creating a yum repo on centos 5.4
There are plenty of tutorials out there that show you how to set up a local yum repo that is a mirror of your distrubutions repository. This is not one of those tutorials. Imagine you have some software that you have packaged into an rpm for distribution on your company’s servers. Let’s call the name of the package examplepackage
. You’d like the convienience of having it in a yum repo somewhere so that you only have to type yum install examplepackage
on your fleet of thousands of machines (or script it, or use a configuration management utility like puppet to install it). When a new version of examplepackage is released, you can easily install the update by doing a yum update examplepackage
or configure your configuration management utility to make sure the latest version is automagically installed.
Ok…so you’ve decided that this is a good idea. How do you pull it off? First, you’ll need a web-server that is accessable by your yum client machines. I’m running apache on a host that is serving administrative tasks already, so I’ll run my repository to this machine. I’m going to add a DNS entry so that yum.example.com
points at this machine’s IP.
As I mentioned previously, this machine is already tasked with running other administrative tasks. Apache has been configured to serve name based virtual hosts on port 80. I’m going to add another name based virtual host on port 80 to serve up our repository. I’ve created /etc/httpd/conf.d/virtualhost_com.example.yum.conf with the following contents:
<VirtualHost *:80>
ServerAdmin serveradmin@example.com
DocumentRoot /var/www/com.example.yum
ServerName yum.example.com
CustomLog "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/%d/com.example.yum_access" combined
ErrorLog "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/%d/com.example.yum_error"
</VirtualHost>
Note that we use cronolog to rotate apache’s access and error logs on a daily basis. You can install cronolog by running yum install cronolog
. We chose to use cronolog because it makes access and error log archival and cleanup easy (more on that in another post). Also note that we reverse the domain name(com.example.yum) to be used for log files and the document root directory. Using this convention makes it a bit less painful on the eyes to list a directory that has 10 or 15 different sites on it that are all subdomains of example.com. It would also help if you are a hosting provider and hosting multiple customer’s domains. If you were hosting jasonhancock.com
, subdomain.jasonhancock.com
, ashleyexample.com
, subdomain.ashleyexample.com
, doing a long list of the /var/www directory would result in something like this:
$ ls -l /var/www
total 32
drwxr-xr-x 2 someuser somegroup 4096 Jan 18 14:36 com.jasonhancock
drwxr-xr-x 2 someuser somegroup 4096 Jan 18 14:36 com.jasonhancock.subdomain
drwxr-xr-x 7 someuser somegroup 4096 Apr 28 12:29 com.ashleyexample
drwxr-xr-x 2 someuser somegroup 4096 Apr 29 13:49 com.ashleyexample.subdomain
Create your document root: mkdir -p /var/www/com.example.yum
Lay out your repository. We run everything on CentOS 5.4 x86_64, so I’m not going to bother setting up my repository to deal with different OS versions or architectures. If you need to do this, please see the existing yum .repo files in /etc/yum.repos.d for examples of how others have laid out their repositories.
Copy your .rpm file into your document root: cp examplepackage-1.0.0.el5.noarch.rpm /var/www/com.example.yum/
Repeat for all rpms you wish to host in your yum repository.
Rebuild the repository metadata. You will need to have the createrepo package installed (yum install createrepo
): createrepo /var/www/com.example.yum
Cory Wynn pointed out that if you’re running a CentOS repo on a Fedora box, you will have to add an argument to the createrepo command (as show below). Reason being is that the default checksum for createrepo
has changed from sha1 to sha256. Otherwise, when trying to update it will generate Errno -3
when trying to populate or install software. createrepo -s sha1 /var/www/com.example.yum
You want to copy the public key of the key used to sign the RPM packages for this repo into place. For example, the file will end up at /var/www/com.example.yum/RPM-GPG-KEY-example
Now we’re ready to point a client machine at our new repository. Log into the client machine and create /etc/yum.repos.d/example.repo with the following contents:
[example]
name=example.com
baseurl=http://yum.example.com/
enabled=1
gpgcheck=1
gpgkey=http://yum.example.com/RPM-GPG-KEY-example
Once that file is in place, run this command on the client to install examplepackage: yum install examplepackage
If this is the first time you’ve installed software signed with this key, you will get prompted to import the GPG key.