Update: Post updated to allow for generation of multiple mirrors of varying versions of RHEL as shown at http://brandonhutchinson.com/mrepo_configuration.html.
The latest version of mrepo available in EPEL (mrepo-0.8.7-2.el6.noarch.rpm at the time of this writing) won’t allow you to mirror RHN without some slight modifications. This is a brief howto that will highlight exactly what is needed to allow mrepo to mirror RHN on RHEL6.
NOTE: This howto is loosely based on the RHEL5 mrepo howto available at http://ln-s.net/9SlN.
You will need to install the following packages:
pyOpenSSL rhn-client-tools rhpl mrepo
Next, you need to setup mrepo.conf with your RHN login credentials by adding the following to the [main]
section:
rhnlogin = <username>:<password>
Set a silly default for up2date
echo "up2date default" > /etc/sysconfig/rhn/sources
Set your machine’s UUID
UUID=$(uuidgen) ; /bin/echo -e "uuid[comment]=Universally Unique ID for this server\nrhnuuid=$UUID" \ > /etc/sysconfig/rhn/up2date-uuid
Set up additional repositories (RHEL5 in this case). Note that the path will differ depending on your srcdir as specified in mrepo.conf
.
gensystemid -u RHN_username -p RHN_password --release=5Server --arch=x86_64 /srv/mrepo/src/5Server-x86_64/
Make sure the proper certificate is in use
cp `cat /etc/sysconfig/rhn/up2date|grep ^sslCACert=|cut -d= -f2` /usr/share/rhn/RHNS-CA-CERT
Add your RHEL6 (and any additional platforms) mrepo configuration (e.g.):
/etc/mrepo.conf.d/6Server.conf
### Name: Red Hat Enterprise Server v6 ### URL: http://www.redhat.com/ [6Server] name = Red Hat Enterprise Server $release ($arch) release = 6 arch = x86_64 metadata = yum repomd ### RHEL6 repositories updates = rhns://<your satellite server>/rhel-$arch-server-$release optional = rhns://<your satellite server>/rhel-$arch-server-optional-$release rhn-tools = rhns://<your satellite server>/$repo-rhel-$arch-server-$release supplementary = rhns://<your satellite server>/rhel-$arch-server-$repo-$release
/etc/mrepo.conf.d/5Server.conf
### Name: Red Hat Enterprise Server v5 ### URL: http://www.redhat.com/ [5Server] name = Red Hat Enterprise Server $release ($arch) release = 5 arch = x86_64 metadata = repomd ### RHEL5 repositories updates = rhns://<your satellite server>/rhel-$arch-server-$release vt = rhns://<your satellite server>/rhel-$arch-server-$repo-$release supplementary = rhns://<your satellite server>/rhel-$arch-server-$repo-$release fastrack = rhns://<your satellite server>/rhel-$arch-server-$repo-$release hts = rhns://<your satellite server>/rhel-$arch-server-$repo-$release rhn-tools = rhns://<your satellite server>/$repo-rhel-$arch-server-$release
Lastly, you need to fix a couple bugs in the current mrepo release so that it will run successfully on RHEL6. The first file to change is /usr/share/mrepo/up2date_client/up2dateUtils.py
:
--- /usr/share/mrepo/up2date_client/up2dateUtils.py 2008-08-14 19:14:47.000000000 -0500 +++ /var/lib/bcfg2/Cfg/usr/share/mrepo/up2date_client/up2dateUtils.py/up2dateUtils.py 2011-12-02 09:27:07.500138609 -0600 @@ -13,7 +13,7 @@ import time import rpm import string -import md5 +import hashlib sys.path.insert(0, "/usr/share/rhn/") sys.path.insert(1,"/usr/share/rhn/up2date_client") @@ -158,7 +158,7 @@ def md5sum(fileName): - hashvalue = md5.new() + hashvalue = hashlib.md5() try: f = open(fileName, "r")
The second file to change is /usr/share/mrepo/rhn/transports.py
--- /usr/share/mrepo/rhn/transports.py 2008-08-14 19:14:47.000000000 -0500 +++ /var/lib/bcfg2/Cfg/usr/share/mrepo/rhn/transports.py/transports.py 2011-12-13 15:04:19.236104253 -0600 @@ -33,6 +33,7 @@ class Transport(xmlrpclib.Transport): user_agent = "rhn.rpclib.py/%s" % __version__ + _use_datetime = False def __init__(self, transfer=0, encoding=0, refreshCallback=None, progressCallback=None):
That should do it. You should then be able to run mrepo -ugv
and update your local mrepo mirror with the latest from RHN.
Thanks for the post…
Have you ever encountered the error from mrepo: “OpenSSL.SSL.Error: [(‘SSL routines’, ‘SSL3_GET_SERVER_CERTIFICATE’, ‘certificate verify failed’)]”?
I haven’t been able to download package updates from the satellite server since I’ve seen the error.
Thanks.
That error indicates that you are likely not using the right CA certificate. Check that
/usr/share/rhn/RHNS-CA-CERT
is the right certificate for your satellite server.I wanted to post a quick thank you for this article. It was exactly what I needed to move our mrepo server from RHEL 5 to RHEL 6.
Many thanks!
Justin
No problem Justin. Glad it helped!