{"id":14353,"date":"2020-06-25T11:02:46","date_gmt":"2020-06-25T09:02:46","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/"},"modified":"2020-06-25T11:02:46","modified_gmt":"2020-06-25T09:02:46","slug":"attaching-your-own-centos-7-yum-repository-to-aws-ssm","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/","title":{"rendered":"Attaching your own CentOS 7 yum repository to AWS SSM"},"content":{"rendered":"<p>From some blogs I&#8217;ve written in the past you might already know that we are using <a href=\"https:\/\/aws.amazon.com\/systems-manager\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS SSM<\/a> to patch and maintain the complete EC2 and onprem instances at one of our customers. The previous posts about that topic are here:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.dbi-services.com\/blog\/avoiding-patching-madness-by-using-aws-ssm\/\" target=\"_blank\" rel=\"noopener noreferrer\">Avoiding patching madness by using AWS SSM<\/a><\/li>\n<li><a href=\"https:\/\/www.dbi-services.com\/blog\/publishing-a-powershell-script-to-aws-lambda\/\" target=\"_blank\" rel=\"noopener noreferrer\">Avoiding patching madness by using AWS SSM<\/a><\/li>\n<li><a href=\"https:\/\/www.dbi-services.com\/blog\/a-simple-terraform-script-to-create-an-aws-ec2-playground\/\" target=\"_blank\" rel=\"noopener noreferrer\">A simple Terraform script to create an AWS EC2 playground<\/a><\/li>\n<li><a href=\"https:\/\/www.dbi-services.com\/blog\/schedule-reboots-of-your-aws-instances-and-how-that-can-result-in-a-hard-reboot-and-corruption\/\" target=\"_blank\" rel=\"noopener noreferrer\">Schedule reboots of your AWS instances and how that can result in a hard reboot and corruption<\/a><\/li>\n<\/ul>\n<p>While that in general is working fine and fully automated we ran into an issue lately which forced us to create our own CentOS 7 repositories and use them with SSM to apply the patches to the CentOS machines.<\/p>\n<p><!--more--><\/p>\n<p>To describe the issue: We have two patch baselines per operating system. One for all development and test systems that applies all patches that are released up until the date the patch baseline is running. Then we have second one for the production systems with an approval delay of 14 days. As we run production patching 2 weeks after we patched the development and test systems that should guarantee that we get the same patches applied to production. And exactly here is the issue: <a href=\"https:\/\/docs.aws.amazon.com\/systems-manager\/latest\/userguide\/sysman-patch-baselines.html#patch-manager-baselines-custom\" target=\"_blank\" rel=\"noopener noreferrer\">&#8220;if a Linux repository doesn\u2019t provide release date information for packages, Systems Manager uses the build time of the package as the auto-approval delay for Amazon Linux, Amazon Linux 2, RHEL, and CentOS. If the system isn&#8217;t able to find the build time of the package, Systems Manager treats the auto-approval delay as having a value of zero.&#8221;<\/a>. That basically means: As you never know when CentOS will release their patches, which are based on the RedHat sources, you can never be sure that you get the same patches applied to production as they were applied 14 days before to development and test. Lets do an example: Our patching for development and test happened the 10th of April. The kernel package v3.10.0-1127 was released for CentOS on April 27th and was therefore not applied to the development and test systems. When production patching happened two weeks later that kernel package was available but also satisfied our auto approval rule of 14 days. So we basically had a patch installed on the production which never made it to the development and test systems. This is why we decided to go for our own repositories so we can decide when the repositories are synced.