How to update CentOS 8 with RMT 15
This document (000020588) is provided subject to the disclaimer at the end of this document.
Environment
Repository Mirroring Tool for SLES 15
CentOS 8.x
CentOS 8.x
Situation
Repository mirroring tool (RMT) enables customers that possess the required entitlements to mirror updates for CentOS.
Please refer to https://www.suse.com/products/expandedsupport/ for details on SUSE Linux Enterprise Server Subscription with Expanded Support.
This document discusses the actions required to configure the RMT server and clients (CentOS servers) for this solution.
This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.
Please refer to https://www.suse.com/products/expandedsupport/ for details on SUSE Linux Enterprise Server Subscription with Expanded Support.
This document discusses the actions required to configure the RMT server and clients (CentOS servers) for this solution.
This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.
Resolution
On the RMT server perform the following steps to prepare it for mirroring and publishing updates for CentOS.
1. Install SUSE Linux Enterprise Server (SLES) 15 current Service Pack. There’s no RMT pattern, just go to Software selection and search for rmt-server. (or install rmt on existing SLES15 system using “zypper in rmt-server".). It installs also yast2-rmt package.
2. It is recommended to check for updates immediately after installing SLES using “zypper patch” command.
3. Set up RMT using YaST
◦ Start yast either with "yast2 rmt " or alternatively, start YaST and select Network Services > RMT Configuration.
◦ Enter your organization credentials. (Login to https://scc.suse.com => Organization => Organization Credentials)
◦ Enter credentials for a new MariaDB user and database name. This user will then be created. Then select Next. If password for the MariaDB root user is already set, you are required to enter it. If no password is set for root, you are asked to enter a new one.
◦ Enter a common name for the SSL certificates. The common name should be the fully qualified domain name (FQDN) of the server. Enter all domain names and IP addresses with which you want to reach the RMT server as alternative common names.
◦ When all common names are entered, select Next.
◦ To view a final summary, select Next. Then select Finish to close YaST.
◦ If you have a firewall enabled, allow access to ports 80 and 443. When using the default zone public, execute the following commands:
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reload
4. Mirror repositories with rmt:
◦ Make sure you set organization credentials in /etc/rmt.conf (see previous step)
◦ Synchronize repository metadata (information about available products and repositories)
# rmt-cli sync
◦ Periodic synchronization is done via systemd timer rmt-server-sync.timer. For status information e.g. next running time use systemctl status :
# systemctl status rmt-server-sync.timer
◦ Enable products (this will enable all repos associated with the product).
# rmt-cli products list --all | grep Expanded #look for PRODUCT ID relevant to your CentOS version
# rmt-cli product enable $PRODUCT_ID
◦ Enable repositories mirroring (if you want to change product defaults, e.g. you want src repo).
# rmt-cli repo list --all
# rmt-cli repo enable $REPO_ID
◦ Start package mirroring for enabled repositories:
# rmt-cli mirror
◦ Packages are downloaded to RMT once a day. This task is done by systemd timer rmt-server-mirror.timer once a day. For status information e.g. next running time use systemctl status:
# systemctl status rmt-server-mirror.timer
Registering CentOS 8 against RMT:
1. Download rmt-client-setup-res script
# curl http://FQDN_RMT_SERVER/tools/rmt-client-setup-res --output rmt-client-setup-res
Note: script rmt-client-setup-res is part of rmt-server.rpm.
2. Run the script with the URL of the RMT server as parameter.
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/
3. Test if everything works:
# dnf repolist #verify RMT repos have been added
# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' SUSEConnect
# SUSEConnect --status-text
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/
# cp /etc/SUSEConnect.example /etc/SUSEConnect
# Edit /etc/SUSEConnect with the following content:
# depending on CentOS version
CentOS 8.4:
rpm -e centos-linux-release-8.4-1.2105.el8.noarch --nodeps
rpm -e centos-linux-repos-8-2.el8.noarch
CentsOS 8.5:
rpm -e centos-linux-release-8.5-1.2111.el8.noarch --nodeps
rpm -e centos-linux-repos-8-3.el8.noarch
# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' sles_es-release-8.5-0.8.el8.x86_64
# depending on CentOS version
CentOS 8.4:
dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*'
CentOS 8.5:
dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' --nobest
# init 6
4. Show extension product
# uname -a
# SUSEConnect -p RES/8/x86_64
# SUSEConnect --status-text
1. Install SUSE Linux Enterprise Server (SLES) 15 current Service Pack. There’s no RMT pattern, just go to Software selection and search for rmt-server. (or install rmt on existing SLES15 system using “zypper in rmt-server".). It installs also yast2-rmt package.
2. It is recommended to check for updates immediately after installing SLES using “zypper patch” command.
3. Set up RMT using YaST
◦ Start yast either with "yast2 rmt " or alternatively, start YaST and select Network Services > RMT Configuration.
