update/upgrade

  • Port 22 must be available for the SSH connection during the setup procedure

  • Has to be capable of reaching Quay during update/upgrade procedure in order to pull Pulp3 container images

  • repo.wuerth-phoenix.com repository and api.neteye.cloud API should be reachable

How to set-up the repository mirror

The steps for configuring the RPM mirror will follow:

  • Create the /etc/neteye-rpm-mirror config file in NetEye

  • Set its content to:

    {
  "rpm_mirror_host": "<hostname>",
  "development_releases": false,
  "cron_scheduling": {
    "minute": "0~59",
    "hour": "0~2",
    "day": "*",
    "month": "*",
    "week_day": "*"
  }
}

    where:

    • rpm_mirror_host is the RPM mirror machine hostname

    • development_releases will enable/disable the repository mirroring also for all the NetEye versions not yet released

    • cron_scheduling is a JSON object that specifies the scheduling of the mirror synchronization. For more information about the values each property can assume, you can consult this online guide

      • minute of the day on which the sync should take place

      • hour of the day on which the sync should take place

      • day of the month on which the sync should take place

      • month on which the sync take place

      • week_day on which the sync should take place

  • On the NetEye machine run the following command:

    neteye rpmmirror setup

    Note

    In case of NetEye cluster installation, the command will automatically sync the configuration file on all nodes.

    During the rpm mirror setup the root password of the mirror machine will be requested to correctly proceed with the installation.

    Note

    During the repository sync process all the packages stored in the official repository will be downloaded on the mirror machine. For this reason the procedure will take a while. Internet connection bandwidth will influence the duration.

  • You can now configure the mirror list as described in Generate dnf mirror configuration

How to manually sync the repository mirror

In order to manually sync an existing RPM mirror, you can run the following command on the NetEye machine:

neteye rpmmirror setup

Data downloaded in already installed repositories are persistent, this command will trigger the download only of the newest packages and the clean up of the oldest ones. Further details about the command and the correct configuration can be found at previous section How to set-up the repository mirror.

Change NGINX Certificates

By default mirror’s NGINX, is configured with certificates generated at NetEye side using NetEye’s CA. These certificates are generated by neteye rpmmirror setup command, which will generate them directly inside mirror’s NGINX configuration folder.

To use custom certificates you must place your own files following locations on mirror machine:

  • Certificate: it is mandatory and located in /neteye/local/nginx/conf/tls/certs/neteye_cert.crt

  • Key: it is mandatory and located in /neteye/local/nginx/conf/tls/private/neteye.key

  • CA or CA bundle: it is mandatory and located in /neteye/local/nginx/conf/tls/certs/neteye_ca_bundle.crt

Directories above are not present by default on mirror machine and must be create manually if you want to use custom certificates.

Once the CA is in place, please execute the following steps on the NetEye machine to trust it:

  • Copy the neteye_ca_bundle.crt in /etc/pki/ca-trust/source/anchors/

  • Run the command:

    update-ca-trust

Generate dnf mirror configuration

For correctly configuring NetEye to reach the newly created mirror machine, the steps required are:

  • Create the mirror repository configuration file as /neteye/local/os/conf/customer_rpmmirrors/<rpm-mirror-name>.json

  • The file content should be a valid JSON object that specifies for each repository ID its mirror URL, as described in the example below:

    [
    {
      "id" : "neteye",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0"]
    },
    {
      "id" : "neteye-os",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-os"]
    },
    {
      "id" : "neteye-perl",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-perl"]
    },
    {
      "id" : "neteye-epel",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-epel"]
    },
    {
      "id" : "neteye-elastic",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-elastic"]
    },
    {
      "id" : "neteye-ntop",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-ntop"]
    },
    {
      "id" : "neteye-clickhouse",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-clickhouse"]
    },
    {
      "id" : "neteye-extras",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-extras"]
    },
    {
      "id" : "neteye-contrib",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-contrib"]
    },
    {
      "id" : "neteye-beta",
      "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-beta"]
    }
]

  • Run the command

    neteye rpmmirror apply

    Note

    In case of NetEye cluster installation, the command will automatically sync the configuration file on all nodes.