Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
06ed1ee252f19cae2dffca20b7ce2d7e71d1153a
gitea-pages/infrastructure-guide/repo01.md
sala 9d08293254 formatting
2022-05-10 11:25:16 +00:00

85 lines
4.1 KiB
Markdown
Raw Blame History

# repo01.psi.ch
This machine is a RHEL8 system **not** under Puppet control. This machine has no AFS dependencies.
The basic service provided by this system is: httpd
This machine acts as a mirror for the RHEL8 iso images.
Repo01 is connected to the Satelitte server from ETH Zürich. The Red Hat repositories are synced from there.
The installer iso images are downloaded from https://access.redhat.com/downloads and put into `/var/www/html/iso` manually
The iso images in `/var/www/html/iso` are then (automatically) mounted as loop devices by the pli-mount-iso-images.service under `/etc/systemd/system/`. Otherwise changes are not monitored, if a new iso is put there, a manual restart of the service is required for anything to happen.
```bash
df -kh | grep /var/www
/dev/loop0 11G 11G 0 100% /var/www/html/iso/rhel85 /dev/loop1 6.7G 6.7G 0 100% /var/www/html/iso/rhel80
```
Under `/opt/pli/libexec` exist five shell scripts that run with systemctl timer.
The pli-repo-mirror runs a daily sync (at 21:30) via `/etc/systemd/system/pli-repo-mirror.timer`, which pulls the latest repos into `/var/www/html/el8/sources`.
The `gen-snapshot-page` is the basic script to generate a snapshot.
From the above, a weekly snapshot (at Sun 23:30) is taken by the `pli-repo-snapshot` via the `pli-repo-snapshot.timer`
From there the snapshot_is_prodable checks wheter the new snapshot is ready for a new prod tag.
It will check if the latest yfs kernel module corresponds with the latest rhel8 kernel.
If the kernel and the yfs module version correspond a prod snapshot is made under `/var/www/html/el8/tags`
The `pli-repo-zoom` is run via the `pli-repo-zoom.timer`. It maintains the zoom repo at `/var/www/html/zoom/`
The `pli-repo-yfs` script is run via the `pli-repo-yfs.timer`. It syncs the auristor repo and apparently also create tags.
In case of emergency, you can run a snapshot by force. Then you have to add the version before you can run the script
```bash
$./pli-repo-snapshot el8
```
Under `/etc/systemd/system/` we have all the `pli-repo*` timer and service configurations.
In order to start a new timer/service, the service and timer have to be a enabled.
Under `/opt/pli/etc/mirror/` you find the repolist, cuda and yum.conf
Under `/etc/yum.repos.d/` you find the redhat.repo. This are the Red Hat repositories that are synced from ETH.
Under `/var/www/html/el8/keys/` you find the rpm-gpg-keys
Under `/var/www/html/el8/manual/` you find the repos for nxserver. There is no automatic synchronisation for the rpms, they will be downloaded manually from the responsible person.
Under `/var/www/html/el8/snapshots/` you will find all the preprod snapshots
Under `/var/www/html/el8/sources` you will find the packages and repodata from synced rpms.
Under `/var/www/html/el8/tags/` you will find all prod tags
Under `/var/www/html/ipxe` is for testing purposes
Under `/var/www/html/iso` you find the rhel-8.0 and the rhel-8.5 iso image.
Under `/var/www/html/ks-test` you find the new kickstart directory, for testing. If all works this can be deleted.
The URI is https://repo01.psi.ch/el8/sources/
Provided http services:
```bash
[root@repo01 ~]# netstat -tulnp | grep http
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3634/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3634/httpd
```
The httpd configuration can be found in `/etc/httpd/conf.d`
```bash
[root@repo01 ~]# ls -l /etc/httpd/conf.d/
total 12
-rw-r--r--. 1 root root 694 Apr 9 2019 25-repo01.psi.ch_non_ssl.conf
-rw-r--r--. 1 root root 1131 Apr 9 2019 25-repo01.psi.ch_ssl.conf
-rw-r--r--. 1 root root 366 Oct 9 2020 README
``````
The ssl certificate is located in `/etc/pki/tls/certs`
For the certificate renewal the CSR configuration is under /root/certs
https://git.psi.ch/linux-infra/repo01_pli-scripts
View Git Blame Copy Permalink