◦ Enter your organization credentials. (Login to https://scc.suse.com => Organization => Organization Credentials)
◦ Enter credentials for a new MariaDB user and database name. This user will then be created. Then select Next. If password for the MariaDB root user is already set, you are required to enter it. If no password is set for root, you are asked to enter a new one.
◦ Enter a common name for the SSL certificates. The common name should be the fully qualified domain name (FQDN) of the server. Enter all domain names and IP addresses with which you want to reach the RMT server as alternative common names.
◦ When all common names are entered, select Next.
◦ To view a final summary, select Next. Then select Finish to close YaST.
◦ If you have a firewall enabled, allow access to ports 80 and 443. When using the default zone public, execute the following commands:
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reload
4. Mirror repositories with rmt:
◦ Make sure you set organization credentials in /etc/rmt.conf (see previous step)
◦ Synchronize repository metadata (information about available products and repositories)
# rmt-cli sync
◦ Periodic synchronization is done via systemd timer rmt-server-sync.timer. For status information e.g. next running time use systemctl status :
# systemctl status rmt-server-sync.timer
◦ Enable products (this will enable all repos associated with the product).
# rmt-cli products list --all | grep Expanded #look for PRODUCT ID relevant to your CentOS version
# rmt-cli product enable $PRODUCT_ID
◦ Enable repositories mirroring (if you want to change product defaults, e.g. you want src repo).
# rmt-cli repo list --all
# rmt-cli repo enable $REPO_ID
◦ Start package mirroring for enabled repositories:
# rmt-cli mirror
◦ Packages are downloaded to RMT once a day. This task is done by systemd timer rmt-server-mirror.timer once a day. For status information e.g. next running time use systemctl status:
# systemctl status rmt-server-mirror.timer
Registering CentOS 8 against RMT:
1. Download rmt-client-setup-res script
# curl http://FQDN_RMT_SERVER/tools/rmt-client-setup-res --output rmt-client-setup-res
Note: script rmt-client-setup-res is part of rmt-server.rpm.
2. Run the script with the URL of the RMT server as parameter.
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/
3. Test if everything works:
# dnf repolist #verify RMT repos have been added
# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' SUSEConnect
# SUSEConnect --status-text
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/
# cp /etc/SUSEConnect.example /etc/SUSEConnect
# Edit /etc/SUSEConnect with the following content:
--- insecure: false url: https://FQDN_RMT_SERVER
# depending on CentOS version
CentOS 8.4:
rpm -e centos-linux-release-8.4-1.2105.el8.noarch --nodeps
rpm -e centos-linux-repos-8-2.el8.noarch
CentsOS 8.5:
rpm -e centos-linux-release-8.5-1.2111.el8.noarch --nodeps
rpm -e centos-linux-repos-8-3.el8.noarch
# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' sles_es-release-8.5-0.8.el8.x86_64
# depending on CentOS version
CentOS 8.4:
dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*'
CentOS 8.5:
dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' --nobest
# init 6
4. Show extension product
# uname -a
# SUSEConnect -p RES/8/x86_64
# SUSEConnect --status-text
Installed Products:
------------------------------------------
SLES Expanded Support platform release file
(RES/8/x86_64)
Registered
------------------------------------------
# dnf repolist
repo id repo name SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-8-Updates RES-8-Updates SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-AS-8-Updates RES-AS-8-Updates SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-CB-8-Updates RES-CB-8-Updates FQDN_RMT_SERVER_SUSE_Updates_RES-AS_8_x86_64_update created by dnf config-manager from http://FQDN_RMT_SERVER//repo/SUSE/Updates/RES-AS/8/x86_64/update FQDN_RMT_SERVER_SUSE_Updates_RES_8_x86_64_update created by dnf config-manager from http://FQDN_RMT_SERVER//repo/SUSE/Updates/RES/8/x86_64/update# dnf distro-sync
Additional Information
The script does the following:
Adds repositories, install SUSEConnect and its dependencies, disable repositories
Downloads rmt-client-setup-res script and run it. The rmt-client-setup-res script does the following:
Downloads all keys from RMT_SERVER
Import the keys with gpg --import and rpm --import
Downloads CA certificate from https://FQDN_RMT_SERVER/rmt.crt
Import CA certificate to trusted store
Invoke SUSEConnect. SUSEConnect adds all corresponding RMT repos and sets them as enabled.
Adds repositories, install SUSEConnect and its dependencies, disable repositories
Downloads rmt-client-setup-res script and run it. The rmt-client-setup-res script does the following:
Downloads all keys from RMT_SERVER
Import the keys with gpg --import and rpm --import
Downloads CA certificate from https://FQDN_RMT_SERVER/rmt.crt
Import CA certificate to trusted store
Invoke SUSEConnect. SUSEConnect adds all corresponding RMT repos and sets them as enabled.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020588
- Creation Date: 16-Feb-2022
- Modified Date:17-Feb-2022
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
