SSM Patch Manager使いたいけど、RHEL 9に対応していないな
こんにちは、のんピ(@non____97)です。
皆さんはRed Hat Enteprise Linux 9(以降RHEL 9)でSSM Patch Managerを使いたいなと思ったことはありますか? 私はあります。
SSM Patch Managerの自動承認機能を活用することで、アップデートタイミングが異なる場合でも簡単に同じパッケージを適用することが可能です。
しかし、2023/7/24現在、SSM Patch ManagerはRHEL 8.6までしかサポートしていません。
そのため、各EC2インスタンス間でアップデートする際のパッケージバージョンを揃える場合は、手動でパッケージのバージョンを指定してあげる必要があります。
しかし、頻繁にアップデートがあり、EC2インスタンスの台数も多い場合はそちらの運用では辛くなる場面も考えられます。
そのような場面では、自身でリモートリポジトリサーバーを作成し、RPMパッケージを配布することで楽することが可能と考えます。全EC2インスタンスでアップデートが完了するまでリモートリポジトリサーバーでreposyncを実行しなければ良いのです。
一方で、ライセンス込みのRHELにおいては、RHUIに対してプロキシやオンプレを介してでも通信できることが前提となります。そのため、リモートリポジトリサーバーを構築して、そこからRPMパッケージを配布するのは推奨されておりません。
Q: Amazon Virtual Private Cloud (VPC) で Amazon EC2 での Red Hat Enterprise Linux インスタンスを作成した場合、Red Hat Update Infrastructure (RHUI) にアクセスするにはどのようにすればよいですか? Red Hat Enterprise Linux (RHEL) のすべてのオンデマンド Amazon マシンイメージ (AMI) は、AWS で Red Hat Update Infrastructure (RHUI) を使用するように構成されています。VPC では、Amazon EC2 RHEL インスタンスが VPC インターネットゲートウェイとアタッチされた仮想 IP を経由して EC2 の RHUI にアクセスするか、RHUI サーバーへの更新リクエストが一般のインターネットを経由するようにルーティングされた VPN または Direct Connect 接続経由でデータセンターに接続する必要があります。
Red Hat Network Satellite のようなオンプレミスの更新リポジトリから更新を入手することをご希望の場合、Red Hat のアカウントでライセンスモビリティプログラムを使って Red Hat Cloud Access AMI の使用権を購入する必要があります。使用権は従来の年間サブスクリプションの形式で提供されます。
Cloud Access AMI を使用するようにデプロイした場合は、インスタンスの登録を解除し、オンプレミスの更新インフラストラクチャに改めて登録してください。ただし、この設定を行うことにより、AWS 外へのデータ送信について、追加のネットワーク料金がかかることにご注意ください。クラウド内の Red Hat Update Infrastructure を使用すれば、ネットワーク料金が発生しないようにできます。
また、「RHUIから取得したパッケージとはいえ、リモートリポジトリから再配布したパッケージについての問い合わせは受け付けられない」や「AWS上でリモートリポジトリを自作して、RHELのHourly On-demandインスタンスに対してであってもパッケージの再配布は認められない。追加の課金などペナルティが発生する。」といった場合も考えられます。
とはいえ、「ライセンス管理が大変なので自分でサブスクリプションを購入して、Red Hat Network Satelliteを使用するのも大変」ということもあると思います。
そこで、完全に自己責任ですがRHELのリモートリポジトリを構築して、リモートリポジトリ経由でパッケージのインストールやアップデートができることを検証してみました。
繰り返しになりますが、リモートリポジトリの導入は全く推奨しないので参考にする場合は自己責任でお願いします。
いきなりまとめ
- AWS上でRHELのリモートリポジトリを構築して、リモートリポジトリ経由でパッケージのインストールやアップデートができる
- ただし、非推奨なので自己責任で
- ライセンス込みのRHELにおいてはRHUIに通信できることが望ましい
- 異なるメジャーバージョンのRPMパッケージを配布することは可能であるが、エラーが出るなど挙動は不安定
検証環境
検証環境は以下の通りです。
リポジトリサーバーはRHEL 9.0で、そのリポジトリサーバーを参照するEC2インスタンスはRHEL 9.1です。
検証環境のリソースはAWS CDKでデプロイしました。使用したコードは以下リポジトリに保存しています。
RHEL リポジトリサーバーの作成
パッケージのダウンロード
それでは、RHEL リポジトリサーバーの作成をしていきましょう。
リポジトリサーバーはRHEL 9.0です。
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)
$ cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"こちらのRHELのアクティブになっているリポジトリ一覧を確認しておきます。
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client ConfigurationBaseOSとAppStreamのリポジトリがありますね。
それぞれのリポジトリの説明や、提供されているパッケージは以下Red Hat公式ドキュメントをご覧ください。
BaseOS
BaseOS リポジトリーのコンテンツは、すべてのインストールの基盤を提供する、基本的な OS 機能のコアセットを提供することを目的としています。
第2章 リポジトリー Red Hat Enterprise Linux 9 | Red Hat Customer Portal
AppStream
AppStream リポジトリーには、さまざまなワークロードとユースケースに対応するために、ユーザー空間アプリケーション、ランタイム言語、およびデータベースが同梱されます。
2.2. AppStream レポジトリー Red Hat Enterprise Linux 9 | Red Hat Customer Portal
それぞれのリポジトリの情報をreposyncでRHUIから同期してきます。RHELにおけるリモートリポジトリ(ローカルミラー)の作成方法は以下Red Hat公式ドキュメントに記載があるので、そちらを参考にします。
まず、BaseOSのパッケージをダウンロードします。デフォルトだとi686も一緒にダウンロードするので、x86_64のみダウンロードするようにします。
# reposyncの結果を保存するディレクトリの作成
$ sudo mkdir /var/repo
# BaseOSのパッケージをダウンロード
$ sudo reposync -p /var/repo --download-metadata -a x86_64 --repo=rhel-9-baseos-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 38 kB/s | 4.1 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 24 MB/s | 38 MB 00:01
(1/2747): pkgconf-1.7.3-9.el9.x86_64.rpm 280 kB/s | 45 kB 00:00
(2/2747): json-glib-1.6.6-1.el9.x86_64.rpm 986 kB/s | 167 kB 00:00
(3/2747): glibc-langpack-li-2.34-28.el9_0.x86_64.rpm 2.4 MB/s | 483 kB 00:00
(4/2747): userspace-rcu-0.12.1-6.el9.x86_64.rpm 2.9 MB/s | 114 kB 00:00
(5/2747): device-mapper-multipath-libs-0.8.7-7.el9.x86_64.rpm 5.5 MB/s | 287 kB 00:00
(6/2747): glibc-langpack-sl-2.34-28.el9_0.x86_64.rpm 3.7 MB/s | 110 kB 00:00
(7/2747): systemd-resolved-250-6.el9_0.x86_64.rpm 4.7 MB/s | 333 kB 00:00
(8/2747): audit-libs-3.0.7-101.el9_0.2.x86_64.rpm 2.2 MB/s | 121 kB 00:00
(9/2747): krb5-server-1.19.1-15.el9_0.x86_64.rpm 5.8 MB/s | 313 kB 00:00
.
.
(中略)
.
.
(2740/2747): systemd-252-14.el9_2.1.x86_64.rpm 44 MB/s | 4.1 MB 00:00
(2741/2747): kernel-modules-core-5.14.0-284.18.1.el9_2.x86_64.rpm 25 MB/s | 36 MB 00:01
(2742/2747): kexec-tools-2.0.25-13.el9_2.1.x86_64.rpm 1.5 MB/s | 499 kB 00:00
(2743/2747): systemd-resolved-252-14.el9_2.1.x86_64.rpm 17 MB/s | 363 kB 00:00
(2744/2747): NetworkManager-libnm-1.42.2-3.el9_2.x86_64.rpm 31 MB/s | 1.8 MB 00:00
(2745/2747): libkadm5-1.20.1-9.el9_2.x86_64.rpm 2.7 MB/s | 81 kB 00:00
(2746/2747): systemd-libs-252-14.el9_2.1.x86_64.rpm 29 MB/s | 652 kB 00:00
(2747/2747): kernel-debug-modules-core-5.14.0-284.18.1.el9_2.x86_64.rpm 37 MB/s | 51 MB 00:01ダウンロードできました。しかし、ふとnoarchのものもダウンロードされているか気になりました。以下コマンドでnoarchのパッケージがあるか確認すると、何もヒットしませんでした。
$ find /var/repo/rhel-9-baseos-rhui-rpms/ -name "*noarch.rpm" | headということで、-aにnoarchも追加して、再度reposyncを実行します。
$ sudo reposync -p /var/repo --download-metadata -a x86_64,noarch --repo=rhel-9-baseos-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 70 kB/s | 4.1 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 53 MB/s | 38 MB 00:00
[SKIPPED] json-glib-1.6.6-1.el9.x86_64.rpm: Already downloaded
[SKIPPED] glibc-langpack-li-2.34-28.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] pkgconf-1.7.3-9.el9.x86_64.rpm: Already downloaded
[SKIPPED] userspace-rcu-0.12.1-6.el9.x86_64.rpm: Already downloaded
[SKIPPED] device-mapper-multipath-libs-0.8.7-7.el9.x86_64.rpm: Already downloaded
[SKIPPED] systemd-resolved-250-6.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] glibc-langpack-sl-2.34-28.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] audit-libs-3.0.7-101.el9_0.2.x86_64.rpm: Already downloaded
[SKIPPED] krb5-server-1.19.1-15.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] python3-3.9.10-2.el9.x86_64.rpm: Already downloaded
[SKIPPED] libdnf-0.65.0-5.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] kernel-core-5.14.0-70.13.1.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] glibc-langpack-doi-2.34-28.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] efivar-libs-38-2.el9.x86_64.rpm: Already downloaded
[SKIPPED] xfsdump-3.1.10-1.el9.x86_64.rpm: Already downloaded
[SKIPPED] libseccomp-2.5.2-2.el9.x86_64.rpm: Already downloaded
[SKIPPED] fwupd-1.7.4-2.el9_0.x86_64.rpm: Already downloaded
[SKIPPED] isns-utils-libs-0.101-4.el9.x86_64.rpm: Already downloaded
.
.
(中略)
.
.
