diff --git a/infrastructure-guide/repo01.md b/infrastructure-guide/repo01.md index b8c52aca..1ade38a4 100644 --- a/infrastructure-guide/repo01.md +++ b/infrastructure-guide/repo01.md @@ -7,70 +7,76 @@ This machine acts as a mirror for the RHEL8 iso images. Repo01 is connected to the Satelitte server from ETH Zürich. The Red Hat repositories are synced from there. -The installer iso images are downloaded from https://access.redhat.com/downloads and put into /var/www/html/iso manually +The installer iso images are downloaded from https://access.redhat.com/downloads and put into `/var/www/html/iso` manually -The iso images in /var/www/html/iso are then (automatically) mounted as loop devices by the pli-mount-iso-images.service under /etc/systemd/system/. Otherwise changes are not monitored, if a new iso is put there, a manual restart of the service is required for anything to happen. +The iso images in `/var/www/html/iso` are then (automatically) mounted as loop devices by the pli-mount-iso-images.service under `/etc/systemd/system/`. Otherwise changes are not monitored, if a new iso is put there, a manual restart of the service is required for anything to happen. +```bash df -kh | grep /var/www /dev/loop0 11G 11G 0 100% /var/www/html/iso/rhel85 /dev/loop1 6.7G 6.7G 0 100% /var/www/html/iso/rhel80 +``` +Under `/opt/pli/libexec` exist five shell scripts that run with systemctl timer. -Under /opt/pli/libexec exist five shell scripts that run with systemctl timer. +The pli-repo-mirror runs a daily sync (at 21:30) via `/etc/systemd/system/pli-repo-mirror.timer`, which pulls the latest repos into `/var/www/html/el8/sources`. -The pli-repo-mirror runs a daily sync (at 21:30) via /etc/systemd/system/pli-repo-mirror.timer, which pulls the latest repos into /var/www/html/el8/sources. +The `gen-snapshot-page` is the basic script to generate a snapshot. -The gen-snapshot-page is the basic script to generate a snapshot. - -From the above, a weekly snapshot (at Sun 23:30) is taken by the pli-repo-snapshot via the pli-repo-snapshot.timer +From the above, a weekly snapshot (at Sun 23:30) is taken by the `pli-repo-snapshot` via the `pli-repo-snapshot.timer` From there the snapshot_is_prodable checks wheter the new snapshot is ready for a new prod tag. It will check if the latest yfs kernel module corresponds with the latest rhel8 kernel. -If the kernel and the yfs module version correspond a prod snapshot is made under /var/www/html/el8/tags +If the kernel and the yfs module version correspond a prod snapshot is made under `/var/www/html/el8/tags` -The pli-repo-zoom is run via the pli-repo-zoom.timer. It maintains the zoom repo at /var/www/html/zoom/ +The `pli-repo-zoom` is run via the `pli-repo-zoom.timer`. It maintains the zoom repo at `/var/www/html/zoom/` -The pli-repo-yfs script is run via the pli-repo-yfs.timer. It syncs the auristor repo and apparently also create tags. +The `pli-repo-yfs` script is run via the `pli-repo-yfs.timer`. It syncs the auristor repo and apparently also create tags. -In case of emergency, you can run a snapshot by force. Then you have to add the version before you can run the script $./pli-repo-snapshot el8 +In case of emergency, you can run a snapshot by force. Then you have to add the version before you can run the script -Under /etc/systemd/system/ we have all the pli-repo* timer and service configurations. +```bash +$./pli-repo-snapshot el8 +``` +Under `/etc/systemd/system/` we have all the `pli-repo*` timer and service configurations. In order to start a new timer/service, the service and timer have to be a enabled. -Under /opt/pli/etc/mirror/ you find the repolist, cuda and yum.conf +Under `/opt/pli/etc/mirror/` you find the repolist, cuda and yum.conf -Under /etc/yum.repos.d/ you find the redhat.repo. This are the Red Hat repositories that are synced from ETH. +Under `/etc/yum.repos.d/` you find the redhat.repo. This are the Red Hat repositories that are synced from ETH. -Under /var/www/html/el8/keys/ you find the rpm-gpg-keys -Under /var/www/html/el8/manual/ you find the repos for nxserver. There is no automatic synchronisation for the rpms, they will be downloaded manually from the responsible person. -Under /var/www/html/el8/snapshots/ you will find all the preprod snapshots -Under /var/www/html/el8/sources you will find the packages and repodata from synced rpms. -Under /var/www/html/el8/tags/ you will find all prod tags +Under `/var/www/html/el8/keys/` you find the rpm-gpg-keys +Under `/var/www/html/el8/manual/` you find the repos for nxserver. There is no automatic synchronisation for the rpms, they will be downloaded manually from the responsible person. +Under `/var/www/html/el8/snapshots/` you will find all the preprod snapshots +Under `/var/www/html/el8/sources` you will find the packages and repodata from synced rpms. +Under `/var/www/html/el8/tags/` you will find all prod tags -Under /var/www/html/ipxe is for testing purposes -Under /var/www/html/iso you find the rhel-8.0 and the rhel-8.5 iso image. -Under /var/www/html/ks-test you find the new kickstart directory, for testing. If all works this can be deleted. +Under `/var/www/html/ipxe` is for testing purposes +Under `/var/www/html/iso` you find the rhel-8.0 and the rhel-8.5 iso image. +Under `/var/www/html/ks-test` you find the new kickstart directory, for testing. If all works this can be deleted. The URI is https://repo01.psi.ch/el8/sources/ Provided http services: +```bash [root@repo01 ~]# netstat -tulnp | grep http tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3634/httpd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3634/httpd +``` -The httpd configuration can be found in /etc/httpd/conf.d +The httpd configuration can be found in `/etc/httpd/conf.d` +```bash [root@repo01 ~]# ls -l /etc/httpd/conf.d/ total 12 -rw-r--r--. 1 root root 694 Apr 9 2019 25-repo01.psi.ch_non_ssl.conf -rw-r--r--. 1 root root 1131 Apr 9 2019 25-repo01.psi.ch_ssl.conf -rw-r--r--. 1 root root 366 Oct 9 2020 README -[root@repo01 ~]# +`````` - -The ssl certificate is located in /etc/pki/tls/certs +The ssl certificate is located in `/etc/pki/tls/certs` For the certificate renewal the CSR configuration is under /root/certs