4.1 KiB
repo01.psi.ch
This machine is a RHEL8 system not under Puppet control. This machine has no AFS dependencies. The basic service provided by this system is: httpd
This machine acts as a mirror for the RHEL8 iso images.
Repo01 is connected to the Satelitte server from ETH Zürich. The Red Hat repositories are synced from there.
The installer iso images are downloaded from https://access.redhat.com/downloads and put into /var/www/html/iso manually
The iso images in /var/www/html/iso are then (automatically) mounted as loop devices by the pli-mount-iso-images.service under /etc/systemd/system/. Otherwise changes are not monitored, if a new iso is put there, a manual restart of the service is required for anything to happen.
df -kh | grep /var/www
/dev/loop0 11G 11G 0 100% /var/www/html/iso/rhel85 /dev/loop1 6.7G 6.7G 0 100% /var/www/html/iso/rhel80
Under /opt/pli/libexec exist five shell scripts that run with systemctl timer.
The pli-repo-mirror runs a daily sync (at 21:30) via /etc/systemd/system/pli-repo-mirror.timer, which pulls the latest repos into /var/www/html/el8/sources.
The gen-snapshot-page is the basic script to generate a snapshot.
From the above, a weekly snapshot (at Sun 23:30) is taken by the pli-repo-snapshot via the pli-repo-snapshot.timer
From there the snapshot_is_prodable checks wheter the new snapshot is ready for a new prod tag.
It will check if the latest yfs kernel module corresponds with the latest rhel8 kernel.
If the kernel and the yfs module version correspond a prod snapshot is made under /var/www/html/el8/tags
The pli-repo-zoom is run via the pli-repo-zoom.timer. It maintains the zoom repo at /var/www/html/zoom/
The pli-repo-yfs script is run via the pli-repo-yfs.timer. It syncs the auristor repo and apparently also create tags.
In case of emergency, you can run a snapshot by force. Then you have to add the version before you can run the script
$./pli-repo-snapshot el8
Under /etc/systemd/system/ we have all the pli-repo* timer and service configurations.
In order to start a new timer/service, the service and timer have to be a enabled.
Under /opt/pli/etc/mirror/ you find the repolist, cuda and yum.conf
Under /etc/yum.repos.d/ you find the redhat.repo. This are the Red Hat repositories that are synced from ETH.
Under /var/www/html/el8/keys/ you find the rpm-gpg-keys
Under /var/www/html/el8/manual/ you find the repos for nxserver. There is no automatic synchronisation for the rpms, they will be downloaded manually from the responsible person.
Under /var/www/html/el8/snapshots/ you will find all the preprod snapshots
Under /var/www/html/el8/sources you will find the packages and repodata from synced rpms.
Under /var/www/html/el8/tags/ you will find all prod tags
Under /var/www/html/ipxe is for testing purposes
Under /var/www/html/iso you find the rhel-8.0 and the rhel-8.5 iso image.
Under /var/www/html/ks-test you find the new kickstart directory, for testing. If all works this can be deleted.
The URI is https://repo01.psi.ch/el8/sources/
Provided http services:
[root@repo01 ~]# netstat -tulnp | grep http
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3634/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3634/httpd
The httpd configuration can be found in /etc/httpd/conf.d
[root@repo01 ~]# ls -l /etc/httpd/conf.d/
total 12
-rw-r--r--. 1 root root 694 Apr 9 2019 25-repo01.psi.ch_non_ssl.conf
-rw-r--r--. 1 root root 1131 Apr 9 2019 25-repo01.psi.ch_ssl.conf
-rw-r--r--. 1 root root 366 Oct 9 2020 README
The ssl certificate is located in /etc/pki/tls/certs
For the certificate renewal the CSR configuration is under /root/certs