(3117/3127): NetworkManager-config-server-1.42.2-3.el9_2.noarch.rpm 801 kB/s | 21 kB 00:00
(3118/3127): kernel-abi-stablelists-5.14.0-284.18.1.el9_2.noarch.rpm 24 MB/s | 3.4 MB 00:00
(3119/3127): selinux-policy-38.1.11-2.el9_2.3.noarch.rpm 4.9 MB/s | 56 kB 00:00
(3120/3127): systemd-rpm-macros-252-14.el9_2.1.noarch.rpm 2.6 MB/s | 45 kB 00:00
(3121/3127): selinux-policy-sandbox-38.1.11-2.el9_2.3.noarch.rpm 972 kB/s | 51 kB 00:00
(3122/3127): selinux-policy-doc-38.1.11-2.el9_2.3.noarch.rpm 33 MB/s | 2.6 MB 00:00
(3123/3127): NetworkManager-initscripts-updown-1.42.2-3.el9_2.noarch.rpm 692 kB/s | 22 kB 00:00
(3124/3127): sos-audit-4.5.4-1.el9.noarch.rpm 738 kB/s | 23 kB 00:00
(3125/3127): sos-4.5.4-1.el9.noarch.rpm 27 MB/s | 1.1 MB 00:00
(3126/3127): linux-firmware-20230310-134.el9_2.noarch.rpm 36 MB/s | 286 MB 00:07
(3127/3127): linux-firmware-20230310-133.el9_2.noarch.rpm 26 MB/s | 286 MB 00:11
# noarchのパッケージがダウンロードできているか確認
$ find /var/repo/rhel-9-baseos-rhui-rpms/ -name "*noarch.rpm" | head
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-efi-aa64-modules-2.06-27.el9_0.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-common-2.06-27.el9_0.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-efi-x64-modules-2.06-27.el9_0.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-common-2.06-27.el9_0.7.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-efi-aa64-modules-2.06-27.el9_0.7.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.7.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-46.el9.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-efi-x64-modules-2.06-27.el9_0.7.noarch.rpm
/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-efi-aa64-modules-2.06-46.el9_1.3.noarch.rpm
# reposyncの出力先の確認
$ ls -l /var/repo/rhel-9-baseos-rhui-rpms/
total 12
-rw-r--r--. 1 root root 97 Jul 12 10:34 mirrorlist
drwxr-xr-x. 28 root root 4096 Jul 12 10:34 Packages
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 repodata
$ cat /var/repo/rhel-9-baseos-rhui-rpms/mirrorlist
https://rhui.us-east-1.aws.ce.redhat.com/pulp/content/content/dist/rhel9/rhui/9/x86_64/baseos/os
$ ls -l /var/repo/rhel-9-baseos-rhui-rpms/Packages/
total 300
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 a
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 b
drwxr-xr-x. 2 root root 8192 Jul 12 10:34 c
drwxr-xr-x. 2 root root 8192 Jul 12 10:34 d
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 e
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 f
drwxr-xr-x. 2 root root 65536 Jul 12 10:34 g
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 h
drwxr-xr-x. 2 root root 8192 Jul 12 10:34 i
drwxr-xr-x. 2 root root 4096 Jul 12 10:31 j
drwxr-xr-x. 2 root root 16384 Jul 12 10:34 k
drwxr-xr-x. 2 root root 20480 Jul 12 10:34 l
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 m
drwxr-xr-x. 2 root root 8192 Jul 12 10:34 n
drwxr-xr-x. 2 root root 8192 Jul 12 10:31 o
drwxr-xr-x. 2 root root 16384 Jul 12 10:34 p
drwxr-xr-x. 2 root root 80 Jul 12 10:34 q
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 r
drwxr-xr-x. 2 root root 20480 Jul 12 10:34 s
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 t
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 u
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 v
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 w
drwxr-xr-x. 2 root root 4096 Jul 12 10:30 x
drwxr-xr-x. 2 root root 4096 Jul 12 10:34 y
drwxr-xr-x. 2 root root 4096 Jul 12 10:31 z
$ ls -l /var/repo/rhel-9-baseos-rhui-rpms/Packages/a | head
total 14908
-rw-r--r--. 1 root root 88994 Jul 12 10:30 accel-config-3.4.2-2.el9.x86_64.rpm
-rw-r--r--. 1 root root 92744 Jul 12 10:31 accel-config-3.4.6.3-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 91884 Jul 12 10:31 accel-config-3.5.0-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 58766 Jul 12 10:30 accel-config-libs-3.4.2-2.el9.x86_64.rpm
-rw-r--r--. 1 root root 60264 Jul 12 10:30 accel-config-libs-3.4.6.3-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 60273 Jul 12 10:31 accel-config-libs-3.5.0-1.el9.x86_64.rpm
-rw-r--r--. 1 root root 79170 Jul 12 10:30 acl-2.3.1-3.el9.x86_64.rpm
-rw-r--r--. 1 root root 991535 Jul 12 10:30 acpica-tools-20210604-3.el9.x86_64.rpm
-rw-r--r--. 1 root root 988989 Jul 12 10:31 acpica-tools-20210604-5.el9.x86_64.rpm
$ ls -l /var/repo/rhel-9-baseos-rhui-rpms/repodata/
total 39152
-rw-r--r--. 1 root root 408844 Jul 12 10:34 03fc558107d9fffeffbd0c39fae7e1eec9ff532e9fddf2cf04487f7a5c94a581-updateinfo.xml.gz
-rw-r--r--. 1 root root 3576671 Jul 12 10:34 16306d2a7b6ede8b34c4f24fa127537d0b6811bd77f054124fcf8ec496abbc9e-other.xml.gz
-rw-r--r--. 1 root root 17615338 Jul 12 10:34 18f2a156231604288efb4b02628c0b130505a97ab959d4a945ea0408ce5c98ae-primary.sqlite.bz2
-rw-r--r--. 1 root root 9733654 Jul 12 10:34 447e72c182a3ed44b2e607c7e98eab4e4b36a08659a8aa0a4d15a0381468f56e-primary.xml.gz
-rw-r--r--. 1 root root 2655522 Jul 12 10:34 564f42da463a59d4068215a8f2581681aa91068a637d2fc8950e72ff4075cb24-other.sqlite.bz2
-rw-r--r--. 1 root root 3110025 Jul 12 10:34 7f3dff02001f895fc2f1c3547e6f16b78709950aebb138e8357bf8673cb0082e-filelists.sqlite.bz2
-rw-r--r--. 1 root root 2171 Jul 12 10:34 8fd17e5c-9ec5-4a1f-bfd3-068972c88f1b
-rw-r--r--. 1 root root 289915 Jul 12 10:34 b45f50851756a554bd9200b0fe043937a6ae7d2bba57f71ebdd2ed9e7e5406cd-comps.xml
-rw-r--r--. 1 root root 2672843 Jul 12 10:34 bef9ec961561ccac434f2da72470d4923a6ea19e7ce5adf4a37bd10e9ed7aa7d-filelists.xml.gz
-rw-r--r--. 1 root root 4157 Jul 12 10:34 repomd.xmlnoarchのパッケージがダウンロードできましたね。
同じ要領でAppStreamのパッケージもダウンロードします。
$ sudo reposync -p /var/repo --download-metadata -a x86_64,noarch --repo=rhel-9-appstream-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 53 kB/s | 4.5 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 40 MB/s | 23 MB 00:00
Last metadata expiration check: 0:00:05 ago on Wed 12 Jul 2023 10:38:52 AM UTC.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 31 MB/s | 58 MB 00:01
(1/9730): ant-apache-bsf-1.10.9-7.el9.noarch.rpm 339 kB/s | 23 kB 00:00
(2/9730): langpacks-tn-3.0-16.el9.noarch.rpm 147 kB/s | 11 kB 00:00
(3/9730): apr-util-sqlite-1.6.1-20.el9.x86_64.rpm 237 kB/s | 18 kB 00:00
(4/9730): texlive-atveryend-20200406-25.el9.noarch.rpm 13 MB/s | 381 kB 00:00
(5/9730): pcre-utf32-8.44-3.el9.3.x86_64.rpm 5.7 MB/s | 178 kB 00:00
(6/9730): texlive-listofitems-20200406-25.el9.noarch.rpm 12 MB/s | 804 kB 00:00
.
.
(中略)
.
.
(9725/9730): golang-misc-1.19.10-1.el9_2.noarch.rpm 6.3 MB/s | 337 kB 00:00
(9726/9730): open-vm-tools-desktop-12.1.5-1.el9_2.1.x86_64.rpm 11 MB/s | 164 kB 00:00
(9727/9730): open-vm-tools-12.1.5-1.el9_2.1.x86_64.rpm 26 MB/s | 893 kB 00:00
(9728/9730): open-vm-tools-sdmp-12.1.5-1.el9_2.1.x86_64.rpm 880 kB/s | 27 kB 00:00
(9729/9730): grafana-9.0.9-3.el9_2.x86_64.rpm 39 MB/s | 63 MB 00:01
(9730/9730): golang-bin-1.19.10-1.el9_2.x86_64.rpm 18 MB/s | 99 MB 00:05これで、RHEL 9のx86_64, noarchのBaseOSとAppStreamのパッケージ全てダウンロードしました。
どのぐらいのサイズが確認してみましょう。
$ df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 436M 0 436M 0% /dev
tmpfs tmpfs 467M 0 467M 0% /dev/shm
tmpfs tmpfs 187M 5.2M 182M 3% /run
/dev/nvme0n1p4 xfs 100G 39G 62G 39% /
/dev/nvme0n1p3 xfs 495M 171M 325M 35% /boot
/dev/nvme0n1p2 vfat 200M 8.0K 200M 1% /boot/efi
$ du -sh /var/repo/
37G /var/repo/
$ du -sh /var/repo/rhel-9-baseos-rhui-rpms/
5.4G /var/repo/rhel-9-baseos-rhui-rpms/
$ du -sh /var/repo/rhel-9-appstream-rhui-rpms/
31G /var/repo/rhel-9-appstream-rhui-rpms/BaseOSが5.4GBでAppStreamが31GBでした。RHEL 9.2までしかリリースされていない2023/7/16時点でこのサイズなので、実際にリポジトリサーバーを運用する際は--newest-onlyで最新のパッケージのみにしたり、--releaseverで使用しているRHELのリリースバージョンのもののみにしたりとサイズ削減の工夫をすると良いかもしれません。
Nginxの設定
リポジトリサーバーにはHTTP or HTTPSで通信を行います。
デフォルトの参照先のRHUIの設定は以下のとおりです。
$ cat /etc/yum.repos.d/redhat-rhui.repo
[rhel-9-appstream-rhui-debug-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (Debug RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-appstream-rhui-source-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (Source RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-baseos-rhui-debug-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (Debug RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-baseos-rhui-source-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (Source RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-9-rhui-debug-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 9 $basearch from RHUI (Debug RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/codeready-builder/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-9-rhui-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 9 $basearch from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/codeready-builder/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-9-rhui-source-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 9 $basearch from RHUI (Source RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/codeready-builder/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-supplementary-rhui-debug-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - Supplementary from RHUI (Debug RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/supplementary/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-supplementary-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - Supplementary from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/supplementary/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-9-supplementary-rhui-source-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - Supplementary from RHUI (Source RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/supplementary/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt今回作成するリモートリポジトリはNginxをインストールして、HTTPでリモートリポジトリにアクセスできるように設定してあげます。
設定内容は以下Red HatのWebページに記載の内容を参考にして行います。
まずはNginxをインストールします。
# Nginxのインストール
$ sudo dnf install nginx
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:09:55 ago on Wed 12 Jul 2023 08:04:40 AM UTC.
