Reposync job
To add new repos, add the repo file to prod.repos.d, the GPG key to gpgkeys and any specific configuration to prod.repos.yaml. This last part is probably not needed.
If you're adding a redhat repo, check existing redhat repos and copy the same logic (which is defining a custom_script)
linuxsoft.cern.ch paths
By default all repos will be mirrored under https://linuxsoft.cern.ch/mirror/
You can control the path with prod.repos.yaml
file, by using pathroot
as in:
redhat-8-ev-x86_64.repo:
pathroot: ''
This will make mirrors start on https://linuxsoft.cern.ch/ instead.
PS: Be aware RH repos are blocked unless you belong to certain LANDB sets: https://linuxops.web.cern.ch/support/redhat/#landb-sets
Downloading Redhat certificates
Certs for linuxsoft-mirror system are registered via RHN Manual downloading of certs is a thing of the past as this is now performed automagically via the rhncheck.py script
Whilst no longer required, you can use the following command to determine what certificate maps to which entitlement:
[root@lxsoftadm28 ~]# for i in /etc/cdn.redhat.com/*pem; do echo -n "$i: "; subscription-manager import --certificate $i >/dev/null; subscription-manager list --consumed |grep "Subscription Name" | cut -d: -f2; subscription-manager remove --all >/dev/null; done
/etc/cdn.redhat.com/5378820407501503083.pem: Red Hat Enterprise Linux for Real Time, Premium (Physical Node)
/etc/cdn.redhat.com/1971273915703326979.pem: Red Hat Enterprise Linux Developer Suite
/etc/cdn.redhat.com/3184188042360253346.pem: Red Hat Virtualization (2-sockets), Premium
/etc/cdn.redhat.com/2574189359922386789.pem: Red Hat Enterprise Linux Extended Life Cycle Support (Physical or Virtual Nodes)
/etc/cdn.redhat.com/4333396096500643205.pem: Red Hat Enterprise Linux Developer Suite
RedHat repos
Figuring out which RedHat repos to sync is not obvious as paths change between versions (i.e. RHEL7 use different repo URLs than RHEL8).
You could always spawn a new RHELX machine and follow these steps:
- Share the RH image with the tenant you want
eval $(ai-rc 'IT Linux Support - CI VMs')
openstack image list | grep RHEL ## To see all available images
# replace with the uuid of destination project
openstack image add project '$uuid-of-image' '$uuid-of-project'
- Spawn a machine with that image, select your private key when creating it
- Quickly add this machine to
LINUXSOFT RHEL LICENSED GPN
so it has access to RH repos for installation - ssh as
cloud-user
:ssh cloud-user@yournode
, thensudo -i
- Edit
/root/.ssh/authorized_keys
and remove everything before your ssh key - Allow access to the rest of the team. Install the latest cern-linuxsupport-access and enable it:
$ yum install http://linuxsoft.cern.ch/cern/centos/8/CERN/x86_64/Packages/cern-linuxsupport-access-1.2-1.el8.cern.noarch.rpm $ cern-linuxsupport-access enable
-
subscription-manager register --username yourrhaccount@cern.ch
. It will ask for your RH access password -
subscription-manager repos --list
will list all the repos and their URLs. You can now add those that you need.
Sample RH nodes
- As of 4/12/2020 these nodes are available for our team:
-
lx-rh7-certs
for RHEL 7 -
rhel8-sample
for RHEL 8
-