# Custom RPM Repositories

It is possible to manage own RPM repositories which are accessible inside PSI.
If you need one please contact the Linux Core team (linux-eng@psi.ch).


To setup the your custom repository/ies we need following information:
- Name of the repository
- Do you want to have your repository available for __all__ RHEL major versions (i.e. all RHEL major versions will see the same packages) or do you need a repository for each RHEL major version (i.e. you can have different packages for each RHEL major version)?

## Usage

On `lxsup.psi.ch` you can easily access this data on `/packages_misc`.


The backend for these custom repos is on a NFS4 share. This share can be mounted from __lx-fs:/packages_misc__

On __Linux__ systems you should be able to mount the share like this
```bash
mount -t nfs4 -o sec=krb5 lx-fs.psi.ch:/packages_misc /mnt
```

On __MacOS__ you could mount and access the share like this:
```bash
mount_nfs -o sec=krb5,nfsvers=4 lx-fs.psi.ch:/packages_misc ~/some_directory
```

(on __Windows__ - it should be/is also possible with Windows >=10 to mount the NFS4 share- https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount - details to be added here)


Once your folder/folders is/are created and your are autorized to write into these folders you can place RPMs and files into that directory/directories

__Important__: Once mounted, to be able to change things on the filesystem you have to have a valid kerberosticket for your PSI user. 
```
kinit <username>@D.PSI.CH
# or on standard PSI linux systems
kinit
```

```{note}
In case you are in a firewall protected zone, make sure that there is a rule to access lx-fs on TCP port 2049!
```


## Overview
Custom repositories are provided by the central repository server as all other repositories. They will be available on the URL

```
https://repos.psi.ch/<os>/latest/<repository_name>
```

The custom repositories are snapshotted and tagged as any other repository.

Inside __hiera__ please use the URL:
```
https://$lx_reposerver/<os>/$lx_repo_tag/<repository_name>
```
This ensures that the systems will always use the correct repository server url to access the repositories. (e.g. in the DMZ/extranet the DNS hostname of the repository is different ...)


The content of the custom repositories are managed on a a dedicated NFS4 share. On this share groups can have different folders where they place/manage their rpms. These RPMs are periodically synced to the main repository share (i.e. every 15 minutes), so what you see on the `packages_misc` is not exactly what will end up on the repository server. Upon sync the repository will be automatically build via the create-repo command.

The structure of the share is usually as follows:

```
<base>/<repository name>
                        # content in the case of one repo for all major RHEL version
                        /rhel7
                        /rhel8
                        /rhle9 # in case of different repo for major RHEL version
```

The access control is done by a Unix group usually named `unx-<something>_adm` (most of the time this is a group that also gives access to hiera repos)


## Preparation for new Custom RPM Repository (by Linux Team)

The `packages_misc` share is only root writeable from lx-sync-01.psi.ch. Therefore the initial setup needs to be done there.

Creation of a new repo (on lx-sync-01 in `/packages_misc`):
```
cd /packages_misc
mkdir <reponame>
chgrp 35588 <reponame>  ## We need to use the numeric group id here as lx-sync is not directly connected to AD
chmod g+w <reponame>
chmod g+s <reponame>
```

To sync the repo and make it available there needs to be a sync config added to https://git.psi.ch/linux-infra/rpm-repo-utils/-/tree/main/etc?ref_type=heads
(inside the __*-misc__ directories)

After adding this config the changes need to be deployed on lx-sync-01.psi.ch.
(either bootstrap/ansible or a manual `git pull` in `/opt/rpm-repo-utils/`)