Dependencies resolved.
============================================================================================================
Package Architecture Version Repository Size
============================================================================================================
Installing:
nginx x86_64 1:1.20.1-14.el9 rhel-9-appstream-rhui-rpms 43 k
Installing dependencies:
nginx-core x86_64 1:1.20.1-14.el9 rhel-9-appstream-rhui-rpms 576 k
nginx-filesystem noarch 1:1.20.1-14.el9 rhel-9-appstream-rhui-rpms 13 k
redhat-logos-httpd noarch 90.4-1.el9 rhel-9-appstream-rhui-rpms 18 k
Transaction Summary
============================================================================================================
Install 4 Packages
Total download size: 650 k
Installed size: 1.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): redhat-logos-httpd-90.4-1.el9.noarch.rpm 330 kB/s | 18 kB 00:00
(2/4): nginx-filesystem-1.20.1-14.el9.noarch.rpm 229 kB/s | 13 kB 00:00
(3/4): nginx-core-1.20.1-14.el9.x86_64.rpm 7.4 MB/s | 576 kB 00:00
(4/4): nginx-1.20.1-14.el9.x86_64.rpm 1.9 MB/s | 43 kB 00:00
------------------------------------------------------------------------------------------------------------
Total 5.6 MB/s | 650 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: nginx-filesystem-1:1.20.1-14.el9.noarch 1/4
Installing : nginx-filesystem-1:1.20.1-14.el9.noarch 1/4
Installing : nginx-core-1:1.20.1-14.el9.x86_64 2/4
Installing : redhat-logos-httpd-90.4-1.el9.noarch 3/4
Installing : nginx-1:1.20.1-14.el9.x86_64 4/4
Running scriptlet: nginx-1:1.20.1-14.el9.x86_64 4/4
Verifying : redhat-logos-httpd-90.4-1.el9.noarch 1/4
Verifying : nginx-filesystem-1:1.20.1-14.el9.noarch 2/4
Verifying : nginx-core-1:1.20.1-14.el9.x86_64 3/4
Verifying : nginx-1:1.20.1-14.el9.x86_64 4/4
Installed products updated.
Installed:
nginx-1:1.20.1-14.el9.x86_64 nginx-core-1:1.20.1-14.el9.x86_64
nginx-filesystem-1:1.20.1-14.el9.noarch redhat-logos-httpd-90.4-1.el9.noarch
Complete!
# デフォルトの設定確認
$ cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
# ドキュメントルートの確認
$ ls -l /usr/share/nginx/html
total 12
-rw-r--r--. 1 root root 3971 Dec 5 2022 404.html
-rw-r--r--. 1 root root 4020 Dec 5 2022 50x.html
drwxr-xr-x. 2 root root 27 Jul 12 08:14 icons
lrwxrwxrwx. 1 root root 25 Dec 5 2022 index.html -> ../../testpage/index.html
-rw-r--r--. 1 root root 368 Dec 5 2022 nginx-logo.png
lrwxrwxrwx. 1 root root 14 Dec 5 2022 poweredby.png -> nginx-logo.png
lrwxrwxrwx. 1 root root 37 Dec 5 2022 system_noindex_logo.png -> ../../pixmaps/system-noindex-logo.png/var/repoのシンボリックリンクをドキュメントルート配下に作成します。
# シンボリックリンクの作成
$ sudo ln -s /var/repo /usr/share/nginx/html/repo
# シンボリックリンクが作成されたことを確認
$ ls -l /usr/share/nginx/html
total 12
-rw-r--r--. 1 root root 3971 Dec 5 2022 404.html
-rw-r--r--. 1 root root 4020 Dec 5 2022 50x.html
drwxr-xr-x. 2 root root 27 Jul 12 08:33 icons
lrwxrwxrwx. 1 root root 25 Dec 5 2022 index.html -> ../../testpage/index.html
-rw-r--r--. 1 root root 368 Dec 5 2022 nginx-logo.png
lrwxrwxrwx. 1 root root 14 Dec 5 2022 poweredby.png -> nginx-logo.png
lrwxrwxrwx. 1 root root 9 Jul 16 02:09 repo -> /var/repo
lrwxrwxrwx. 1 root root 37 Dec 5 2022 system_noindex_logo.png -> ../../pixmaps/system-noindex-logo.pngこのまま/usr/share/nginx/html/repo/配下にアクセスしてもシンボリックリンクを使っている関係上403エラーになるため、locationを設定してあげます。autoindexは有効でなくても問題ありません。
$ sudo vi /etc/nginx/nginx.conf
$ cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
.
.
(中略)
.
.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html/;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /repo/ {
allow all;
sendfile on;
sendfile_max_chunk 1m;
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
.
.
(中略)
.
.
}
# 設定ファイルにシンタックスエラーがないか確認
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful「いざ、curlでアクセス」といきたいところですが、シンボリックリンクを使っている関係上SELinuxで以下のようなエラーが出力されてしまいます。
2023/07/24 06:00:26 [error] 1581#1581: *11 open() "/usr/share/nginx/html/repo/test.html" failed (13: Permission denied), client: ::1, server: _, request: "HEAD /repo/test.html HTTP/1.1",host: "localhost"そのため、今回はSELinuxをデフォルトのEnforcingからPermissiveに変更します。
# 現在のSELinuxの設定確認
$ sudo getenforce
Enforcing
# SELinuxの設定ファイルの確認
$ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
# grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
# grubby --update-kernel ALL --remove-args selinux
#
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SELinuxをPermissiveに変更
$ sudo setenforce Permissive
# SELinuxが`Permissive`に変更されたか確認
$ sudo getenforce
Permissive
# 設定ファイルは`Permissive`に変更されていないことを確認
$ grep -e '^SELINUX=' /etc/selinux/config
SELINUX=enforcing
# SELinuxを永続的に`Permissive`とするために設定ファイルを更新
$ sudo sed -i s/^SELINUX=.*$/SELINUX=permissive/ /etc/selinux/config
# 設定ファイルが更新されたことを確認
$ grep -e '^SELINUX=' /etc/selinux/config
SELINUX=permissiveこれで下準備が整いました。
Nginxのサービスを起動させましょう。
# Nginxのサービスを起動
$ sudo systemctl start nginx
# Nginxのサービスの自動起動を有効化
$ sudo systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
# Nginxのサービスが起動していることを確認
$ systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2023-07-16 02:10:16 UTC; 36s ago
Main PID: 1073 (nginx)
Tasks: 3 (limit: 5568)
Memory: 4.1M
CPU: 24ms
CGroup: /system.slice/nginx.service
├─1073 "nginx: master process /usr/sbin/nginx"
├─1074 "nginx: worker process"
└─1075 "nginx: worker process"
Jul 16 02:10:16 ip-10-1-1-7.ec2.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jul 16 02:10:16 ip-10-1-1-7.ec2.internal nginx[1071]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 16 02:10:16 ip-10-1-1-7.ec2.internal nginx[1071]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Jul 16 02:10:16 ip-10-1-1-7.ec2.internal systemd[1]: Started The nginx HTTP and reverse proxy server.サービス起動後、curlでlocalhostからRPMパッケージにアクセスできるか確認します。
$ curl -I http://localhost/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 24 Jul 2023 09:33:35 GMT
Content-Type: application/x-redhat-package-manager
Content-Length: 996886
Last-Modified: Wed, 12 Jul 2023 10:34:37 GMT
Connection: keep-alive
ETag: "64ae81bd-f3616"
Accept-Ranges: bytesHTTPステータスコードが200なので問題なくアクセスできていそうですね。
なお、SELinuxはPermissiveに設定したので、以下のように/var/log/audit/audit.logにログ出力されています。
$ sudo grep nginx /var/log/audit/audit.log | tail -n 5
type=AVC msg=audit(1690191215.975:374): avc: denied { read } for pid=920 comm="nginx" name="grub2-pc-modules-2.06-27.el9_0.noarch.rpm" dev="nvme0n1p4" ino=58798290 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1690191215.975:374): avc: denied { open } for pid=920 comm="nginx" path="/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm" dev="nvme0n1p4" ino=58798290 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1690191215.975:374): arch=c000003e syscall=257 success=yes exit=9 a0=ffffff9c a1=557a09c53e04 a2=800 a3=0 items=0 ppid=917 pid=920 auid=4294967295 uid=989 gid=989 euid=989 suid=989 fsuid=989 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=openatAUID="unset" UID="nginx" GID="nginx" EUID="nginx" SUID="nginx" FSUID="nginx" EGID="nginx" SGID="nginx" FSGID="nginx"
type=AVC msg=audit(1690191215.975:375): avc: denied { getattr } for pid=920 comm="nginx" path="/var/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm" dev="nvme0n1p4" ino=58798290 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1690191215.975:375): arch=c000003e syscall=262 success=yes exit=0 a0=9 a1=7f468b28df15 a2=7fff19ba98c0 a3=1000 items=0 ppid=917 pid=920 auid=4294967295 uid=989 gid=989 euid=989 suid=989 fsuid=989 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=newfstatat AUID="unset" UID="nginx" GID="nginx" EUID="nginx" SUID="nginx" FSUID="nginx" EGID="nginx" SGID="nginx" FSGID="nginx"自作したリモートリポジトリサーバーを参照するようにリポジトリ設定を変更
リポジトリの設定を変更
自作したリモートリポジトリサーバーを参照するようにリポジトリ設定を変更します。
まず、curlでリモートリポジトリサーバーのRPMパッケージにアクセスできることを確認します。
$ curl -I http://ip-10-1-1-7.ec2.internal/repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 24 Jul 2023 09:46:47 GMT
Content-Type: application/x-redhat-package-manager
Content-Length: 996886
Last-Modified: Wed, 12 Jul 2023 10:34:37 GMT
Connection: keep-alive
ETag: "64ae81bd-f3616"
Accept-Ranges: bytesアクセスできましたね。
リモートリポジトリサーバーのNginxのアクセスログにもしっかりと記録されていました。
$ sudo tail /var/log/nginx/access.log
.
.
(中略)
.
.
