Setup a AlmaLinux 8 Repository Server

This Blog is about to setup a AlmaLinux 8 Repository Server including EPEL and RPMFusion.

Many people whould complain that it will be the same than RHEL 8, but is is not, there are some differencies between AlmaLinux, Rocky Linux, Oracle Linux and RHEL 8.

Base is a AlmaLinux 8.6 minimal installation.

[root@almalinux-8-repo ~]# cat /etc/os-release 
NAME="AlmaLinux"
VERSION="8.6 (Sky Tiger)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.6 (Sky Tiger)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.6"

[root@almalinux-8-repo ~]# 

The installation of EPEL is a bit different to RHEL 8.6, there is no need for crb, just enable powertools at first.

[root@almalinux-8-repo ~]# dnf config-manager --set-enabled powertools
[root@almalinux-8-repo ~]# dnf install epel-release

Adding RPMFusion is a one line command, we have enabled powertools and EPEL ist allso added before, both is mandatory for RPMFusion.

[root@almalinux-8-repo ~]# dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm

Next step will be the installation of the required RPMs, I’m also using nginx to reuse as much as possible from my RHEL 8 Repository Blog. The subscription-manager package we will to switch between diffrent AlmaLinux 8 Releases we want to have on our own repo server.

[root@almalinux-8-repo ~]# dnf install nginx yum-utils createrepo_c subscription-manager

Now it is time for scripting the reposync function to sync the required repositories. For that we need to know the repo ids for adapting the script originally written for RHEL 8.

[root@almalinux-8-repo reposync]# dnf repolist
repo id                                                                                                                        repo name
appstream                                                                                                                      AlmaLinux 8 - AppStream
baseos                                                                                                                         AlmaLinux 8 - BaseOS
epel                                                                                                                           Extra Packages for Enterprise Linux 8 - x86_64
epel-modular                                                                                                                   Extra Packages for Enterprise Linux Modular 8 - x86_64
extras                                                                                                                         AlmaLinux 8 - Extras
powertools                                                                                                                     AlmaLinux 8 - PowerTools
rpmfusion-free-updates                                                                                                         RPM Fusion for EL 8 - Free - Updates
rpmfusion-nonfree-updates                                                                                                      RPM Fusion for EL 8 - Nonfree - Updates
[root@almalinux-8-repo reposync]# 

Here the adapted script for AlmaLinux 8.

[root@almalinux-8-repo /]# cat /opt/reposync/reposync.sh 
# AlmaLinux $releasever - BaseOS


###############################################
# Synchronisation of AlmaLinux 8 Repositories #
# By Karsten Lenz dbi-services sa 2022.06.29  #
###############################################

#!/bin/bash

echo "Synchronisation of RHEL Repositores"
echo ""

# Help
function printHelp() {
  printf "Usage:\n"
  printf "${progName} [OPTION]\n\n"
  printf "Options:\n"
  printf "\t -v <RHEL Version>\t\tRHEL Release (required)\n"
  printf "\t -h <Help>\t\t\tprints this help\n"
}

# Select Options
while getopts v:h option 2>/dev/null
do
  case "${option}"
  in
  v) VERSION=${OPTARG};;
  h) printHelp; exit 2;;
  *) printf "Unsupported option or parameter value missing '$*'\n";
     printf "Run ${progName} -h to print help\n"; exit 1;;
  esac
done
# Extract Major Release
MAJOR=${VERSION:0:1}

# Set RHEL RELEASE to sync
printf "Set Release to sync"
subscription-manager release --set=$VERSION && rm -rf /var/cache/dnf

# SYNC BASE-OS, APPSTREAM, Codeready, EPEL and rpmfusion
if [ $MAJOR == '8' ]
then
    	printf "Sync Base OS "
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=baseos
        printf "Sync Appstream "
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=appstream
        printf "Sync Extras " 
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=extras
        printf "Sync Powertools " 
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=powertools
        printf "Sync EPEL 8"
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel
        printf "Sync EPEL 8 Modular "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel-modular
        printf "Sync rpmfusion-free "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-free-updates
        printf "Sync rpmfusion-nonfree "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-nonfree-updates
fi

With this script it is possible to store different AlmaLinux 8 releases on one own Repository server.

[root@almalinux-8-repo 8]# du -sh *
17G	8.4
17G	8.5
17G	8.6
13G	epel
1.1G	epel-modular
297M	rpmfusion-free-updates
1.1G	rpmfusion-nonfree-updates
[root@almalinux-8-repo 8]# 

Now it is time to configure nginx, the configuration is similar to that one used for the RHEL 8 Repository server.

[root@almalinux-8-repo /]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
	listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html/;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                allow all;
                sendfile on;
                sendfile_max_chunk 1m;
                autoindex on;
                autoindex_exact_size off;
                autoindex_format html;
                autoindex_localtime on;
        }
          error_page 404 /404.html;
            location = /40x.html {
        }

          error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }
#
# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

[root@almalinux-8-repo /]# 

If SE Linux is set to enforcing we need to do some adaptations.

[root@almalinux-8-repo /]# getenforce
Enforcing
[root@almalinux-8-repo /]# setfacl -R -m u:nginx:rwx /usr/share/nginx/html/8/
[root@almalinux-8-repo /]# chcon -Rt httpd_sys_content_t /usr/share/nginx/html/8/

The firewall need to be adapted for http and https if https is required, and restarting nginx.

[root@almalinux-8-repo /]# firewall-cmd --zone=public --permanent --add-service=http
success
[root@almalinux-8-repo /]# firewall-cmd --zone=public --permanent --add-service=https
success
[root@almalinux-8-repo /]# firewall-cmd --reload
success
[root@almalinux-8-repo /]# systemctl restart nginx

Now the repository server is up and running.