<\/p>\n<p>Setting up a local yum repository is quite easy and you can find plenty of howtos in the internet, so here is just a summary without much explanation. We deployed a new CentOS 7 EC2 instance, then installed a webserver and the epel repository:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo yum install epel-release nginx -y\n[centos@ip-10-47-99-158 ~]$ sudo systemctl start nginx\n[centos@ip-10-47-99-158 ~]$ sudo systemctl enable nginx\n[centos@ip-10-47-99-158 ~]$ sudo systemctl status nginx\n<\/pre>\n<p>As yum gets the packages over http or https adjust the firewall rules:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo systemctl start firewalld\n[centos@ip-10-47-99-158 ~]$ sudo systemctl enable firewalld\n[centos@ip-10-47-99-158 ~]$ sudo firewall-cmd --zone=public --permanent --add-service=http\n[centos@ip-10-47-99-158 ~]$ sudo firewall-cmd --zone=public --permanent --add-service=https\n[centos@ip-10-47-99-158 ~]$ sudo firewall-cmd --reload\n<\/pre>\n<p>Update the complete system and install the <a href=\"https:\/\/linux.die.net\/man\/1\/yum-utils\" target=\"_blank\" rel=\"noopener noreferrer\">yum utilities<\/a> and the <a href=\"https:\/\/linux.die.net\/man\/8\/createrepo\" target=\"_blank\" rel=\"noopener noreferrer\">createrepo<\/a> packages:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo yum update -y\n[centos@ip-10-47-99-158 ~]$ sudo yum install createrepo  yum-utils -y\n<\/pre>\n<p>Prepare the directory structure and synchronize the repositories:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo mkdir -p \/var\/www\/html\/repos\n[centos@ip-10-47-99-158 ~]$ sudo chmod -R 755 \/var\/www\/html\/repos\n[centos@ip-10-47-99-158 ~]$ sudo reposync -g -l -d -m --repoid=base --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n[centos@ip-10-47-99-158 ~]$ sudo reposync -l -d -m --repoid=extras --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n[centos@ip-10-47-99-158 ~]$ sudo reposync -l -d -m --repoid=updates --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n[centos@ip-10-47-99-158 ~]$ sudo reposync -l -d -m --repoid=epel --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n<\/pre>\n<p>Create the repositories from what was synced above:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo createrepo \/var\/www\/html\/repos\/centos-7\/7\/base\n[centos@ip-10-47-99-158 ~]$ sudo createrepo \/var\/www\/html\/repos\/centos-7\/7\/extras\n[centos@ip-10-47-99-158 ~]$ sudo createrepo \/var\/www\/html\/repos\/centos-7\/7\/updates\n[centos@ip-10-47-99-158 ~]$ sudo createrepo \/var\/www\/html\/repos\/centos-7\/7\/epel\n<\/pre>\n<p>&#8230; and set the selinux context:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/html\/repos(\/.*)?\"\n[centos@ip-10-47-99-158 ~]$ sudo restorecon -Rv \/var\/www\/html\/repos\n<\/pre>\n<p>Configure <a href=\"https:\/\/nginx.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">nginx<\/a> to point to the repositories:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo vi \/etc\/nginx\/conf.d\/repos.conf \n## add the folling section\nserver {\n        listen   80;\n        server_name  10.47.99.158;\t\n        root   \/var\/www\/html\/repos\/;\n        location \/ {\n                index  index.php index.html index.htm;\n                autoindex on;\t#enable listing of directory index\n        }\n}\n<\/pre>\n<p>&#8230; and restart the webserver:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n[centos@ip-10-47-99-158 ~]$ sudo systemctl restart nginx\n<\/pre>\n<p>From now on you should see the directory structure when you point your browser to the IP of the EC2 instance:<br \/>\n<a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png\" alt=\"\" width=\"528\" height=\"152\" class=\"aligncenter size-full wp-image-41215\" \/><\/a><\/p>\n<p>To regularly synchronize the repositories depending on your requirements create a small script that does the job and schedule that with cron, e.g.:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n#!\/bin\/bash\nLOCAL_REPOS=\"base extras updates epel\"\n##a loop to update repos one at a time\nfor REPO in ${LOCAL_REPOS}; do\n    if [ \"$REPO\" = \"base\" ]; then\n        reposync -g -l -d -m --repoid=$REPO --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n    else\n        reposync -l -d -m --repoid=extras --newest-only --download-metadata --download_path=\/var\/www\/html\/repos\/centos-7\/7\/\n    fi\n    createrepo \/var\/www\/html\/repos\/centos-7\/7\/$REPO\n    semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/html\/repos(\/.*)?\"\n    restorecon -Rv \/var\/www\/html\/repos\ndone\n<\/pre>\n<p>Test the repository from another CentOS 7 instance:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\nUsing username \"centos\".\nAuthenticating with public key \"imported-openssh-key\"\n[centos@ip-10-47-98-80 ~]$ sudo bash\n[root@ip-10-47-98-80 centos]$ cd \/etc\/yum.repos.d\/\n[root@ip-10-47-98-80 yum.repos.d]$ ls\nCentOS-Base.repo  CentOS-CR.repo  CentOS-Debuginfo.repo  CentOS-fasttrack.repo  CentOS-Media.repo  CentOS-Sources.repo  CentOS-Vault.repo\n[root@ip-10-47-98-80 yum.repos.d]$ rm -f *\n[root@ip-10-47-98-80 yum.repos.d]$ ls -la\ntotal 12\ndrwxr-xr-x.  2 root root    6 Jun 25 06:39 .