10.1.1.18 - - [24/Jul/2023:09:46:38 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm HTTP/1.1" 200 196608 "-" "curl/7.76.1" "-"
10.1.1.18 - - [24/Jul/2023:09:46:47 +0000] "HEAD /repo/rhel-9-baseos-rhui-rpms/Packages/g/grub2-pc-modules-2.06-27.el9_0.noarch.rpm HTTP/1.1" 200 0 "-" "curl/7.76.1" "-"それではリポジトリの設定を追加してあげます。
# リポジトリの設定ファイル一覧の確認
$ ls -l /etc/yum.repos.d/
total 20
-rw-r--r--. 1 root root 4645 Mar 28 10:22 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 467 Jul 24 09:46 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5792 Jul 24 09:46 redhat-rhui.repo
# 自作リモートリポジトリのリポジトリ設定ファイルの作成
$ sudo vi /etc/yum.repos.d/redhat-self-rhui.repo
# 設定ファイルが作成されたことを確認
$ ls -l /etc/yum.repos.d/
total 24
-rw-r--r--. 1 root root 4645 Mar 28 10:22 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 467 Jul 24 09:46 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5792 Jul 24 09:46 redhat-rhui.repo
-rw-r--r--. 1 root root 530 Jul 24 09:57 redhat-self-rhui.repo
# 設定ファイルの内容の確認
$ cat /etc/yum.repos.d/redhat-self-rhui.repo
[rhel-9-appstream-self-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from self RHUI (RPMs)
baseurl=http://ip-10-1-1-7.ec2.internal/repo/rhel-9-appstream-rhui-rpms
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel-9-baseos-self-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from self RHUI (RPMs)
baseurl=http://ip-10-1-1-7.ec2.internal/repo/rhel-9-baseos-rhui-rpms
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-releaseip-10-1-1-7.ec2.internalというのは自作リモートリポジトリサーバーのプライベートDNS名です。
次に既存リポジトリの無効化を行います。
# 現在のリポジトリ一覧の確認
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-appstream-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs)
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhel-9-baseos-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from self RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
# 既存のAppStreamのリポジトリを無効化
$ sudo dnf config-manager --disable rhel-9-appstream-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# 既存のBaseOSのリポジトリを無効化
$ sudo dnf config-manager --disable rhel-9-baseos-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# 既存のリポジトリが無効化されている = リストに出てこないことを確認
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs)
rhel-9-baseos-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from self RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
# 設定ファイル上でも無効化 = "enabled=0" であることを確認
$ cat /etc/yum.repos.d/redhat-rhui.repo
.
.
(中略)
.
.
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
[rhel-9-baseos-rhui-source-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (Source RPMs)
(以下略)自作したリポジトリサーバーを使ってインストールやアップデートができるか確認
それでは、自作したリポジトリサーバーを使ってインストールやアップデートができるかを確認します。
まず、パッケージの検索することができるかチェックします。
# キャッシュを削除
$ sudo dnf clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
27 files removed
# Nginxを検索
$ sudo dnf search nginx
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 Client Configuration 28 kB/s | 3.2 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs) 98 MB/s | 23 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from self RHUI (RPMs) 87 MB/s | 13 MB 00:00
Last metadata expiration check: 0:00:01 ago on Mon 24 Jul 2023 11:03:16 AM UTC.
============================================ Name Exactly Matched: nginx =============================================
nginx.x86_64 : A high performance web server and reverse proxy server
=========================================== Name & Summary Matched: nginx ============================================
nginx-all-modules.noarch : A meta package that installs all available Nginx modules
nginx-core.x86_64 : nginx minimal core
nginx-filesystem.noarch : The basic directory layout for the Nginx server
nginx-mod-http-image-filter.x86_64 : Nginx HTTP image filter module
nginx-mod-http-perl.x86_64 : Nginx HTTP perl module
nginx-mod-http-xslt-filter.x86_64 : Nginx XSLT module
nginx-mod-mail.x86_64 : Nginx mail modules
nginx-mod-stream.x86_64 : Nginx stream modules
pcp-pmda-nginx.x86_64 : Performance Co-Pilot (PCP) metrics for the Nginx Webserver自作リモートリポジトリを使って検索できましたね。
Nginxのアクセスログでは以下のようなログが出力されます。
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/repomd.xml HTTP/1.1" 200 4618 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/89507edefdfe33c62e0703ba728488b9bf3fdf233b43beec9f9b128bb5b2bde3-comps.xml HTTP/1.1" 200 540155 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/1ca09395474884eeb7c643c08be29f77e9df7c1603be4679279e88ab85850fae-modules.yaml.gz HTTP/1.1" 2006017 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/be5fe010-1588-4689-80ed-372c5165a2c3 HTTP/1.1" 200 2171 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/7b5de085704d69bd6361f3a271c5e53a260a93591bd80fe84e70cbe4ccdedf10-updateinfo.xml.gz HTTP/1.1" 200 1202093 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/69d2efb253d38f139efde0e31b9aa94662d5a7281b9cc87329fe7a17f1f4bc88-primary.xml.gz HTTP/1.1" 200 4569627 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:26 +0000] "GET /repo/rhel-9-appstream-rhui-rpms/repodata/8f72953b56e3932dc176e93580392cc9c3595efa7bb66df0c6c99d87e08ddf6f-filelists.xml.gz HTTP/1.1" 200 17280106 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/repomd.xml HTTP/1.1" 200 4157 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/b45f50851756a554bd9200b0fe043937a6ae7d2bba57f71ebdd2ed9e7e5406cd-comps.xml HTTP/1.1" 200 289915 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/8fd17e5c-9ec5-4a1f-bfd3-068972c88f1b HTTP/1.1" 200 2171 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/bef9ec961561ccac434f2da72470d4923a6ea19e7ce5adf4a37bd10e9ed7aa7d-filelists.xml.gz HTTP/1.1" 200 2672843 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/03fc558107d9fffeffbd0c39fae7e1eec9ff532e9fddf2cf04487f7a5c94a581-updateinfo.xml.gz HTTP/1.1" 200 408844 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"
10.1.1.18 - - [25/Jul/2023:04:15:32 +0000] "GET /repo/rhel-9-baseos-rhui-rpms/repodata/447e72c182a3ed44b2e607c7e98eab4e4b36a08659a8aa0a4d15a0381468f56e-primary.xml.gz HTTP/1.1" 200 9733654 "-" "libdnf (Red Hat Enterprise Linux 9.1; generic; Linux.x86_64)" "-"複数のマイナーリリースのApache HTTP Serverのバージョンの情報が確認できることもチェックしておきます。
$ sudo dnf info httpd --showduplicates
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:06:44 ago on Mon 24 Jul 2023 11:03:16 AM UTC.
Available Packages
Name : httpd
Version : 2.4.51
Release : 7.el9_0
Architecture : x86_64
Size : 1.5 M
Source : httpd-2.4.51-7.el9_0.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.53
Release : 11.el9_2.4
Architecture : x86_64
Size : 54 k
Source : httpd-2.4.53-11.el9_2.4.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.53
Release : 11.el9_2.5
Architecture : x86_64
Size : 53 k
Source : httpd-2.4.53-11.el9_2.5.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.53
Release : 7.el9
Architecture : x86_64
Size : 54 k
Source : httpd-2.4.53-7.el9.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.53
Release : 7.el9_1.1
Architecture : x86_64
Size : 53 k
Source : httpd-2.4.53-7.el9_1.1.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.53
Release : 7.el9_1.5
Architecture : x86_64
Size : 53 k
Source : httpd-2.4.53-7.el9_1.5.src.rpm
Repository : rhel-9-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.el9_1.1やel9_2.5など複数マイナーリリースのパッケージの情報を取得できましたね。
releaseverを指定して最新ではないマイナーリリースのパッケージをインストールできるか確認します。
$ sudo dnf install httpd --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:11:19 ago on Mon 24 Jul 2023 11:03:16 AM UTC.
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Installing:
httpd x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 53 k
Installing dependencies:
apr x86_64 1.7.0-11.el9 rhel-9-appstream-self-rhui-rpms 127 k
apr-util x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 97 k
apr-util-bdb x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 14 k
httpd-core x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 1.5 M
httpd-filesystem noarch 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 17 k
httpd-tools x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 87 k
mailcap noarch 2.1.49-5.el9 rhel-9-baseos-self-rhui-rpms 35 k
redhat-logos-httpd noarch 90.4-1.el9 rhel-9-appstream-self-rhui-rpms 18 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 16 k
mod_http2 x86_64 1.15.19-4.el9_2.4 rhel-9-appstream-self-rhui-rpms 153 k
mod_lua x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 63 k
Transaction Summary
======================================================================================================================
Install 12 Packages
Total download size: 2.2 M
Installed size: 6.0 M
Is this ok [y/N]: N
Operation aborted.RHEL 9.0を指定したにも関わらず、RHEL 9.2のパッケージをインストールしようとしていますね。releaseverでマイナーリリースを指定したい場合は/var/repoのディレクトリをマイナーリリースごとに分割して、デフォルトのリポジトリのように$releaseverを使ってbaseurlを指定すると良いでしょう。
今回は分割していないので、バージョン情報込みでパッケージを指定してあげてインストールできるか確認します。
$ sudo dnf install httpd-2.4.53-7.el9_1.1
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:11:40 ago on Mon 24 Jul 2023 11:03:16 AM UTC.
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Installing:
httpd x86_64 2.4.53-7.el9_1.1 rhel-9-appstream-self-rhui-rpms 53 k
Installing dependencies:
apr x86_64 1.7.0-11.el9 rhel-9-appstream-self-rhui-rpms 127 k
apr-util x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 97 k
apr-util-bdb x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 14 k
httpd-core x86_64 2.4.53-7.el9_1.1 rhel-9-appstream-self-rhui-rpms 1.5 M
httpd-filesystem noarch 2.4.53-7.el9_1.1 rhel-9-appstream-self-rhui-rpms 17 k
httpd-tools x86_64 2.4.53-7.el9_1.1 rhel-9-appstream-self-rhui-rpms 87 k
mailcap noarch 2.1.49-5.el9 rhel-9-baseos-self-rhui-rpms 35 k
redhat-logos-httpd noarch 90.4-1.el9 rhel-9-appstream-self-rhui-rpms 18 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.1-20.el9_2.1 rhel-9-appstream-self-rhui-rpms 16 k
mod_http2 x86_64 1.15.19-2.el9 rhel-9-appstream-self-rhui-rpms 153 k
mod_lua x86_64 2.4.53-7.el9_1.1 rhel-9-appstream-self-rhui-rpms 63 k
Transaction Summary
======================================================================================================================
Install 12 Packages
Total download size: 2.2 M
Installed size: 6.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/12): apr-1.7.0-11.el9.x86_64.rpm 8.2 MB/s | 127 kB 00:00
(2/12): redhat-logos-httpd-90.4-1.el9.noarch.rpm 1.0 MB/s | 18 kB 00:00
.
.
(中略)
.
.
Verifying : apr-util-bdb-1.6.1-20.el9_2.1.x86_64 10/12
Verifying : apr-util-openssl-1.6.1-20.el9_2.1.x86_64 11/12
Verifying : mailcap-2.1.49-5.el9.noarch 12/12
Installed products updated.
