How to build a local EDB Red Hat repository without direct internet access

June 16, 2021

If you are installing EDB on RHEL7 machines, RPMs are the way to go. 

There are many, many reasons for this, a few of which are:

  • It's the standard way to install on RHEL derivatives
  • It uses consistent installation paths
  • It's easily integrated into Puppet, Chef, and other provisioning tools
  • Updating is as simple as "yum update" rather than finding and downloading individual installers
  • Some products are only available via RPMs
  • RPMs leverage OS dependencies for things like OpenSSL meaning that you don't have to wait for EDB to patch Postgres in order to get an OpenSSL patch - if you install with RPMs.  If you install any other way, we bundle OpenSSL and you'll need to get those patches from us which is not the most efficient way.
  • And many other reasons…

But, many of our customers (government, financial, and others) run their databases on machines that can not reach out to the internet, so they can't get patches from  So, what are they to do?  
It turns out that there is an easy and elegant way to address this, and it involves these steps:

  1. Clone the EDB YUM repositories (the example below will do this with createrepo)
  2. Copy that clone to your disconnected machines (via one-way transfer, sneakernet, whatever options you have)
  3. Setup a local EDB YUM repository, or repo, on that disconnected network as a file based local repository (good for a small number of machines)
  4. Note: The OS flavour on source and target machines should be the same otherwise some package level dependencies might not be resolved.

Let's get started!

Steps (run as sudoer for security):

### Install the EDB repo file locally as a sudoer
[sudoer@{source_server} ~]$ sudo yum install -y
### Export the variables used during the build, adjusting <yumuser> and <yumpassword> as
### appropriate (these should not be run as sudo)
[sudoer@{source_server} ~]$ export YUMUSERNAME=<yumuser>
[sudoer@{source_server} ~]$ export YUMPASSWORD=<yumpassword>
[sudoer@{source_server} ~]$ export REPOFILE=/etc/yum.repos.d/edb.repo
[sudoer@{source_server} ~]$ export DLDIR=/tmp/yumdownloaddir
[sudoer@{source_server} ~]$ export REPOVERSION=edb
### Change the EDB repo username and password locally
[sudoer@{source_server} ~]$ sudo sed -i "s/<username>:<password>/$YUMUSERNAME:$YUMPASSWORD/g" $REPOFILE
### Install the external dependencies
[sudoer@{source_server} ~]$ sudo yum install -y yum-utils createrepo
[sudoer@{source_server} ~]$ sudo  yum -y install
### Enable the optional, extras, and HA repositories since EPEL packages may depend on      packages from these repositories [ For RHEL7 only]
[sudoer@{source_server} ~]$sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"  --enable "rhel-ha-for-rhel-*-server-rpms"
### Import EDB GPG key installed from edb-repo and also the other repos
[sudoer@{target_server} ~]$ sudo rpm --import /etc/pki/rpm-gpg/*
### Create the download directory and populate it using “createrepo”
### Note that the third step contains a subset of commonly used tools as an example
### This should be tailored to your own requirements
[sudoer@{source_server} ~]$ sudo mkdir -p "$DLDIR"
[sudoer@{source_server} ~]$ cd "$DLDIR"
[sudoer@{source_server} /tmp/yumdownloaddir]$ sudo repotrack parted edb-repo edb-as*-server java edb-pem-agent edb-efm* edb-pem-server edb-migrationtoolkit ppas-xdb edb-as*-pgagent.x86_64 edb-bart
[sudoer@{source_server} /tmp/yumdownloaddir]$ sudo createrepo "$DLDIR"
### Now zip up the DLDIR archive, ready to be shipped to the target server(s)
[sudoer@{source_server} /tmp/yumdownloaddir]$ cd /tmp
[sudoer@{source_server} /tmp]$ sudo tar -zcvf yumdownloaddir.tgz yumdownloaddir
### Now login to the target server and copy the .tgz (zip) file that was created before to the
### remote server /tmp directory (using scp, or rsync, or any of the other methods given above)
### and then unzip it on all the servers needing EDB software
### Assuming the zipped repository is in /tmp, unzip it to home directory
[sudoer@{target_server} ~]$ cd ; sudo tar -xvf /tmp/yumdownloaddir.tgz
### Install EDB GPG key from archive of edb-repo
[sudoer@{target_server} ~]$ sudo yum localinstall yumdownloaddir/edb-repo*.rpm
[sudoer@{target_server} ~]$ sudo rpm --import /etc/pki/rpm-gpg/*
### Then, rename the original repos:
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo); do mv $i $i.orig; done'
### And create a edb_local.repo file in /etc/yum.repos.d/ with the contents:
### baseurl is mentioned assuming /root/ as a home directory.
### This needs to be replaced with the actual home directory path where yumdownloadedir is placed
[sudoer@{target_server} yum.repos.d]$ sudo vi edb_local.repo 
name=EnterpriseDB Localrepo for install without internet access
### After that, you can install EDB products by running yum with the local repo enabled. For 
### example:
[sudoer@{target_server} ~]$ sudo yum install edb-as13-server --enablerepo edb-localrepo
### Optionally, after having installed anything you need from the EDB repository, you can clean
### up your local EDB repo and put back the original repos:
[sudoer@{target_server} ~]$ sudo rm /etc/yum.repos.d/edb_local.repo
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} ~]$ sudo sh -c 'for i in $(ls *.repo.orig); do mv $i ${i%.*}; done'
# Assuming the root directory as a home
[sudoer@{target_server} ~]$ sudo rm -rf /root/yumdownloaddir
### Done!

