SUSE Conversations


Mirroring Update Servers



By: azouhr

June 28, 2007 1:42 pm

Reads:197

Comments:4

Rating:0

by Berthold Gunreben

Contents:

  1. Requirements
  2. Using yup to Mirror Updates
  3. Updating the Clients

In some situations, such as enterprises with security concerns, Internet connections are not permitted or possible. Despite this restriction, systems in the local network still need updates for their SUSE Linux Enterprise operating systems. To enable updates, a mirror update server must be set up to provide the updates in the internal network.

Note: The following procedures describe how to set up an update server in an environment where Internet access is not available. This has been tested and should work flawlessly, but it is not supported by Novell. yup is a script that sets up a mirror of an existing update server for SUSE Linux Enterprise products on the local hard disk. It must be configured to use your Novell Customer Center account and offers several more parameters that normally do not need to be touched.

Requirements

Before starting to configure yup, get mirror credentials for your subscription. To do this, visit http://www.novell.com/center, select your subscription, and press Mirror Credentials. Using the standard NCC (Novell Customer Center) credentials is not sufficient, because those credentials are assigned to a specific GA or SP version of SUSE Linux Enterprise.

To create an update server that is independent from the Internet, two computers with SUSE Linux Enterprise Server are needed. One must be connected to the Internet. The other needs to be accessible from the internal network.

Depending on the number of distributions mirrored, quite some disk space must be available. To be sure to have enough, provide 10 GB of hard disk space for each distribution mirrored with a minimum of 30 GB.
There are many possibilities for transferring the data from the external to the internal server. For example, it is possible to use a removable mass storage device, such as an USB disk, or transfer the data with the help of a tape drive. Depending on your implementation, more hardware may be needed.

Transfer of the Data
All the patches that are provided by Novell are supported in the same way as if they came directly from the update server. However, the responsibility for copying the data from the mirror server and providing the patches in the internal network is completely in the hands of the respective administrator. This is not supported by Novell.

Using yup to Mirror Updates

yup is configured in the central configuration file /etc/sysconfig/yup. Make sure that this file has read and write flags available only for the root user. To be sure that all the permissions are set to system defaults, run SuSEconfig –module permissions.

In the default configuration, yup mirrors all distributions that are available to the mirror credentials obtained from the Novell Customer Center. Before starting, at least three parameters should be configured, the YUP_ID, YUP_PASS, and YUP_DEST_DIR. Do this either in the configuration file /etc/sysconfig/yup with a text editor of your choice or, if you prefer a graphical front-end, with the YaST sysconfig editor (System > /etc/sysconfig Editor in the YaST control center).

YUP_ID
This value is provided by the Novell Customer Center. It is part of the mirror credentials.

YUP_PASS
This value is provided by the Novell Customer Center. It is part of the mirror credentials.

YUP_DEST_DIR
The default directory for yup to store the mirrored update sources is /var/cache/yup. If you do not change this, make sure that you have sufficient disk space in this directory.

After the configuration is finished, run yup as root without any additional parameters to start the download. The time needed depends on the available bandwidth, but even with fast connections, it takes some time to transfer the update sources.

Now transfer the downloaded update sources to the internal server. It is up to the administrator how this can be achieved. Removable hard disks, like USB, FireWire, or removable SCSI, or tape drives could be used. All the data must be available on the internal server.

The internal update server may be provided as a ZLM server or as a normal HTTP or FTP server. To use ZLM, read the documentation at /usr/share/doc/packages/yup/Advanced_SLES10_Patching_0.2.pdf on how to set up this service.

To set up a normal installation server on the internal mirror, YaST provides a module that handles this functionality. The exact procedure is described in the Installation and Administration guide of the official SUSE Linux Enterprise Server documentation in “Setting Up the Server Holding the Installation Sources“.

To get regular updates, it is necessary to run yup at regular intervals. It is the responsibility of the administrator to provide all mirrored data to the internal server when needed.

Find more information about yup in the man page for yup and in the package documentation (/usr/share/doc/packages/yup).

Updating the Clients

The update procedure consists of two major steps. First, the clients must be updated from SUSE Linux Enterprise GA version to SP1 version. Afterward, they must be prepared for regular security updates and bug fixes.

Updating to SP1

After the internal mirror server is prepared, the update of a SUSE Linux Enterprise system is straightforward.

  1. Add the catalog SLES10-SP1-Online for SUSE Linux Enterprise Server or SLED10-SP1-Online for SUSE Linux Enterprise Desktop of the internal mirror to the installation sources of the computer.
  2. Start YaST online update and perform the update of the packages that are relevant for the update system and package management.
  3. Restart YaST online update to perform the remaining updates needed for SP1.
  4. Disable the registration on boot feature. This cannot succeed, because Novell Customer Center cannot be reached from the client. As user root, disable the feature with the command touch /var/lib/suseRegister/neverRegisterOnBoot.
  5. Reboot the system.

Preparing Regular Updates

After the update to SP1 has been completed, remove the SLES10-Updates or SLED10-Updates catalog and add the SLES10-SP1-Updates or SLED10-SP1-Updates catalog. Although it is no problem to keep the SLE?10-Updates catalog, removing this catalog saves quite some time in future update processes.

All further update tasks may be done exactly the same way as they on machines directly connected to the Internet. Updates are only available if the administrator of the mirror server regularly updates the mirror with the latest patches.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

4 Comments

  1. By:tnikodem

    I wanted to implement this solution. I installed a new copy of SLES-10, but I found too many problems with the documentation.
    1,. I went to http://www.novell.com/center, logged in, and could not find a “Mirror Credentials” entry.
    2. I could not find a /etc/sysconfig/yup directory.

    Those alone stopped my progress. I looked elsewhere but could not find a solution.

    Theodore L. Nikodem
    Kent County, Michigan
    320 Ottawa Ave. NW
    Grand Rapids, Michigan 49503

  2. By:jalmda

    “yup” is on the SLES10 SDK disc. It is described as a “yum update proxy”.

  3. By:jalmda

    I have yup downloading rpms for SLES10 but although my credentials email says I should also get SP1 and SP2 fixes, they do not appear to come. The yup script does not support SP1, and ironically there’s no yup fix available in the GA edition of the SDK.

    There is a fix. The first Yup version to support mirroring SLE10 SP1 is 222-2.4 (for SLE10 Yup servers; zypp patch 3853)or 222-3.1 (for SLES9 Yup servers; from patch-11571); refer to

    Document ID: 5015784

    http://download.novell.com/Download?buildid=ZTwWK5vgfoE~

    Download and install that yup patch, modify /etc/sysconfig/yup to amend the YUP_SUBVERSIONS value, and restart yup.

  4. By:leh015

    What’s this new new -Pool type of repository for SP2 that you get when you use the Novell patch servers via registration. We now have the -Online and the -Update and -Pool? How do I mirror it? Do I need to?

Comment

RSS