Installed:
apr-1.7.0-11.el9.x86_64 apr-util-1.6.1-20.el9_2.1.x86_64 apr-util-bdb-1.6.1-20.el9_2.1.x86_64
apr-util-openssl-1.6.1-20.el9_2.1.x86_64 httpd-2.4.53-7.el9_1.1.x86_64 httpd-core-2.4.53-7.el9_1.1.x86_64
httpd-filesystem-2.4.53-7.el9_1.1.noarch httpd-tools-2.4.53-7.el9_1.1.x86_64 mailcap-2.1.49-5.el9.noarch
mod_http2-1.15.19-2.el9.x86_64 mod_lua-2.4.53-7.el9_1.1.x86_64 redhat-logos-httpd-90.4-1.el9.noarch
Complete!問題なくインストールできました。
アップデートができることも確認しておきましょう。
$ sudo dnf upgrade httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:12:22 ago on Mon 24 Jul 2023 11:03:16 AM UTC.
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Upgrading:
httpd x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 53 k
httpd-core x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 1.5 M
httpd-filesystem noarch 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 17 k
httpd-tools x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 87 k
mod_http2 x86_64 1.15.19-4.el9_2.4 rhel-9-appstream-self-rhui-rpms 153 k
mod_lua x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-self-rhui-rpms 63 k
Transaction Summary
======================================================================================================================
Upgrade 6 Packages
Total download size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): mod_lua-2.4.53-11.el9_2.5.x86_64.rpm 8.0 MB/s | 63 kB 00:00
(2/6): httpd-2.4.53-11.el9_2.5.x86_64.rpm 4.5 MB/s | 53 kB 00:00
(3/6): mod_http2-1.15.19-4.el9_2.4.x86_64.rpm 9.2 MB/s | 153 kB 00:00
.
.
(中略)
.
.
Verifying : httpd-tools-2.4.53-11.el9_2.5.x86_64 9/12
Verifying : httpd-tools-2.4.53-7.el9_1.1.x86_64 10/12
Verifying : httpd-filesystem-2.4.53-11.el9_2.5.noarch 11/12
Verifying : httpd-filesystem-2.4.53-7.el9_1.1.noarch 12/12
Installed products updated.
Upgraded:
httpd-2.4.53-11.el9_2.5.x86_64 httpd-core-2.4.53-11.el9_2.5.x86_64 httpd-filesystem-2.4.53-11.el9_2.5.noarch
httpd-tools-2.4.53-11.el9_2.5.x86_64 mod_http2-1.15.19-4.el9_2.4.x86_64 mod_lua-2.4.53-11.el9_2.5.x86_64
Complete!アップデートも問題なくできましたね。
RHEL 9のリポジトリサーバーからRHEL 8のパッケージを配布してみる
リポジトリサーバーの設定
ふと、RHEL 9のリポジトリサーバーからRHEL 8のパッケージを配布できるのか気になったので検証してみます。
Red Hatの公式ドキュメントには「RHEL 8からRHEL 9のパッケージのフェッチはできず、その逆も然り」という風に記載があります。
Create a local repo with Red Hat Enterprise Linux 8/9
- Only a RHEL 8 system, Red Hat Satellite, or a Capsule can sync RHEL 8 content correctly.
- While the fetch procedures for RHEL8 and RHEL9 are similar, a RHEL8 system can not fetch RHEL9 streams, and vice versa. If you want to save resources and need to fetch streams for both releases, then for example a RHEL used as hypervisor could host a KVM RHEL8 and a KVM RHEL9 guest, and these guests could fetch into NFS exports offered by the hypervisor. The hypervisor could then offer the directories, for example via HTTP(S).
つまりはリポジトリサーバーと同じメジャーバージョンのパッケージのみしか配布できないということですね。
私は諦めません。なんとかゴリ押しで取得できないか試してみます。
まず、適当にRHEL 8のEC2インスタンスを立てます。
$ cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"こちらのEC2インスタンスのRHUIリポジトリの設定を確認します。
$ ls -l /etc/yum.repos.d/redhat-rhui.repo
-rw-r--r--. 1 root root 5768 Jul 24 23:32 /etc/yum.repos.d/redhat-rhui.repo
$ cat /etc/yum.repos.d/redhat-rhui.repo
[rhel-8-appstream-rhui-debug-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Debug RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-appstream-rhui-source-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Source RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-baseos-rhui-debug-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Debug RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-baseos-rhui-source-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Source RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-8-rhui-debug-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Debug RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-8-rhui-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 8 $basearch (RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[codeready-builder-for-rhel-8-rhui-source-rpms]
name=Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Source RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-supplementary-rhui-debug-rpms]
name=Red Hat Enterprise Linux 8 - Supplementary (Debug RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/supplementary/debug
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-supplementary-rhui-rpms]
name=Red Hat Enterprise Linux 8 - Supplementary (RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/supplementary/os
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-supplementary-rhui-source-rpms]
name=Red Hat Enterprise Linux 8 - Supplementary (Source RPMs) from RHUI
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/dist/rhel8/rhui/$releasever/$basearch/supplementary/source/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crtmirrorlistとして`https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/os`などを指定すれば良さそうですね。
あとはクライアント証明書sslclientcertとその鍵sslclientkeyがRHEL 9とRHEL 8で異なりそうです。
ハッシュ値で比較してみましょう。
RHEL 9.0のリポジトリサーバーの証明書や鍵のハッシュ値
$ sudo sha256sum /etc/pki/rhui/product/content-rhel9.crt
7770ada84271ba729f1d6c74fa607d5416ad2e986a3051a0db5c558a685894be /etc/pki/rhui/product/content-rhel9.crt
$ sudo sha256sum /etc/pki/rhui/content-rhel9.key
b0f4102ed482789f5e41411740ff6d24a276c05379f6d9b17decc2d8bdd149c4 /etc/pki/rhui/content-rhel9.key
$ sudo sha256sum /etc/pki/rhui/cdn.redhat.com-chain.crt
39e65fabe7560d366be3bc4d133bcdef13e30d41ac552a05d182e2f66395422d /etc/pki/rhui/cdn.redhat.com-chain.crtRHEL 9.1のクライアントの証明書や鍵のハッシュ値
$ sudo sha256sum /etc/pki/rhui/product/content-rhel9.crt
7770ada84271ba729f1d6c74fa607d5416ad2e986a3051a0db5c558a685894be /etc/pki/rhui/product/content-rhel9.crt
$ sudo sha256sum /etc/pki/rhui/content-rhel9.key
b0f4102ed482789f5e41411740ff6d24a276c05379f6d9b17decc2d8bdd149c4 /etc/pki/rhui/content-rhel9.key
$ sudo sha256sum /etc/pki/rhui/cdn.redhat.com-chain.crt
39e65fabe7560d366be3bc4d133bcdef13e30d41ac552a05d182e2f66395422d /etc/pki/rhui/cdn.redhat.com-chain.crtRHEL 8.5のクライアントの証明書や鍵のハッシュ値
$ sudo sha256sum /etc/pki/rhui/product/content-rhel8.crt
5c3d04224f97df1d80456815fc90326cf7c99d609ac8f436f4b8cbf86c188a11 /etc/pki/rhui/product/content-rhel8.crt
sudo sha256sum /etc/pki/rhui/content-rhel8.key
59915e861870934edd6e840d88e320182467a2ea47bf3e223864a6eaf424498a /etc/pki/rhui/content-rhel8.key
$ sudo sha256sum /etc/pki/rhui/cdn.redhat.com-chain.crt
39e65fabe7560d366be3bc4d133bcdef13e30d41ac552a05d182e2f66395422d /etc/pki/rhui/cdn.redhat.com-chain.crtCA証明書はメジャーバージョンが異なる場合も同じようですが、クライアント証明書や鍵はメジャーバージョンによって異なり、マイナーバージョン間では同じのようですね。
RHEL 8のクライアント証明書と鍵をRHEL 9のリポジトリサーバーにコピーします。
コピーしたあとクライアント証明書と鍵がrootユーザーしか読み取れないように権限を変更します。
$ sudo chmod 600 /etc/pki/rhui/content-rhel8.key
$ ls -l /etc/pki/rhui/
total 20
-rw-------. 1 root root 7411 Jun 23 07:20 cdn.redhat.com-chain.crt
-rw-------. 1 root root 1676 Jul 12 11:04 content-rhel8.key
-rw-------. 1 root root 3247 Jun 23 07:20 content-rhel9.key
drwxr-xr-x. 2 root root 95 Jul 24 10:38 product
-rw-------. 1 root root 3243 Jun 23 07:20 rhui-client-config-server-9.key
$ sudo chmod 600 /etc/pki/rhui/product/content-rhel8.crt
$ ls -l /etc/pki/rhui/product/
total 44
-rw-------. 1 root root 14269 Jul 12 11:05 content-rhel8.crt
-rw-------. 1 root root 23524 Jun 23 07:20 content-rhel9.crt
-rw-------. 1 root root 2488 Jun 23 07:20 rhui-client-config-server-9.crt下準備が完了したのでRHEL 9のリポジトリサーバーでRHEL 8のリポジトリの設定を行います。
# RHEL 8のリポジトリ設定の追記
$ sudo vi /etc/yum.repos.d/redhat-rhui.repo
# 追記した内容の確認
$ tail -n 25 /etc/yum.repos.d/redhat-rhui.repo
[rhel-8-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/8/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
[rhel-8-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/8/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel8.key
sslclientcert=/etc/pki/rhui/product/content-rhel8.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crtRHEL 8.6のBaseOSの最新のパッケージをreposyncします。
$ sudo reposync -p /var/repo --download-metadata -a x86_64,noarch --repo=rhel-8-baseos-rhui-rpms --newest-only --releasever=8.6
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs) 81 kB/s | 4.1 kB 00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs) 60 MB/s | 148 MB 00:02
(1/1382): tpm-tools-pkcs11-1.3.9.2-1.el8.x86_64.rpm 1.2 MB/s | 63 kB 00:00
(2/1382): kpatch-patch-4_18_0-305_12_1-1-2.el8_4.x86_64.rpm 316 kB/s | 17 kB 00:00
(3/1382): libevent-2.1.8-5.el8.x86_64.rpm 3.8 MB/s | 253 kB 00:00
(4/1382): target-restore-2.1.74-1.el8.noarch.rpm 1.3 MB/s | 24 kB 00:00
(5/1382): conntrack-tools-1.4.4-10.el8.x86_64.rpm 6.8 MB/s | 204 kB 00:00
(6/1382): perl-Data-Dumper-2.167-399.el8.x86_64.rpm 3.0 MB/s | 58 kB 00:00
(7/1382): pciutils-devel-3.7.0-1.el8.x86_64.rpm 2.6 MB/s | 44 kB 00:00
(8/1382): pcre-8.42-6.el8.x86_64.rpm 13 MB/s | 211 kB 00:00
(9/1382): p11-kit-server-0.23.22-1.el8.x86_64.rpm 9.8 MB/s | 179 kB 00:00
.
