EPAS Using RPMs on Disconnected Networks

EDB Team

If you are installing EDB on RHEL/CentOS machines, RPMs are the way to go.  
There are many, many reasons for this, a few of which are:
  • It's the standard way to install on RHEL derivatives
  • It uses consistent installation paths
  • It's easily integrated into Puppet, Chef, and other provisioning tools
  • Updating is as simple as "yum update" rather than finding and downloading individual installers
  • Some products (like BART and EFM) are only available via RPMs
  • RPMs leverage OS dependencies for things like OpenSSL meaning that you don't have to wait for EDB to patch Postgres in order to get an OpenSSL patch - if you install with RPMs.  If you install with the one-click installer, we bundle OpenSSL and you'll need to get those patches from us which is not the most efficient way.
  • And many other reasons...
But, many of our customers (government, financial, and others) run their databases on machines that can not reach out to the internet, so they can't get patches from http://yum.enterprisedb.com.  So, what are they to do?  
Well, it turns out that there is an easy and elegant way to address this, and it involves these steps:
  1. Clone the EDB YUM repositories (the example below will do this with reposync)
  2. Copy that clone to your disconnected machines (via one-way transfer, sneaker net, whatever options you have)
  3. Setup a local EDB YUM repository on that disconnected network one of two ways (both of which will be demonstrated below)
    • File based local repository (good for small number of machines)
    • HTTP based local repository (good for larger number of machines)
Let's get started!


Steps (run as root):


# These first set of steps that clone the EDB YUM repository have to be done on 
# a machine that is connected to the internet.  Can be some desktop you have
# or could be spinning up an AWS VM for a few minutes to clone the EDB YUM
# repository into a zip file that you will transfer to your disconnected network.

# Setup YUM repository for EDB 
rpm -Uvh http://yum.enterprisedb.com/edbrepos/edb-repo-9.6-4.noarch.rpm

# Set YUM username/password in edb.repo
export YUM_USER=<yum user>
export YUM_PASSWORD=<yum password>
sed -i "s/<username>:<password>/$YUM_USER:$YUM_PASSWORD/g" /etc/yum.repos.d/edb.repo

# Since we will be pulling RHEL 6 and RHEL 7 RPMs to this machine,
# we need to overide the yum directories so that they don't get
# confused. While we are at it, we'll just list the EDB YUM repositories
# in the main yum.conf file so that we don't have to deal with all the
# other YUM repos in /etc/yum.repos.d
echo "[main]" > ~/yum.conf
echo "cachedir=/tmp/yum_cache" >> ~/yum.conf
echo "persistdir=/tmp/yum_persist" >> ~/yum.conf
echo "reposdir=/dev/null" >> ~/yum.conf
echo " " >> ~/yum.conf
cat /etc/yum.repos.d/edb.repo >> ~/yum.conf

# Make sure that the YUM cache directories are empty (in case
# you run this over and over like I do). If these directories are
# not cleaned out, YUM will try to keep track of what it already
# synched. Normally that is good, but in this case, I always
# want YUM to go back and refresh from the actual repos.
rm -rf ~/edb_repos /tmp/yum_cache /tmp/yum_persist

# First, we reposync the EDB repo repository which is OS version agnostic because
# it just contains a single RPMs with the edb.repo file and the GPG key.
reposync -c ~/yum.conf --norepopath -r edb-repos -p ~/edb_repos/edbrepos

# Next, let's enable all the EDB repos and hard code the version of RPMs
# we want to be the RHEL 6 x86_64 RPMs.
sed -i "s/enabled=0/enabled=1/g" ~/yum.conf
sed -i "s/\$releasever-\$basearch/6-x86_64/g" ~/yum.conf

# Now, make sure that the YUM caches are empty, and sync
# each of the repos to the folder that matches what the edb.repo
# defines as the baseurl for each repo.
rm -rf /tmp/yum_cache /tmp/yum_persist
reposync -c ~/yum.conf --norepopath -r ppas95 -p ~/edb_repos/9.5/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r ppas94 -p ~/edb_repos/9.4/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r ppas93 -p ~/edb_repos/9.3/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r ppas92 -p ~/edb_repos/9.2/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r ppas91 -p ~/edb_repos/9.1/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-tools -p ~/edb_repos/tools/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-tools-testing -p ~/edb_repos/tools-testing/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-dependencies -p ~/edb_repos/dependencies/redhat/rhel-6-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-xdb60 -p ~/edb_repos/xdb60/redhat/rhel-6-x86_64

# Now we are going to synch the RHEL 7 repos which are not aviailable
# for EPAS 9.1-9.3, so disable those three repos and change the release
# version in the baseurls to 7.
sed -i "\/ppas93/,/gpgcheck/ s/enabled=1/enabled=0/" ~/yum.conf
sed -i "\/ppas92/,/gpgcheck/ s/enabled=1/enabled=0/" ~/yum.conf
sed -i "\/ppas91/,/gpgcheck/ s/enabled=1/enabled=0/" ~/yum.conf
sed -i "s/6-x86_64/7-x86_64/g" ~/yum.conf