\ndrwxr-xr-x. 77 root root 8192 Jun 25 06:36 ..\n\n\n[root@ip-10-47-98-80 yum.repos.d]$ cat local-centos.repo\n[local]\nname=CentOS Base\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/base\/\ngpgcheck=0\nenabled=1\n\n[extras]\nname=CentOS Extras\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/extras\/\ngpgcheck=0\nenabled=1\n\n[updates]\nname=CentOS Updates\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/updates\/\ngpgcheck=0\n\n[epel]\nname=CentOS Updates\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/epel\/\ngpgcheck=0\n[root@ip-10-47-98-80 yum.repos.d]#\n\n\n[root@ip-10-47-98-80 yum.repos.d]$ yum search wget\nLoaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n======================================================================= Name Exactly Matched: wget =======================================================================\nwget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols\n\n  Name and summary matches only, use \"search all\" for everything.\n[root@ip-10-47-98-80 yum.repos.d]#\n<\/pre>\n<p>&#8230; and you&#8217;re done from a repository perspective.<\/p>\n<p>Now it is time to tell SSM to use the local repositories with your patch baseline. If you don&#8217;t know how SSM works or how you can apply patches using SSM check the <a href=\"https:\/\/www.dbi-services.com\/blog\/avoiding-patching-madness-by-using-aws-ssm\/\" target=\"_blank\" rel=\"noopener noreferrer\">previous post<\/a>.<\/p>\n<p>All you need to do is to adjust the patch baseline to include your repositories as &#8220;Patch sources&#8221;:<br \/>\n<a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_011-3.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_011-3.jpg\" alt=\"\" width=\"1117\" height=\"504\" class=\"aligncenter size-full wp-image-41220\" \/><\/a><\/p>\n<p>Schedule your patching and then check the logs. You should see that SSM is now using the local repositories:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">\n...\nu'sources': [{u'configuration': u'[local]\\nname=CentOS Base\\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/base\/\\ngpgcheck=0\\nenabled=1', u'products': [u'*'], u'name': u'base'}, {u'configuration': u'[extras]\\nname=CentOS Extras\\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/extras\/\\ngpgcheck=0\\nenabled=1', u'products': [u'*'], u'name': u'extras'}, {u'configuration': u'[updates]\\nname=CentOS Updates\\nbaseurl=http:\/\/10.47.99.158\/centos-7\/7\/updates\/\\ngpgcheck=0', u'products': [u'*'], u'name': u'updates'}\n...\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-Base.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-CR.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-Debuginfo.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-Media.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-Sources.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-Vault.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-fasttrack.repo\n06\/25\/2020 10:00:28 root [INFO]: Moving file: CentOS-x86_64-kernel.repo\n06\/25\/2020 10:00:28 root [INFO]: Executing lambda _create_custom_repos\n06\/25\/2020 10:00:28 root [INFO]: Creating custom repo base\n06\/25\/2020 10:00:28 root [INFO]: Creating custom repo extras\n06\/25\/2020 10:00:28 root [INFO]: Creating custom repo updates\n06\/25\/2020 10:00:28 root [INFO]: Creating custom repo epel\nLoaded plugins: fastestmirror\n<\/pre>\n<p>That&#8217;s it. Doing it this way you have full control about which packages will be installed. The downside, of course, is, that you need to maintain your own copy of the repositories.