.
(中略)
.
.
(1376/1382): glibc-langpack-doi-2.28-189.5.el8_6.x86_64.rpm 10 MB/s | 420 kB 00:00
(1377/1382): glibc-langpack-kn-2.28-189.5.el8_6.x86_64.rpm 9.4 MB/s | 420 kB 00:00
(1378/1382): libdnf-0.63.0-8.2.el8_6.x86_64.rpm 24 MB/s | 706 kB 00:00
(1379/1382): rsync-3.1.3-14.el8_6.3.x86_64.rpm 15 MB/s | 409 kB 00:00
(1380/1382): kpatch-patch-4_18_0-372_26_1-1-1.el8_6.x86_64.rpm 537 kB/s | 16 kB 00:00
(1381/1382): kernel-debug-modules-4.18.0-372.32.1.el8_6.x86_64.rpm 40 MB/s | 59 MB 00:01
(1382/1382): linux-firmware-20220210-108.git6342082c.el8_6.noarch.rpm 35 MB/s | 196 MB 00:05
$ ls -l /var/repo/rhel-8-baseos-rhui-rpms/
total 12
-rw-r--r--. 1 root root 100 Jul 12 11:13 mirrorlist
drwxr-xr-x. 28 root root 4096 Jul 12 11:13 Packages
drwxr-xr-x. 2 root root 4096 Jul 12 11:13 repodata
$ du -sh /var/repo/rhel-8-baseos-rhui-rpms/
1.4G /var/repo/rhel-8-baseos-rhui-rpms/特にエラーもなくRHEL 8のパッケージをダウンロードできましたね。
本当に--releasever=8.6が効いているのか確認します。
$ find /var/repo/rhel-8-baseos-rhui-rpms/ -name "*el8_7.x86_64.rpm" | head
/var/repo/rhel-8-baseos-rhui-rpms/Packages/l/libsolv-0.7.20-4.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/l/libtasn1-4.13-4.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/l/libqb-devel-1.0.3-13.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/l/libksba-1.3.5-9.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/l/libqb-1.0.3-13.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/k/kmod-redhat-oracleasm-kernel_4_18_0_425_10_1-2.0.8-15.1.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/k/kmod-redhat-oracleasm-kernel_4_18_0_425_3_1-2.0.8-15.1.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/k/kpatch-patch-4_18_0-425_19_2-0-0.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/k/kpatch-patch-4_18_0-425_10_1-1-4.el8_7.x86_64.rpm
/var/repo/rhel-8-baseos-rhui-rpms/Packages/k/kpatch-patch-4_18_0-425_13_1-1-2.el8_7.x86_64.rpmRHEL 8.7のパッケージも含まれていますね。
ということで、--releaseverを指定する場合はmirrorlistに固定値ではなく`https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os`のように`$releasever`を設定しましょう。
ただし、$releaseverを指定する場合は、都度--releasever=バージョン名を指定する必要があるので注意が必要です。(RHEL 9で実行している関係上コマンドラインで明示的に指定しなければ$releaseverは9になるため)
RHEL 8のAppStreamのパッケージもダウンロードします。
$ sudo reposync -p /var/repo --download-metadata -a x86_64,noarch --repo=rhel-8-appstream-rhui-rpms --newest-only --releasever=8.8
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs) 23 MB/s | 58 MB 00:02
Last metadata expiration check: 0:00:16 ago on Tue 25 Jul 2023 12:00:05 AM UTC.
Modular dependency problems:
Problem 1: conflicting requests
- nothing provides module(platform:el8) needed by module gimp:2.8:820181213135540:77fc8825.x86_64
Problem 2: conflicting requests
- nothing provides module(platform:el8) needed by module jaxb:4:8080020230207081414:9d367344.x86_64
Problem 3: conflicting requests
- nothing provides module(platform:el8) needed by module mercurial:4.8:820190108205035:77fc8825.x86_64
Problem 4: conflicting requests
- nothing provides module(platform:el8) needed by module perl:5.26:820181219174508:9edba152.x86_64
Problem 5: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module container-tools:rhel8:8080020230615140555:0f77c1b7.x86_64
Problem 6: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module freeradius:3.0:8080020221214103624:89170a74.x86_64
Problem 7: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module go-toolset:rhel8:8080020230627164522:6b4b45d8.x86_64
Problem 8: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module httpd:2.4:8080020230428145624:63b34585.x86_64
Problem 9: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module idm:client:8080020230211161129:152c1be2.x86_64
Problem 10: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module inkscape:0.92.3:8080020221109110104:3e031279.x86_64
Problem 11: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module jmc:rhel8:8050020211005144542:6392b1f8.x86_64
Problem 12: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module llvm-toolset:rhel8:8080020230119204057:fd72936b.x86_64
Problem 13: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module log4j:2:8080020221020123337:9d367344.x86_64
Problem 14: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mailman:2.1:8050020211129071856:aa3ced04.x86_64
Problem 15: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mariadb:10.3:8060020220715055054:ad008a3a.x86_64
Problem 16: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module maven:3.5:8060020220428102527:219351c9.x86_64
Problem 17: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mod_auth_openidc:2.3:8070020220413132751:3b9f49c4.x86_64
Problem 18: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mysql:8.0:8080020230322094358:63b34585.x86_64
Problem 19: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module nginx:1.14:8000020190830002848:f8e95b4e.x86_64
Problem 20: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module nodejs:10:8030020210225164533:229f0a1c.x86_64
Problem 21: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module postgresql:10:8070020221124143148:bd1311ed.x86_64
Problem 22: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python27:2.7:8080020230609134836:392b0bf1.x86_64
Problem 23: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python36:3.6:8080020230209124910:683b2e54.x86_64
Problem 24: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python38:3.8:8080020230531142020:a822e92f.x86_64
Problem 25: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python39:3.9:8080020230531142208:93c2fc2f.x86_64
Problem 26: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module redis:5:8040020211011074037:522a0ee4.x86_64
Problem 27: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module rhn-tools:1.0:8010020190425142954:f69d1239.x86_64
Problem 28: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module ruby:2.5:8060020220715152618:ad008a3a.x86_64
Problem 29: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module rust-toolset:rhel8:8080020230112001903:2e226441.x86_64
Problem 30: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module satellite-5-client:1.0:8010020190621091459:cdc1202b.x86_64
Problem 31: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module squid:4:8080020221208121636:fd72936b.x86_64
Problem 32: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module subversion:1.10:8070020220701055908:78111232.x86_64
Problem 33: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module swig:3.0:8030020200407110056:30b713e6.x86_64
Problem 34: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module varnish:6:8070020221114151716:bd1311ed.x86_64
Problem 35: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module virt:rhel:8080020230612161741:63b34585.x86_64
Problem 36: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module php:7.2:8020020191108065827:2c7ca891.x86_64
- nothing provides module(platform:el8) needed by module php:7.2:820181215112050:76554e01.x86_64
Problem 37: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:5e590cab.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:9168a43d.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:b947e2fe.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:e0b4ded3.x86_64
Problem 38: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:f7485d8d.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:e4fef011.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:6a1d53c5.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:369bdfc6.x86_64
Problem 39: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:200e0407.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:0e56aea9.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:bc93984d.x86_64
Problem 40: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:200e0407.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:bc93984d.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:0e56aea9.x86_64
Problem 41: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:bc93984d.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:0e56aea9.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:200e0407.x86_64
Problem 42: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:0c8a95f7.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:bce9b2db.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:a201e4c2.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:4f86f5e0.x86_64
Problem 43: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:e46b129e.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:66cd6814.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:c5552f1b.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:e5d39b47.x86_64
Problem 44: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:0c8a95f7.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:a201e4c2.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:4f86f5e0.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:bce9b2db.x86_64
Problem 45: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:5c1672a6.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:2e584954.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:7ba85dc7.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:a439c6c3.x86_64
Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs) 56 MB/s | 150 MB 00:02
(1/6884): python3-prettytable-0.7.2-14.el8.noarch.rpm 723 kB/s | 44 kB 00:00
(2/6884): hunspell-fur-0.20050912-16.el8.noarch.rpm 1.8 MB/s | 134 kB 00:00
(3/6884): perl-Mozilla-CA-20160104-7.el8.noarch.rpm 690 kB/s | 15 kB 00:00
(4/6884): perl-ExtUtils-Install-2.14-4.el8.noarch.rpm 3.5 MB/s | 46 kB 00:00
(5/6884): python3-netaddr-0.7.19-8.el8.noarch.rpm 14 MB/s | 1.5 MB 00:00
(6/6884): perl-MailTools-2.20-2.el8.noarch.rpm 3.8 MB/s | 113 kB 00:00
(7/6884): rhnpush-5.5.110-6.module+el8+2757+b847be8a.noarch.rpm 1.1 MB/s | 33 kB 00:00
(8/6884): python3-requests-ftp-0.3.1-11.el8.noarch.rpm 1.7 MB/s | 23 kB 00:00
(9/6884): langpacks-fr-1.0-12.el8.noarch.rpm 354 kB/s | 9.6 kB 00:00
.
.
(中略)
.
.
(6879/6884): java-17-openjdk-17.0.8.0.7-2.el8.x86_64.rpm 10 MB/s | 457 kB 00:00
(6880/6884): java-11-openjdk-devel-11.0.20.0.8-2.el8.x86_64.rpm 32 MB/s | 3.4 MB 00:00
(6881/6884): java-11-openjdk-src-11.0.20.0.8-2.el8.x86_64.rpm 41 MB/s | 50 MB 00:01
(6882/6884): java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.x86_64.rpm 35 MB/s | 34 MB 00:00
(6883/6884): java-11-openjdk-jmods-11.0.20.0.8-2.el8.x86_64.rpm 33 MB/s | 341 MB 00:10
(6884/6884): java-17-openjdk-jmods-17.0.8.0.7-2.el8.x86_64.rpm 27 MB/s | 262 MB 00:09
$ ls -l /var/repo/rhel-8-appstream-rhui-rpms/
total 12
-rw-r--r--. 1 root root 101 Jul 25 00:16 mirrorlist
drwxr-xr-x. 29 root root 4096 Jul 25 00:00 Packages
drwxr-xr-x. 2 root root 4096 Jul 25 00:16 repodata
$ du -sh /var/repo/rhel-8-appstream-rhui-rpms/
11G /var/repo/rhel-8-appstream-rhui-rpms/RHEL 8ではないサーバーからreposyncしていることでダウンロードできないモジュールが大量にありますね。それ以外のパッケージはダウンロードできているようです。
モジュール一覧を表示してみます。
$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs) 64 MB/s | 23 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from self RHUI (RPMs) 41 MB/s | 13 MB 00:00
Last metadata expiration check: 0:00:04 ago on Tue 25 Jul 2023 12:35:05 AM UTC.