# Clean the YUM cache and synch the RHEL 7 repos to the directories
# that match the baseurls in the edb.repo
rm -rf /tmp/yum_cache /tmp/yum_persist
reposync -c ~/yum.conf --norepopath -r ppas95 -p ~/edb_repos/9.5/redhat/rhel-7-x86_64
reposync -c ~/yum.conf --norepopath -r ppas94 -p ~/edb_repos/9.4/redhat/rhel-7-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-tools -p ~/edb_repos/tools/redhat/rhel-7-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-tools-testing -p ~/edb_repos/tools-testing/redhat/rhel-7-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-dependencies -p ~/edb_repos/dependencies/redhat/rhel-7-x86_64
reposync -c ~/yum.conf --norepopath -r enterprisedb-xdb60 -p ~/edb_repos/xdb60/redhat/rhel-7-x86_64

# Install createrepo and run it against all the EDB repository directories
# that we just synched. This will create the "repodata" directory that makes
# these folders YUM repositories as opposed to just folders with RPMs.
yum install -y createrepo
for i in `ls -d ~/edb_repos/edbrepos ~/edb_repos/*/redhat/*`;
  createrepo $i

# Now zip up all the EDB repositories
tar -czvf edb_repos.tar.gz edb_repos

# Here is where you would copy that zip of repositories to
# whatever disconnected system you want to have these repositories available
# on. You can burn it to disk or transfer it however you like. For simplicity
# of this quickstart, I'm going to keep going forward on this same VM, but in
# reality, the rest of these steps are done on the disconnected machine that you
# transferred this zip file to. To simulate that I'm on a "different" VM, I'm going
# to erase the edb-repo that we installed above.
yum erase -y edb-repo

# Now, we can unzip these repositories anywhere we like. I'm going to put them
# in an Apache folder because I'm going to show you how to access them via file
# as well as via http if desired and I don't want them in two different locations.
mkdir -p /var/www/html
tar -C /var/www/html -xvf ~/edb_repos.tar.gz

# Let's first say we just want to access these repositories via the local filesystem
# without any HTTP interface. No problem, install the EDB repo, edit the edb.repo
# to point at the local filesystem path, set the release version to 6 or 7 depending
# on your OS, enable the EPAS 9.5 and Tools repositories, and show that the EDB
# packages are available. Now you can install with YUM just like normal, and as
# long as you update the repositories in /var/www/html/edb_repos when
# patches are available, it will be as if you were connected to yum.enterprisedb.com.
yum install -y /var/www/html/edb_repos/edbrepos/edb-repo-9.6-4.noarch.rpm
sed -i "s,baseurl=http://<username>:<password>@yum.enterprisedb.com,baseurl=file:///var/www/html/edb_repos,g" /etc/yum.repos.d/edb.repo
sed -i "s/\$releasever/7/g" /etc/yum.repos.d/edb.repo
#sed -i "s/\$releasever/6/g" /etc/yum.repos.d/edb.repo
sed -i "\/ppas95/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-tools/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
yum list ppas95-server
yum list edb-bart

# Now if you have several machines on the disconnected network and don't want to
# copy these repositories to each machine, you can very easily setup an HTTP server
# to host these repositories to other machines. We will do that now by installing httpd,
# starting Apache, removing the EDB repo we installed earlier, installing the new EDB
# repo from the HTTP interface, and updating the baseurls in edb.repo to point to
# our new web enabled EDB YUM repositories. Then, show again that you have access
# to the EPAS 9.5 and BART via these new web enabled repositories.
yum install -y httpd
chkconfig httpd on
service httpd start
chcon -R -t httpd_sys_content_t /var/www/html
yum erase -y edb-repo
rpm -Uvh http://localhost/edb_repos/edbrepos/edb-repo-9.6-4.noarch.rpm
sed -i "s,baseurl=http://<username>:<password>@yum.enterprisedb.com,baseurl=http://localhost/edb_repos,g" /etc/yum.repos.d/edb.repo
sed -i "s/\$releasever/7/g" /etc/yum.repos.d/edb.repo
#sed -i "s/\$releasever/6/g" /etc/yum.repos.d/edb.repo
sed -i "\/ppas95/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-tools/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
yum list ppas95-server
yum list edb-bart

# Congratulations! Now, you can take advantage of all the benefits of RPMS and YUM
# installations even if you do not have direct access to yum.enterprisedb.com. You will need
# at least one machine that is connected to the internet in order to download the repositories
# so that you can transfer them to your other network of course. 


EDB Team