You may, however, want to create a local repository for many machines, with the repository we created earlier available as if it were a repository server on the internet.

To do this, first choose a machine available to all the servers where the repository is to be made available, and then set up a repository like so:

### Install NGINX webserver from the EPEL repository; start it, enable it, and check the status
[sudoer@{source_server} ~]$ sudo  yum -y install 
[sudoer@{source_server} ~]$ sudo yum install nginx
[sudoer@{source_server} ~]$ sudo systemctl start nginx
[sudoer@{source_server} ~]$ sudo systemctl enable nginx
[sudoer@{source_server} ~]$ sudo systemctl status nginx
### Ensure that the nginx firewall ports are open
[sudoer@{source_server} ~]$ sudo firewall-cmd --zone=public --permanent --add-service=http
[sudoer@{source_server} ~]$ sudo firewall-cmd --zone=public --permanent --add-service=https
[sudoer@{source_server} ~]$ sudo firewall-cmd --reload
### Create the repository tarball in /tmp as before, and unzip it to the default nginx directory
[sudoer@{source_server} ~]$ cd /usr/share/nginx/html
[sudoer@{source_server} html]$ sudo tar -xvf /tmp/yumdownloaddir.tgz
### Change the access and selinux settings, or nginx can’t access it
[sudoer@{source_server} html]$ sudo chown -R root: yumdownloaddir/
[sudoer@{source_server} html]$ sudo chmod -R 755 yumdownloaddir/
[sudoer@{source_server} html]$ sudo chcon -R --reference=/usr/share/nginx/html /usr/share/nginx/html/yumdownloaddir/
### Turn on auto-indexing in the nginx.conf file by adding a “location” directive
[sudoer@{source_server} html]$ sudo vi /etc/nginx/nginx.conf
       location / {
### Insert this directive ==>
	location /yumdownloaddir {
            autoindex on;
### <==
### Restart your nginx server and check the repo is available on your browser at
### http://localhost/yumdownloaddir
[sudoer@{source_server} ~]$ sudo systemctl restart nginx
### Now log in to your target server and configure access to the new repo there
### First, rename the original repos:
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo); do mv $i $i.orig; done'
### Create a local-repos.repo file in /etc/yum.repos.d/ with the contents:
[sudoer@{target_server} yum.repos.d]$ sudo vi /etc/yum.repos.d/local-repos.repo 
name=Local repository storage on <server-FQDN>
baseurl=http://<source server FQDN or IP address>/yumdownloaddir/
### You can check the locally served repo is now available with:
[sudoer@{target_server} ~]$ yum repolist
### Optionally, after having installed anything you need from the EDB repository, you can clean
### up your local repo and put back the original repos:
[sudoer@{target_server} yum.repos.d]$ sudo rm /etc/yum.repos.d/local-repos.repo
[sudoer@{target_server} yum.repos.d]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo.orig); do mv $i ${i%.*}; done'
[sudoer@{target_server} yum.repos.d]$ sudo rm -rf /root/yumdownloaddir
### Done!

See also: How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7, 8 without using Satellite server? - Red Hat Customer Portal

Share this

Relevant Blogs

Surviving Without a Superuser: Coming to v16

EDB is proud to present the following excerpt from Surviving Without a Superuser from EDB VP, Chief Data Scientist Robert Haas' personal blog. You can read the entire article here...
January 30, 2023

Why you should use Docker Compose

SUMMARY: This article explains the benefits of using Docker Compose for creating multiple container applications. It reviews the steps for...
January 24, 2023

More Blogs

Quickstart guide on using pgPool

Steps (as root user)   #!/bin/bash   # Setup YUM repository for installing EPAS as the PEM # repository rpm -Uvh # Set YUM username/password in edb.repo export...
January 24, 2023

Using auth_method=hba in PgBouncer

Introduction PgBouncer is a great tool for improving database performance with connection pooling.  I've been using it for many years, since it first became available in 2007.  Since then, several...
January 23, 2023