Skip to content
Announcing BigAnimal: Fully managed PostgreSQL in the Cloud
Postgres Build 2021: 30 Nov to 1 Dec
Contact usDocsPlans

How to build a local EDB Red Hat repository without direct internet access

Phil Hankinson6/16/2021
Getting started

If you are installing EDB on RHEL7 machines, RPMs are the way to go.  

There are many, many reasons for this, a few of which are:

  • It's the standard way to install on RHEL derivatives
  • It uses consistent installation paths
  • It's easily integrated into Puppet, Chef, and other provisioning tools
  • Updating is as simple as "yum update" rather than finding and downloading individual installers
  • Some products are only available via RPMs
  • RPMs leverage OS dependencies for things like OpenSSL meaning that you don't have to wait for EDB to patch Postgres in order to get an OpenSSL patch - if you install with RPMs.  If you install any other way, we bundle OpenSSL and you'll need to get those patches from us which is not the most efficient way.
  • And many other reasons…

But, many of our customers (government, financial, and others) run their databases on machines that can not reach out to the internet, so they can't get patches from http://yum.enterprisedb.com.  So, what are they to do?  
 
It turns out that there is an easy and elegant way to address this, and it involves these steps:

  1. Clone the EDB YUM repositories (the example below will do this with createrepo)
  2. Copy that clone to your disconnected machines (via one-way transfer, sneakernet, whatever options you have)
  3. Setup a local EDB YUM repository, or repo, on that disconnected network as a file based local repository (good for a small number of machines)
  4. Note: The OS flavour on source and target machines should be the same otherwise some package level dependencies might not be resolved.

Let's get started!
 
Steps (run as sudoer for security):

### Install the EDB repo file locally as a sudoer
[sudoer@{source_server} ~]$ sudo yum install https://yum.enterprisedb.com/edbrepos/edb-repo-latest.noarch.rpm -y
 
### Export the variables used during the build, adjusting <yumuser> and <yumpassword> as
### appropriate (these should not be run as sudo)
[sudoer@{source_server} ~]$ export YUMUSERNAME=<yumuser>
[sudoer@{source_server} ~]$ export YUMPASSWORD=<yumpassword>
[sudoer@{source_server} ~]$ export REPOFILE=/etc/yum.repos.d/edb.repo
[sudoer@{source_server} ~]$ export DLDIR=/tmp/yumdownloaddir
[sudoer@{source_server} ~]$ export REPOVERSION=edb
 
### Change the EDB repo username and password locally
[sudoer@{source_server} ~]$ sudo sed -i "s/<username>:<password>/$YUMUSERNAME:$YUMPASSWORD/g" $REPOFILE
 
### Install the external dependencies
[sudoer@{source_server} ~]$ sudo yum install -y yum-utils createrepo
[sudoer@{source_server} ~]$ sudo  yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 
### Enable the optional, extras, and HA repositories since EPEL packages may depend on      packages from these repositories [ For RHEL7 only]
[sudoer@{source_server} ~]$sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"  --enable "rhel-ha-for-rhel-*-server-rpms"
 
### Import EDB GPG key installed from edb-repo and also the other repos
[sudoer@{target_server} ~]$ sudo rpm --import /etc/pki/rpm-gpg/*
 
### Create the download directory and populate it using “createrepo”
### Note that the third step contains a subset of commonly used tools as an example
### This should be tailored to your own requirements
[sudoer@{source_server} ~]$ sudo mkdir -p "$DLDIR"
[sudoer@{source_server} ~]$ cd "$DLDIR"
[sudoer@{source_server} /tmp/yumdownloaddir]$ sudo repotrack parted edb-repo edb-as*-server java edb-pem-agent edb-efm* edb-pem-server edb-migrationtoolkit ppas-xdb edb-as*-pgagent.x86_64 edb-bart
[sudoer@{source_server} /tmp/yumdownloaddir]$ sudo createrepo "$DLDIR"
 
### Now zip up the DLDIR archive, ready to be shipped to the target server(s)
[sudoer@{source_server} /tmp/yumdownloaddir]$ cd /tmp
[sudoer@{source_server} /tmp]$ sudo tar -zcvf yumdownloaddir.tgz yumdownloaddir
 
### Now login to the target server and copy the .tgz (zip) file that was created before to the
### remote server /tmp directory (using scp, or rsync, or any of the other methods given above)
### and then unzip it on all the servers needing EDB software
 
### Assuming the zipped repository is in /tmp, unzip it to home directory
[sudoer@{target_server} ~]$ cd ; sudo tar -xvf /tmp/yumdownloaddir.tgz
 
### Install EDB GPG key from archive of edb-repo
[sudoer@{target_server} ~]$ sudo yum localinstall yumdownloaddir/edb-repo*.rpm
[sudoer@{target_server} ~]$ sudo rpm --import /etc/pki/rpm-gpg/*
 
