This Blog is about a setup of a Rocky Linux Repository server.
Many people whould complain that it will be the same than RHEL 8, but is is not, there are some differencies between AlmaLinux, Rocky Linux, Oracle Linux and RHEL 8.
Base is a Rocky Linux Linux 8.6 minimal installation.
[root@rockylinux-8-repo ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
[root@rockylinux-8-repo ~]#
The installation of EPEL is similar to AlmaLinux. in short words it is the same.
[root@rockylinux-8-repo ~]# dnf config-manager --set-enabled powertools
[root@rockylinux-8-repo ~]# dnf install epel-release
RPMFusion is exactly the same like on AlmaLinux.
[root@rockylinux-8-repo ~]# dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm
Next step will be the installation of the required RPMs, I’m also using nginx to reuse as much as possible from my RHEL 8 Repository Blog. The subscription-manager package we will need to switch between different Rocky Linux 8 Releases we want to have on our own repo server.
[root@rockylinux-8-repo ~]# dnf install nginx yum-utils createrepo_c subscription-manager
Interesting is checking the active repositories.
[root@rockylinux-8-repo ~]# dnf repolist
repo id repo name
appstream Rocky Linux 8 - AppStream
baseos Rocky Linux 8 - BaseOS
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
extras Rocky Linux 8 - Extras
powertools Rocky Linux 8 - PowerTools
rpmfusion-free-updates RPM Fusion for EL 8 - Free - Updates
rpmfusion-nonfree-updates RPM Fusion for EL 8 - Nonfree - Updates
[root@rockylinux-8-repo ~]#
It is one to one the same repo_id like on AlmaLinux, this make it easy, the script für synchronizing repositories will be identical.
[root@rockylinux-8-repo /]# cat /opt/reposync/reposync.sh
# Rocky Linux $releasever - BaseOS
################################################
# Synchronisation of RockyLinux 8 Repositories #
# By Karsten Lenz dbi-services sa 2022.06.29 #
################################################
#!/bin/bash
echo "Synchronisation of RHEL Repositores"
echo ""
# Help
function printHelp() {
printf "Usage:\n"
printf "${progName} [OPTION]\n\n"
printf "Options:\n"
printf "\t -v <RHEL Version>\t\tRHEL Release (required)\n"
printf "\t -h <Help>\t\t\tprints this help\n"
}
# Select Options
while getopts v:h option 2>/dev/null
do
case "${option}"
in
v) VERSION=${OPTARG};;
h) printHelp; exit 2;;
*) printf "Unsupported option or parameter value missing '$*'\n";
printf "Run ${progName} -h to print help\n"; exit 1;;
esac
done
# Extract Major Release
MAJOR=${VERSION:0:1}
# Set RHEL RELEASE to sync
printf "Set Release to sync"
subscription-manager release --set=$VERSION && rm -rf /var/cache/dnf
# SYNC BASE-OS, APPSTREAM, Codeready, EPEL and rpmfusion
if [ $MAJOR == '8' ]
then
printf "Sync Base OS "
reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=baseos
printf "Sync Appstream "
reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=appstream
printf "Sync Extras "
reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=extras
printf "Sync Powertools "
reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=powertools
printf "Sync EPEL 8"
reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel
printf "Sync EPEL 8 Modular "
reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel-modular
printf "Sync rpmfusion-free "
reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-free-updates
printf "Sync rpmfusion-nonfree "
reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-nonfree-updates
fi
[root@rockylinux-8-repo /]#
With this script it is possible to store different Rocky Linux 8 releases on one own Repository server with sh reposync -v 8.6 for release 8.6.
[root@rockylinux-8-repo 8]# du -sh *
15G 8.4
15G 8.5
15G 8.6
13G epel
1.1G epel-modular
297M rpmfusion-free-updates
1.1G rpmfusion-nonfree-updates
[root@rockylinux-8-repo 8]#
Now it is time to configure nginx, the configuration is similar to that one used for the RHEL 8 and AlmaLinux 8 Repository servers.
[root@rockylinux-8-repo /]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html/;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
allow all;
sendfile on;
sendfile_max_chunk 1m;
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
#
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
If SE Linux is set to enforcing we need to do some adaptations.
[root@rockylinux-8-repo /]# getenforce
Enforcing
[root@rockylinux-8-repo /]# setfacl -R -m u:nginx:rwx /usr/share/nginx/html/8/
[root@rockylinux-8-repo /]# chcon -Rt httpd_sys_content_t /usr/share/nginx/html/8/
The firewall need to be adapted for http and https if https is required, and restarting nginx.
[root@rockylinux-8-repo /]# firewall-cmd --zone=public --permanent --add-service=http
success
[root@rockylinux-8-repo /]# firewall-cmd --zone=public --permanent --add-service=https
success
[root@rockylinux-8-repo /]# firewall-cmd --reload
success
[root@rockylinux-8-repo /]# systemctl restart nginx


The repository server is up and working.