This Blog is about a setup of a Rocky Linux Repository server.

Many people whould complain that it will be the same than RHEL 8, but is is not, there are some differencies between AlmaLinux, Rocky Linux, Oracle Linux and RHEL 8.

Base is a Rocky Linux Linux 8.6 minimal installation.

[[email protected] ~]# cat /etc/os-release 
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
[[email protected] ~]# 

The installation of EPEL is similar to AlmaLinux. in short words it is the same.

[[email protected] ~]# dnf config-manager --set-enabled powertools
[[email protected] ~]# dnf install epel-release

RPMFusion is exactly the same like on AlmaLinux.

[[email protected] ~]# dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm

Next step will be the installation of the required RPMs, I’m also using nginx to reuse as much as possible from my RHEL 8 Repository Blog. The subscription-manager package we will need to switch between different Rocky Linux 8 Releases we want to have on our own repo server.

[[email protected] ~]# dnf install nginx yum-utils createrepo_c subscription-manager

Interesting is checking the active repositories.

[[email protected] ~]# dnf repolist
repo id                                                                                                                        repo name
appstream                                                                                                                      Rocky Linux 8 - AppStream
baseos                                                                                                                         Rocky Linux 8 - BaseOS
epel                                                                                                                           Extra Packages for Enterprise Linux 8 - x86_64
epel-modular                                                                                                                   Extra Packages for Enterprise Linux Modular 8 - x86_64
extras                                                                                                                         Rocky Linux 8 - Extras
powertools                                                                                                                     Rocky Linux 8 - PowerTools
rpmfusion-free-updates                                                                                                         RPM Fusion for EL 8 - Free - Updates
rpmfusion-nonfree-updates                                                                                                      RPM Fusion for EL 8 - Nonfree - Updates
[[email protected] ~]# 

It is one to one the same repo_id like on AlmaLinux, this make it easy, the script für synchronizing repositories will be identical.

[[email protected] /]# cat /opt/reposync/reposync.sh 
# Rocky Linux $releasever - BaseOS


################################################
# Synchronisation of RockyLinux 8 Repositories #
# By Karsten Lenz dbi-services sa 2022.06.29   #
################################################

#!/bin/bash

echo "Synchronisation of RHEL Repositores"
echo ""

# Help
function printHelp() {
  printf "Usage:\n"
  printf "${progName} [OPTION]\n\n"
  printf "Options:\n"
  printf "\t -v <RHEL Version>\t\tRHEL Release (required)\n"
  printf "\t -h <Help>\t\t\tprints this help\n"
}

# Select Options
while getopts v:h option 2>/dev/null
do
  case "${option}"
  in
  v) VERSION=${OPTARG};;
  h) printHelp; exit 2;;
  *) printf "Unsupported option or parameter value missing '$*'\n";
     printf "Run ${progName} -h to print help\n"; exit 1;;
  esac
done
# Extract Major Release
MAJOR=${VERSION:0:1}

# Set RHEL RELEASE to sync
printf "Set Release to sync"
subscription-manager release --set=$VERSION && rm -rf /var/cache/dnf

# SYNC BASE-OS, APPSTREAM, Codeready, EPEL and rpmfusion
if [ $MAJOR == '8' ]
then
    	printf "Sync Base OS "
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=baseos
        printf "Sync Appstream "
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=appstream
        printf "Sync Extras " 
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=extras
        printf "Sync Powertools " 
        reposync -p /usr/share/nginx/html/$MAJOR/$VERSION --download-metadata --newest-only --delete --repoid=powertools
        printf "Sync EPEL 8"
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel
        printf "Sync EPEL 8 Modular "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=epel-modular
        printf "Sync rpmfusion-free "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-free-updates
        printf "Sync rpmfusion-nonfree "
        reposync -p /usr/share/nginx/html/$MAJOR --download-metadata --newest-only --delete --repoid=rpmfusion-nonfree-updates
fi

[[email protected] /]# 

With this script it is possible to store different Rocky Linux 8 releases on one own Repository server with sh reposync -v 8.6 for release 8.6.

[[email protected] 8]# du -sh *
15G	8.4
15G	8.5
15G	8.6
13G	epel
1.1G	epel-modular
297M	rpmfusion-free-updates
1.1G	rpmfusion-nonfree-updates
[[email protected] 8]# 

Now it is time to configure nginx, the configuration is similar to that one used for the RHEL 8 and AlmaLinux 8 Repository servers.

[[email protected] /]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
	listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html/;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                allow all;
                sendfile on;
                sendfile_max_chunk 1m;
                autoindex on;
                autoindex_exact_size off;
                autoindex_format html;
                autoindex_localtime on;
        }
          error_page 404 /404.html;
            location = /40x.html {
        }

          error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }
#
# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

If SE Linux is set to enforcing we need to do some adaptations.

[[email protected] /]# getenforce
Enforcing
[[email protected] /]# setfacl -R -m u:nginx:rwx /usr/share/nginx/html/8/
[[email protected] /]# chcon -Rt httpd_sys_content_t /usr/share/nginx/html/8/

The firewall need to be adapted for http and https if https is required, and restarting nginx.

[[email protected] /]# firewall-cmd --zone=public --permanent --add-service=http
success
[[email protected] /]# firewall-cmd --zone=public --permanent --add-service=https
success
[[email protected] /]# firewall-cmd --reload
success
[[email protected] /]# systemctl restart nginx

The repository server is up and working.


Thumbnail [60x60]
by
Karsten Lenz