Modular dependency problems:
Problem 1: conflicting requests
- nothing provides module(platform:el8) needed by module gimp:2.8:820181213135540:77fc8825.x86_64
Problem 2: conflicting requests
- nothing provides module(platform:el8) needed by module jaxb:4:8080020230207081414:9d367344.x86_64
Problem 3: conflicting requests
- nothing provides module(platform:el8) needed by module mercurial:4.8:820190108205035:77fc8825.x86_64
Problem 4: conflicting requests
- nothing provides module(platform:el8) needed by module perl:5.26:820181219174508:9edba152.x86_64
Problem 5: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module container-tools:rhel8:8080020230615140555:0f77c1b7.x86_64
Problem 6: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module freeradius:3.0:8080020221214103624:89170a74.x86_64
Problem 7: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module go-toolset:rhel8:8080020230627164522:6b4b45d8.x86_64
Problem 8: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module httpd:2.4:8080020230428145624:63b34585.x86_64
Problem 9: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module idm:client:8080020230211161129:152c1be2.x86_64
Problem 10: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module inkscape:0.92.3:8080020221109110104:3e031279.x86_64
Problem 11: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module jmc:rhel8:8050020211005144542:6392b1f8.x86_64
Problem 12: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module llvm-toolset:rhel8:8080020230119204057:fd72936b.x86_64
Problem 13: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module log4j:2:8080020221020123337:9d367344.x86_64
Problem 14: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mailman:2.1:8050020211129071856:aa3ced04.x86_64
Problem 15: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mariadb:10.3:8060020220715055054:ad008a3a.x86_64
Problem 16: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module maven:3.5:8060020220428102527:219351c9.x86_64
Problem 17: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mod_auth_openidc:2.3:8070020220413132751:3b9f49c4.x86_64
Problem 18: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module mysql:8.0:8080020230322094358:63b34585.x86_64
Problem 19: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module nginx:1.14:8000020190830002848:f8e95b4e.x86_64
Problem 20: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module nodejs:10:8030020210225164533:229f0a1c.x86_64
Problem 21: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module postgresql:10:8070020221124143148:bd1311ed.x86_64
Problem 22: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python27:2.7:8080020230609134836:392b0bf1.x86_64
Problem 23: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python36:3.6:8080020230209124910:683b2e54.x86_64
Problem 24: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python38:3.8:8080020230531142020:a822e92f.x86_64
Problem 25: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module python39:3.9:8080020230531142208:93c2fc2f.x86_64
Problem 26: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module redis:5:8040020211011074037:522a0ee4.x86_64
Problem 27: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module rhn-tools:1.0:8010020190425142954:f69d1239.x86_64
Problem 28: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module ruby:2.5:8060020220715152618:ad008a3a.x86_64
Problem 29: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module rust-toolset:rhel8:8080020230112001903:2e226441.x86_64
Problem 30: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module satellite-5-client:1.0:8010020190621091459:cdc1202b.x86_64
Problem 31: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module squid:4:8080020221208121636:fd72936b.x86_64
Problem 32: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module subversion:1.10:8070020220701055908:78111232.x86_64
Problem 33: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module swig:3.0:8030020200407110056:30b713e6.x86_64
Problem 34: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module varnish:6:8070020221114151716:bd1311ed.x86_64
Problem 35: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module virt:rhel:8080020230612161741:63b34585.x86_64
Problem 36: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module php:7.2:8020020191108065827:2c7ca891.x86_64
- nothing provides module(platform:el8) needed by module php:7.2:820181215112050:76554e01.x86_64
Problem 37: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:5e590cab.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:9168a43d.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:b947e2fe.x86_64
- nothing provides module(platform:el8) needed by module perl-libwww-perl:6.34:8060020210901111951:e0b4ded3.x86_64
Problem 38: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:f7485d8d.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:e4fef011.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:6a1d53c5.x86_64
- nothing provides module(platform:el8) needed by module perl-YAML:1.24:8060020210901112033:369bdfc6.x86_64
Problem 39: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:200e0407.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:0e56aea9.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-IO-Socket-SSL:2.066:8060020211122104554:bc93984d.x86_64
Problem 40: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:200e0407.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:bc93984d.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-FCGI:0.78:8060020210901110348:0e56aea9.x86_64
Problem 41: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:bc93984d.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:03d935ed.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:0e56aea9.x86_64
- nothing provides module(platform:el8) needed by module perl-DBI:1.641:8060020211122100623:200e0407.x86_64
Problem 42: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:0c8a95f7.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:bce9b2db.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:a201e4c2.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-SQLite:1.58:8060020210901111154:4f86f5e0.x86_64
Problem 43: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:e46b129e.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:66cd6814.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:c5552f1b.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-Pg:3.7:8060020210901112417:e5d39b47.x86_64
Problem 44: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:0c8a95f7.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:a201e4c2.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:4f86f5e0.x86_64
- nothing provides module(platform:el8) needed by module perl-DBD-MySQL:4.046:8060020210901110310:bce9b2db.x86_64
Problem 45: cannot install the best candidate for the job
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:5c1672a6.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:2e584954.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:7ba85dc7.x86_64
- nothing provides module(platform:el8) needed by module perl-App-cpanminus:1.7044:8060020211122110049:a439c6c3.x86_64
Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs)
Name Stream Profiles Summary
389-ds 1.4 389 Directory Server (base)
ant 1.10 [d] common [ Java build tool
d]
container-tools rhel8 [d] common [ Most recent (rolling) versions of podman, buildah, skopeo, runc, conmon, runc, conmon, CRIU, Udica, etc as well as dependencies such as con
d] tainer-selinux built and tested together, and updated as frequently as every 12 weeks.
container-tools 1.0 common [ Stable versions of podman 1.0, buildah 1.5, skopeo 0.1, runc, conmon, CRIU, Udica, etc as well as dependencies such as container-selinux bu
d] ilt and tested together, and supported for 24 months.
container-tools 2.0 common [ Stable versions of podman 1.6, buildah 1.11, skopeo 0.1, runc, conmon, etc as well as dependencies such as container-selinux built and test
d] ed together, and supported as documented on the Application Stream lifecycle page.
container-tools 3.0 common [ Stable versions of podman 3.0, buildah 1.19, skopeo 1.2, runc, conmon, CRIU, Udica, etc as well as dependencies such as container-selinux b
d] uilt and tested together, and supported as documented on the Application Stream lifecycle page.
container-tools 4.0 common [ Stable versions of podman 4.0, buildah 1.24, skopeo 1.6, runc, conmon, CRIU, Udica, etc as well as dependencies such as container-selinux b
d] uilt and tested together, and supported as documented on the Application Stream lifecycle page.
eclipse rhel8 java [d] An open, extensible IDE and application platform
freeradius 3.0 [d] server [ High-performance and highly configurable free RADIUS server
d]
gimp 2.8 [d] common [ gimp module
d], deve
l
go-toolset rhel8 [d] common [ Go
d]
httpd 2.4 [d] common [ Apache HTTP Server
d], deve
l, minim
al
idm DL1 adtrust, The Red Hat Enterprise Linux Identity Management system module
client,
common
[d], dns
, server
idm client [d] common [ RHEL IdM long term support client module
d]
inkscape 0.92.3 [d] common [ Unsupported. Obsoleted by the inkscape1 package
d]
javapackages-runtime 201801 [d] common [ Basic runtime utilities to support Java applications
d]
jaxb 4 [d] common [ Jakarta XML Binding API and Implementation
d]
jmc rhel8 [d] common [ Java Mission Control is a profiling and diagnostics tool for the Hotspot JVM
d], core
libselinux-python 2.8 common Python 2 bindings for libselinux
llvm-toolset rhel8 [d] common [ LLVM
d]
log4j 2 [d] common [ Java logging library
d]
mailman 2.1 [d] common [ Electronic mail discussion and e-newsletter lists managing software
d]
mariadb 10.3 [d] client, MariaDB Module
galera,
server [
d]
mariadb 10.5 client, MariaDB Module
galera,
server [
d]
maven 3.5 [d] common [ Java project management and project comprehension tool
d]
maven 3.6 common [ Java project management and project comprehension tool
d]
maven 3.8 common [ Java project management and project comprehension tool
d]
mercurial 4.8 [d] common [ Mercurial -- a distributed SCM
d]
mercurial 6.2 common Mercurial -- a distributed SCM
mod_auth_openidc 2.3 [d] default Apache module suporting OpenID Connect authentication
[d]
mysql 8.0 [d] client, MySQL Module
server [
d]
nginx 1.14 [d] common [ nginx webserver
d]
nginx 1.16 common [ nginx webserver
d]
nginx 1.18 common [ nginx webserver
d]
nginx 1.20 common [ nginx webserver
d]
nginx 1.22 common [ nginx webserver
d]
nodejs 10 [d] common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
nodejs 12 common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
nodejs 14 common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
nodejs 16 common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
nodejs 18 common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
parfait 0.5 common Parfait Module
perl 5.24 common [ Practical Extraction and Report Language
d], mini
mal
perl 5.26 [d] common [ Practical Extraction and Report Language
d], mini
mal
perl 5.30 common [ Practical Extraction and Report Language
d], mini
mal
perl 5.32 common [ Practical Extraction and Report Language
d], mini
mal
perl-App-cpanminus 1.7044 [d] common [ Get, unpack, build and install CPAN modules
d]
perl-DBD-MySQL 4.046 [d] common [ A MySQL interface for Perl
d]
perl-DBD-Pg 3.7 [d] common [ A PostgreSQL interface for Perl
d]
perl-DBD-SQLite 1.58 [d] common [ SQLite DBI driver
d]
perl-DBI 1.641 [d] common [ A database access API for Perl
d]
perl-FCGI 0.78 [d] common [ FastCGI Perl bindings
d]
perl-IO-Socket-SSL 2.066 [d] common [ Perl library for transparent TLS
d]
perl-YAML 1.24 [d] common [ Perl parser for YAML
d]
perl-libwww-perl 6.34 [d] common [ A Perl interface to the World-Wide Web
d]
php 7.2 [d] common [ PHP scripting language
d], deve
l, minim
al
php 7.3 common [ PHP scripting language
d], deve
l, minim
al