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From some blogs I&#8217;ve written in the past you might already know that we are using AWS SSM to patch and maintain the complete EC2 and onprem instances at one of our customers. The previous posts about that topic are here: Avoiding patching madness by using AWS SSM Avoiding patching madness by using AWS SSM [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":14354,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1865,229],"tags":[133,72,1729,1730,158],"type_dbi":[],"class_list":["post-14353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","category-database-administration-monitoring","tag-aws","tag-centos","tag-patch-manager","tag-ssm","tag-yum"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Attaching your own CentOS 7 yum repository to AWS SSM - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attaching your own CentOS 7 yum repository to AWS SSM\" \/>\n<meta property=\"og:description\" content=\"From some blogs I&#8217;ve written in the past you might already know that we are using AWS SSM to patch and maintain the complete EC2 and onprem instances at one of our customers. The previous posts about that topic are here: Avoiding patching madness by using AWS SSM Avoiding patching madness by using AWS SSM [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-25T09:02:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"528\" \/>\n\t<meta property=\"og:image:height\" content=\"152\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"Attaching your own CentOS 7 yum repository to AWS SSM\",\"datePublished\":\"2020-06-25T09:02:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/\"},\"wordCount\":681,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/Selection_012-2-1.png\",\"keywords\":[\"AWS\",\"CentOS\",\"Patch Manager\",\"SSM\",\"yum\"],\"articleSection\":[\"AWS\",\"Database Administration &amp; Monitoring\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/\",\"name\":\"Attaching your own CentOS 7 yum repository to AWS SSM - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/Selection_012-2-1.png\",\"datePublished\":\"2020-06-25T09:02:46+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/Selection_012-2-1.png\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/Selection_012-2-1.png\",\"width\":528,\"height\":152},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attaching your own CentOS 7 yum repository to AWS SSM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\\\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/westermanndanie\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/daniel-westermann\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Attaching your own CentOS 7 yum repository to AWS SSM - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/","og_locale":"en_US","og_type":"article","og_title":"Attaching your own CentOS 7 yum repository to AWS SSM","og_description":"From some blogs I&#8217;ve written in the past you might already know that we are using AWS SSM to patch and maintain the complete EC2 and onprem instances at one of our customers. The previous posts about that topic are here: Avoiding patching madness by using AWS SSM Avoiding patching madness by using AWS SSM [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/","og_site_name":"dbi Blog","article_published_time":"2020-06-25T09:02:46+00:00","og_image":[{"width":528,"height":152,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png","type":"image\/png"}],"author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"Attaching your own CentOS 7 yum repository to AWS SSM","datePublished":"2020-06-25T09:02:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/"},"wordCount":681,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png","keywords":["AWS","CentOS","Patch Manager","SSM","yum"],"articleSection":["AWS","Database Administration &amp; Monitoring"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/","url":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/","name":"Attaching your own CentOS 7 yum repository to AWS SSM - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png","datePublished":"2020-06-25T09:02:46+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/Selection_012-2-1.png","width":528,"height":152},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/attaching-your-own-centos-7-yum-repository-to-aws-ssm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Attaching your own CentOS 7 yum repository to AWS SSM"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/14353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=14353"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/14353\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/14354"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=14353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=14353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=14353"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=14353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}