How to update CentOS 8 with RMT 15

This document (000020588) is provided subject to the disclaimer at the end of this document.

Environment

Repository Mirroring Tool for SLES 15
CentOS 8.x

Situation

Repository mirroring tool (RMT) enables customers that possess the required entitlements to mirror updates for CentOS.
Please refer to https://www.suse.com/products/expandedsupport/ for details on SUSE Linux Enterprise Server Subscription with Expanded Support.

This document discusses the actions required to configure the RMT server and clients (CentOS servers) for this solution.
This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.

Resolution

On the RMT server perform the following steps to prepare it for mirroring and publishing updates for CentOS.

    1. Install SUSE Linux Enterprise Server (SLES) 15 current Service Pack. There’s no RMT pattern, just go to Software selection and search for rmt-server.  (or install rmt on existing SLES15 system using “zypper in rmt-server".). It installs also yast2-rmt package.

    2. It is recommended to check for updates immediately after installing SLES using “zypper patch” command.

    3. Set up RMT using YaST
        ◦ Start yast either with  "yast2 rmt " or  alternatively, start YaST and select Network Services > RMT Configuration.

        ◦  Enter your organization credentials. (Login to https://scc.suse.com => Organization => Organization Credentials)

        ◦  Enter credentials for a new MariaDB user and database name. This user will then be created. Then select Next. If  password for the MariaDB root user is already set, you are required to enter it. If no password is set for root, you are asked to enter a new one.

        ◦  Enter a common name for the SSL certificates. The common name should be the fully qualified domain name (FQDN) of the server. Enter all domain names and IP addresses with which you want to reach the RMT server as alternative common names.

        ◦  When all common names are entered, select Next.

        ◦  To view a final summary, select Next. Then select Finish to close YaST. 

        ◦  If you have a firewall enabled, allow access to ports 80 and 443. When using the default zone public, execute the following commands:
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reload

    4. Mirror repositories with rmt:
        ◦ Make sure you set organization credentials in /etc/rmt.conf (see previous step)

        ◦ Synchronize repository metadata (information about available products and repositories)
# rmt-cli sync

        ◦ Periodic synchronization is done via systemd timer rmt-server-sync.timer. For status information e.g. next running time use systemctl status :
# systemctl status rmt-server-sync.timer

        ◦ Enable products (this will enable all repos associated with the product).
# rmt-cli products list --all | grep Expanded #look for PRODUCT ID relevant to your CentOS version
# rmt-cli product enable $PRODUCT_ID

        ◦ Enable repositories mirroring (if you want to change product defaults, e.g. you want src repo).
# rmt-cli repo list --all
# rmt-cli repo enable $REPO_ID

        ◦ Start package mirroring for enabled repositories:
# rmt-cli mirror

        ◦ Packages are downloaded to RMT once a day. This task is done by systemd timer rmt-server-mirror.timer once a day. For status information e.g. next running time use systemctl status:
# systemctl status rmt-server-mirror.timer


Registering CentOS 8 against RMT:
    1. Download rmt-client-setup-res script
# curl http://FQDN_RMT_SERVER/tools/rmt-client-setup-res --output rmt-client-setup-res

Note: script rmt-client-setup-res is part of rmt-server.rpm.

    2. Run the script with the URL of the RMT server as parameter.
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/

    3. Test if everything works:
# dnf repolist #verify RMT repos have been added
# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' SUSEConnect
# SUSEConnect --status-text
# sh rmt-client-setup-res https://FQDN_RMT_SERVER/
# cp /etc/SUSEConnect.example /etc/SUSEConnect
# Edit /etc/SUSEConnect with the following content:
 
---
insecure: false
url: https://FQDN_RMT_SERVER

# depending on CentOS version
    CentOS 8.4:
    rpm -e centos-linux-release-8.4-1.2105.el8.noarch --nodeps
    rpm -e centos-linux-repos-8-2.el8.noarch

    CentsOS 8.5:
    rpm -e centos-linux-release-8.5-1.2111.el8.noarch --nodeps
    rpm -e centos-linux-repos-8-3.el8.noarch

# dnf install --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' sles_es-release-8.5-0.8.el8.x86_64
# depending on CentOS version
    CentOS 8.4:
    dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*'

    CentOS 8.5:
    dnf update --disablerepo='*' --enablerepo='FQDN_RMT_SERVER*' --nobest

# init 6

    4. Show extension product
#  uname -a
#  SUSEConnect -p RES/8/x86_64
#  SUSEConnect --status-text
Installed Products:
------------------------------------------

  SLES Expanded Support platform release file
  (RES/8/x86_64)

  Registered
      
  
------------------------------------------
#  dnf repolist
repo id                                                                        repo name
SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-8-Updates        RES-8-Updates
SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-AS-8-Updates     RES-AS-8-Updates
SUSE_Linux_Enterprise_Server_with_Expanded_Support_x86_64:RES-CB-8-Updates     RES-CB-8-Updates
FQDN_RMT_SERVER_SUSE_Updates_RES-AS_8_x86_64_update                created by dnf config-manager from http://FQDN_RMT_SERVER//repo/SUSE/Updates/RES-AS/8/x86_64/update
FQDN_RMT_SERVER_SUSE_Updates_RES_8_x86_64_update                   created by dnf config-manager from http://FQDN_RMT_SERVER//repo/SUSE/Updates/RES/8/x86_64/update
# dnf distro-sync

 

Additional Information

The script does the following:
Adds repositories, install SUSEConnect and its dependencies, disable repositories
Downloads rmt-client-setup-res script and run it. The rmt-client-setup-res script does the following:
Downloads all keys from RMT_SERVER
Import the keys with gpg --import and rpm --import
Downloads CA certificate from https://FQDN_RMT_SERVER/rmt.crt
Import CA certificate to trusted store
Invoke SUSEConnect. SUSEConnect adds all corresponding RMT repos and sets them as enabled.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020588
  • Creation Date: 16-Feb-2022
  • Modified Date:17-Feb-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center