3.8 KiB
Custom RPM Repositories
It is possible to manage own RPM repositories which are accessible inside PSI. If you need one please contact the Linux Core team (linux-eng@psi.ch).
To setup the your custom repository/ies we need following information:
- Name of the repository
- Do you want to have your repository available for all RHEL major versions (i.e. all RHEL major versions will see the same packages) or do you need a repository for each RHEL major version (i.e. you can have different packages for each RHEL major version)?
Usage
On lxsup.psi.ch you can easily access this data on /packages_misc.
The backend for these custom repos is on a NFS4 share. This share can be mounted from lx-fs:/packages_misc
On Linux systems you should be able to mount the share like this
mount -t nfs4 -o sec=krb5 lx-fs.psi.ch:/packages_misc /mnt
On MacOS you could mount and access the share like this:
mount_nfs -o sec=krb5,nfsvers=4 lx-fs.psi.ch:/packages_misc ~/some_directory
(on Windows - it should be/is also possible with Windows >=10 to mount the NFS4 share- https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount - details to be added here)
Once your folder/folders is/are created and your are autorized to write into these folders you can place RPMs and files into that directory/directories
Important: Once mounted, to be able to change things on the filesystem you have to have a valid kerberosticket for your PSI user.
kinit <username>@D.PSI.CH
# or on standard PSI linux systems
kinit
Overview
Custom repositories are provided by the central repository server as all other repositories. They will be available on the URL
https://repos.psi.ch/<os>/latest/<repository_name>
The custom repositories are snapshotted and tagged as any other repository.
Inside hiera please use the URL:
https://$lx_reposerver/<os>/latest/<repository_name>
This ensures that the systems will always use the correct repository server url to access the repositories. (e.g. in the DMZ/extranet the DNS hostname of the repository is different ...)
The content of the custom repositories are managed on a a dedicated NFS4 share. On this share groups can have different folders where they place/manage their rpms. These RPMs are periodically synced to the main repository share (i.e. every 15 minutes), so what you see on the packages_misc is not exactly what will end up on the repository server. Upon sync the repository will be automatically build via the create-repo command.
The structure of the share is usually as follows:
<base>/<repository name>
# content in the case of one repo for all major RHEL version
/rhel7
/rhel8
/rhle9 # in case of different repo for major RHEL version
The access control is done by a Unix group usually named unx-<something>_adm (most of the time this is a group that also gives access to hiera repos)
Preparation for new Custom RPM Repository
The packages_misc share is only root writeable from lx-sync-01.psi.ch. Therefore the initial setup needs to be done there.
Creation of a new repo (on lx-sync-01 in /packages_misc):
cd /packages_misc
mkdir <reponame>
chgrp 35588 <reponame> ## We need to use the numeric group id here as lx-sync is not directly connected to AD
chmod g+w <reponame>
chmod g+s <reponame>
To sync the repo and make it available there needs to be a sync config added to https://git.psi.ch/linux-infra/rpm-repo-utils/-/tree/main/etc?ref_type=heads (inside the *-misc directories)
After adding this config the changes need to be deployed on lx-sync-01.psi.ch.
(either bootstrap/ansible or a manual git pull in /opt/rpm-repo-utils/)