Create a mirror of the RPM repository¶
This chapter illustrates how to set-up a RPM Repository Mirror for speeding up NetEye update and upgrade processes. The procedure requires a dedicated mirror machine where the Pulp3 repository will be installed and a NetEye installation capable of pulling updates from the mirror machine.
Prerequisites¶
The mirror machine must meet the following requirements:
Run a Rocky Linux 8.7 machine with at least 100GB of free space
Must be reachable, from the NetEye Master, during the update/upgrade
Port 22 must be available for the SSH connection during the setup procedure
Has to be capable of reaching Quay during update/upgrade procedure in order to pull Pulp3 container images
repo.wuerth-phoenix.com
repository andapi.neteye.cloud
API should be reachable
How to set-up the repository mirror¶
The steps for configuring the RPM mirror will follow:
Create the
/etc/neteye-rpm-mirror
config file in NetEyeSet its content to:
{ "rpm_mirror_host": "<hostname>", "development_releases": false, "mirror_last_n_stable_releases": 6, "mirror_last_n_sprint_releases": 0, "cron_scheduling": { "minute": "0~59", "hour": "0~2", "day": "*", "month": "*", "week_day": "*" } }
where:
rpm_mirror_host
is the RPM mirror machine hostnamedevelopment_releases
will enable/disable the repository mirroring also for all the NetEye versions not yet releasedmirror_last_n_stable_releases
is the number of stable releases to keep mirrored. The field is optional and the default value is 6.mirror_last_n_sprint_releases
is the number of sprint releases to keep mirrored. The field is optional and the default value is 0. Remember to change this value to a number higher than 0 if you want to enable the Sprint Releases feature. For more information, please consult the dedicated section.cron_scheduling
is a JSON object that specifies the scheduling of the mirror synchronization. For more information about the values each property can assume, you can consult this online guideminute
of the day on which the sync should take placehour
of the day on which the sync should take placeday
of the month on which the sync should take placemonth
on which the sync take placeweek_day
on which the sync should take place
On the NetEye machine run the following command:
neteye rpmmirror setup
Note
In case of NetEye cluster installation, the command will automatically sync the configuration file on all nodes.
During the rpm mirror setup the root password of the mirror machine will be requested to correctly proceed with the installation.
Note
During the repository sync process all the packages stored in the official repository will be downloaded on the mirror machine. For this reason the procedure will take a while. Internet connection bandwidth will influence the duration.
You can now configure the mirror list as described in Generate dnf mirror configuration
How to manually sync the repository mirror¶
In order to manually sync an existing RPM mirror, you can run the following command on the NetEye machine:
neteye rpmmirror setup
Data downloaded in already installed repositories are persistent, this command will trigger the download only of the newest packages and the clean up of the oldest ones. Further details about the command and the correct configuration can be found at previous section How to set-up the repository mirror.
Change NGINX Certificates¶
By default mirror’s NGINX, is configured with certificates generated at NetEye side using NetEye’s CA. These certificates are generated by neteye rpmmirror setup command, which will generate them directly inside mirror’s NGINX configuration folder.
To use custom certificates you must place your own files following locations on mirror machine:
Certificate: it is mandatory and located in
/neteye/local/nginx/conf/tls/certs/neteye_cert.crt
Key: it is mandatory and located in
/neteye/local/nginx/conf/tls/private/neteye.key
CA or CA bundle: it is mandatory and located in
/neteye/local/nginx/conf/tls/certs/neteye_ca_bundle.pem
Directories above are not present by default on mirror machine and must be create manually if you want to use custom certificates.
Once the CA is in place, please execute the following steps on the NetEye machine to trust it:
Copy the
neteye_ca_bundle.crt
in/etc/pki/ca-trust/source/anchors/
Run the command:
update-ca-trust
Generate dnf mirror configuration¶
For correctly configuring NetEye to reach the newly created mirror machine, the steps required are:
Create the mirror repository configuration file as
/neteye/local/os/conf/customer_rpmmirrors/<rpm-mirror-name>.json
The file content should be a valid JSON object that specifies for each repository ID its mirror URL, as described in the example below:
[ { "id" : "neteye", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0"] }, { "id" : "neteye-os", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-os"] }, { "id" : "neteye-perl", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-perl"] }, { "id" : "neteye-epel", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-epel"] }, { "id" : "neteye-elastic", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-elastic"] }, { "id" : "neteye-ntop", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-ntop"] }, { "id" : "neteye-clickhouse", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-clickhouse"] }, { "id" : "neteye-extras", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-extras"] }, { "id" : "neteye-contrib", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-contrib"] }, { "id" : "neteye-beta", "mirrors": ["https://<rpm-mirror-host>:8443/pulp/content/rhel8/neteye-$DNF0-beta"] } ]
Run the command
neteye rpmmirror apply
Note
In case of NetEye cluster installation, the command will automatically sync the configuration file on all nodes.