### Then, rename the original repos:
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo); do mv $i $i.orig; done'
 
### And create a edb_local.repo file in /etc/yum.repos.d/ with the contents:
### baseurl is mentioned assuming /root/ as a home directory.
### This needs to be replaced with the actual home directory path where yumdownloadedir is placed
[sudoer@{target_server} yum.repos.d]$ sudo vi edb_local.repo 
[edb-localrepo]
name=EnterpriseDB Localrepo for install without internet access
baseurl=file:///root/yumdownloaddir
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/ENTERPRISEDB-GPG-KEY
 
### After that, you can install EDB products by running yum with the local repo enabled. For 
### example:
[sudoer@{target_server} ~]$ sudo yum install edb-as13-server --enablerepo edb-localrepo
 
 
### Optionally, after having installed anything you need from the EDB repository, you can clean
### up your local EDB repo and put back the original repos:
[sudoer@{target_server} ~]$ sudo rm /etc/yum.repos.d/edb_local.repo
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} ~]$ sudo sh -c 'for i in $(ls *.repo.orig); do mv $i ${i%.*}; done'
# Assuming the root directory as a home
[sudoer@{target_server} ~]$ sudo rm -rf /root/yumdownloaddir
 
### Done!

You may, however, want to create a local repository for many machines, with the repository we created earlier available as if it were a repository server on the internet.

To do this, first choose a machine available to all the servers where the repository is to be made available, and then set up a repository like so:
 

### Install NGINX webserver from the EPEL repository; start it, enable it, and check the status
[sudoer@{source_server} ~]$ sudo  yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
[sudoer@{source_server} ~]$ sudo yum install nginx
[sudoer@{source_server} ~]$ sudo systemctl start nginx
[sudoer@{source_server} ~]$ sudo systemctl enable nginx
[sudoer@{source_server} ~]$ sudo systemctl status nginx
 
### Ensure that the nginx firewall ports are open
[sudoer@{source_server} ~]$ sudo firewall-cmd --zone=public --permanent --add-service=http
[sudoer@{source_server} ~]$ sudo firewall-cmd --zone=public --permanent --add-service=https
[sudoer@{source_server} ~]$ sudo firewall-cmd --reload
 
### Create the repository tarball in /tmp as before, and unzip it to the default nginx directory
[sudoer@{source_server} ~]$ cd /usr/share/nginx/html
[sudoer@{source_server} html]$ sudo tar -xvf /tmp/yumdownloaddir.tgz
 
### Change the access and selinux settings, or nginx can’t access it
[sudoer@{source_server} html]$ sudo chown -R root: yumdownloaddir/
[sudoer@{source_server} html]$ sudo chmod -R 755 yumdownloaddir/
[sudoer@{source_server} html]$ sudo chcon -R --reference=/usr/share/nginx/html /usr/share/nginx/html/yumdownloaddir/
 
### Turn on auto-indexing in the nginx.conf file by adding a “location” directive
[sudoer@{source_server} html]$ sudo vi /etc/nginx/nginx.conf
       location / {
        }
 
### Insert this directive ==>
	location /yumdownloaddir {
            autoindex on;
        }
### <==
 
### Restart your nginx server and check the repo is available on your browser at
### http://localhost/yumdownloaddir
[sudoer@{source_server} ~]$ sudo systemctl restart nginx
 
### Now log in to your target server and configure access to the new repo there
 
### First, rename the original repos:
[sudoer@{target_server} ~]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo); do mv $i $i.orig; done'
 
### Create a local-repos.repo file in /etc/yum.repos.d/ with the contents:
[sudoer@{target_server} yum.repos.d]$ sudo vi /etc/yum.repos.d/local-repos.repo 
[local-repos]
name=Local repository storage on <server-FQDN>
baseurl=http://<source server FQDN or IP address>/yumdownloaddir/
gpgcheck=0
enabled=1
 
### You can check the locally served repo is now available with:
[sudoer@{target_server} ~]$ yum repolist
 
###
### Optionally, after having installed anything you need from the EDB repository, you can clean
### up your local repo and put back the original repos:
[sudoer@{target_server} yum.repos.d]$ sudo rm /etc/yum.repos.d/local-repos.repo
[sudoer@{target_server} yum.repos.d]$ cd /etc/yum.repos.d
[sudoer@{target_server} yum.repos.d]$ sudo sh -c 'for i in $(ls *.repo.orig); do mv $i ${i%.*}; done'
[sudoer@{target_server} yum.repos.d]$ sudo rm -rf /root/yumdownloaddir
### Done!

See also: How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7, 8 without using Satellite server? - Red Hat Customer Portal

Phil has 25 years experience working with relational database systems and is a Senior Consultant in the Professional Services Division of EnterpriseDB. Located in Sweden, Phil works mainly in EMEA (specifically the Nordics) but often spends time on client sites around the world, delivering training, ...