php 7.4 common [ PHP scripting language
d], deve
l, minim
al
php 8.0 common [ PHP scripting language
d], deve
l, minim
al
pki-core 10.6 PKI Core module for PKI 10.6 or later
pki-deps 10.6 PKI Dependencies module for PKI 10.6 or later
pmdk 1_fileformat_v6 Persistent Memory Development Kit (former NVML)
postgresql 9.6 client, PostgreSQL server and client module
server [
d]
postgresql 10 [d] client, PostgreSQL server and client module
server [
d]
postgresql 12 client, PostgreSQL server and client module
server [
d]
postgresql 13 client, PostgreSQL server and client module
server [
d]
postgresql 15 client, PostgreSQL server and client module
server [
d]
python27 2.7 [d] common [ Python programming language, version 2.7
d]
python36 3.6 [d] build, c Python programming language, version 3.6
ommon [d
]
python38 3.8 [d] build, c Python programming language, version 3.8
ommon [d
]
python39 3.9 [d] build, c Python programming language, version 3.9
ommon [d
]
redis 5 [d] common [ Redis persistent key-value database
d]
redis 6 common [ Redis persistent key-value database
d]
rhn-tools 1.0 [d] common [ Red Hat Satellite 5 tools for RHEL
d]
ruby 2.5 [d] common [ An interpreter of object-oriented scripting language
d]
ruby 2.6 common [ An interpreter of object-oriented scripting language
d]
ruby 2.7 common [ An interpreter of object-oriented scripting language
d]
ruby 3.0 common [ An interpreter of object-oriented scripting language
d]
ruby 3.1 common [ An interpreter of object-oriented scripting language
d]
rust-toolset rhel8 [d] common [ Rust
d]
satellite-5-client 1.0 [d] common [ Red Hat Satellite 5 client packages
d], gui
scala 2.10 [d] common [ A hybrid functional/object-oriented language for the JVM
d]
squid 4 [d] common [ Squid - Optimising Web Delivery
d]
subversion 1.10 [d] common [ Apache Subversion
d], serv
er
subversion 1.14 common [ Apache Subversion
d], serv
er
swig 3.0 [d] common [ Connects C/C++/Objective C to some high-level programming languages
d], comp
lete
swig 4.0 common [ Connects C/C++/Objective C to some high-level programming languages
d], comp
lete
swig 4.1 common [ Connects C/C++/Objective C to some high-level programming languages
d], comp
lete
varnish 6 [d] common [ Varnish HTTP cache
d]
virt rhel [d] common [ Virtualization module
d]
Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs)
Name Stream Profiles Summary
maven 3.8 common [ Java project management and project comprehension tool
d]
nginx 1.22 common [ nginx webserver
d]
nodejs 18 common [ Javascript runtime
d], deve
lopment,
minimal
, s2i
php 8.1 common [ PHP scripting language
d], deve
l, minim
al
postgresql 15 client, PostgreSQL server and client module
server [
d]
ruby 3.1 common [ An interpreter of object-oriented scripting language
d]
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalledモジュールとして認識はできていそうですが、ここまでエラーが出ていると本番環境では使いづらいですね。
ちなみに、RHEL 9のモジュールでは特にエラーは出力されていません。
試しにRHEL 8のリポジトリを無効化するとモジュールのエラーは表示されなくなります。
# RHEL 8 AppStreamのリポジトリの無効化
$ sudo dnf config-manager --disable rhel-8-appstream-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# RHEL 8 BaseOSのリポジトリの無効化
$ sudo dnf config-manager --disable rhel-8-baseos-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# 有効なリポジトリ一覧
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs)
rhel-9-baseos-self-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from self RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
# モジュール一覧
$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:43 ago on Tue 25 Jul 2023 12:35:05 AM UTC.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from self RHUI (RPMs)
Name Stream Profiles Summary
maven 3.8 common [d] Java project management and project comprehension tool
nginx 1.22 common [d] nginx webserver
nodejs 18 common [d], development, minimal, s2i Javascript runtime
php 8.1 common [d], devel, minimal PHP scripting language
postgresql 15 client, server PostgreSQL server and client module
ruby 3.1 common [d] An interpreter of object-oriented scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalledRHEL 9のリポジトリサーバーからRHEL 8のパッケージのインストールやアップデートができるか確認
それではRHEL 9のリポジトリサーバーからRHEL 8のパッケージのインストールやアップデートができるか確認します。
まず、RHEL 8からRHEL 9のリポジトリにアクセスできるか確認します。
$ curl -I http://ip-10-1-1-7.ec2.internal/repo/rhel-8-baseos-rhui-rpms/
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 25 Jul 2023 00:41:38 GMT
Content-Type: text/html
Connection: keep-alive
$ curl http://ip-10-1-1-7.ec2.internal/repo/rhel-8-baseos-rhui-rpms/
<html>
<head><title>Index of /repo/rhel-8-baseos-rhui-rpms/</title></head>
<body>
<h1>Index of /repo/rhel-8-baseos-rhui-rpms/</h1><hr><pre><a href="../">../</a>
<a href="Packages/">Packages/</a> 12-Jul-2023 11:13 -
<a href="repodata/">repodata/</a> 25-Jul-2023 00:33 -
<a href="mirrorlist">mirrorlist</a> 25-Jul-2023 00:33 98
</pre><hr></body>
</html>アクセスできますね。
それでは、RHEL 9のリポジトリサーバーを見に行くようにRHEL 8のリポジトリの設定を変更します。
# リポジトリの設定ファイル一覧の確認
$ ls -l /etc/yum.repos.d/
total 20
-rw-r--r--. 1 root root 4782 Oct 21 2021 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 482 Jul 25 00:40 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5768 Jul 25 00:40 redhat-rhui.repo
# 自作リモートリポジトリのリポジトリ設定ファイルの作成
$ sudo vi /etc/yum.repos.d/redhat-self-rhui.repo
# 設定ファイルが作成されたことを確認
$ ls -l /etc/yum.repos.d/
total 24
-rw-r--r--. 1 root root 4782 Oct 21 2021 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 482 Jul 25 00:40 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5768 Jul 25 00:40 redhat-rhui.repo
-rw-r--r--. 1 root root 522 Jul 25 00:44 redhat-self-rhui.repo
# 設定ファイルの内容の確認
$ cat /etc/yum.repos.d/redhat-self-rhui.repo
[rhel-8-appstream-self-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from self RHUI (RPMs)
baseurl=http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel-8-baseos-self-rhui-rpms]
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from self RHUI (RPMs)
baseurl=http://ip-10-1-1-7.ec2.internal/repo/rhel-8-baseos-rhui-rpms
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release設定追加後、デフォルトのRHUIのリポジトリを無効化します。
# 現在のリポジトリ一覧の確認
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-8-appstream-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs)
rhel-8-appstream-self-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream from self RHUI (RPMs)
rhel-8-baseos-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs)
rhel-8-baseos-self-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS from self RHUI (RPMs)
rhui-client-config-server-8 Red Hat Update Infrastructure 3 Client Configuration Server 8
# 既存のAppStreamのリポジトリを無効化
$ sudo dnf config-manager --disable rhel-8-appstream-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# 既存のBaseOSのリポジトリを無効化
$ sudo dnf config-manager --disable rhel-8-baseos-rhui-rpms
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
# 既存のリポジトリが無効化されている = リストに出てこないことを確認
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-8-appstream-self-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream from self RHUI (RPMs)
rhel-8-baseos-self-rhui-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS from self RHUI (RPMs)
rhui-client-config-server-8 Red Hat Update Infrastructure 3 Client Configuration Server 8パッケージの検索することができるかチェックします。
$ sudo dnf search nginx
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 8 for x86_64 - AppStream from self RHUI (RPMs) 96 MB/s | 58 MB 00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from self RHUI (RPMs) 119 MB/s | 62 MB 00:00
Last metadata expiration check: 0:00:15 ago on Tue 25 Jul 2023 12:45:57 AM UTC.
============================================================================== Name Exactly Matched: nginx ==============================================================================
nginx.x86_64 : A high performance web server and reverse proxy server
============================================================================= Name & Summary Matched: nginx =============================================================================
nginx-all-modules.noarch : A meta package that installs all available Nginx modules
nginx-filesystem.noarch : The basic directory layout for the Nginx server
nginx-mod-http-image-filter.x86_64 : Nginx HTTP image filter module
nginx-mod-http-perl.x86_64 : Nginx HTTP perl module
nginx-mod-http-xslt-filter.x86_64 : Nginx XSLT module
nginx-mod-mail.x86_64 : Nginx mail modules
nginx-mod-stream.x86_64 : Nginx stream modules
pcp-pmda-nginx.x86_64 : Performance Co-Pilot (PCP) metrics for the Nginx Webserver問題なく検索できていますね。
Nginxはモジュールエラーが出ていたストリームだったのですが、情報の取得はできるようです。
複数のマイナーリリースのApache HTTP Serverのバージョンの情報が確認できることもチェックしておきます。
$ sudo dnf info httpd --showduplicates
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:06 ago on Tue 25 Jul 2023 12:47:30 AM UTC.
Available Packages
Name : httpd
Version : 2.4.37
Release : 10.module+el8+2764+7127e69e
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-10.module+el8+2764+7127e69e.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 11.module+el8.0.0+2969+90015743
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-11.module+el8.0.0+2969+90015743.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 12.module+el8.0.0+4096+eb40e6da
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 16.module+el8.1.0+4134+e6bad0ed
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 21.module+el8.2.0+5008+cca404a3
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 30.module+el8.3.0+7001+0766b9e7
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 39.module+el8.4.0+12865+a7065a39.1
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-39.module+el8.4.0+12865+a7065a39.1.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 39.module+el8.4.0+13086+7519fa2d.2
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-39.module+el8.4.0+13086+7519fa2d.2.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 39.module+el8.4.0+9658+b87b2deb
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 41.module+el8.5.0+11772+c8e0c271
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 43.module+el8.5.0+13064+c4b14997
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-43.module+el8.5.0+13064+c4b14997.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 43.module+el8.5.0+13806+b30d9eec.1
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 43.module+el8.5.0+14370+51c6d843.2
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-43.module+el8.5.0+14370+51c6d843.2.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 43.module+el8.5.0+14530+6f259f31.3
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 47.module+el8.6.0+14529+083145da.1
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 47.module+el8.6.0+15654+427eba2e.2
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 51.module+el8.7.0+16050+02173b8e
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 51.module+el8.7.0+18026+7b169787.1
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 51.module+el8.7.0+18499+2e106f0b.5
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 56.module+el8.8.0+18556+a66138c1.4
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.37
Release : 56.module+el8.8.0+18758+b3a9c8da.6
Architecture : x86_64
Size : 1.4 M
Source : httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.src.rpm
Repository : rhel-8-appstream-self-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.RHEL 8のApache HTTP Server全てのバージョンの情報が表示されました。
reposyncの際に--newest-onlyを指定していたのですが、メタデータとしては残るのでしょうか。
試しに、最新ではないApache HTTP Serverをインストールしようとしてみます。
$ sudo dnf install httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:03:07 ago on Tue 25 Jul 2023 12:51:58 AM UTC.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18556+a66138c1.4 rhel-8-appstream-self-rhui-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 rhel-8-appstream-self-rhui-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18556+a66138c1.4 rhel-8-appstream-self-rhui-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18556+a66138c1.4 rhel-8-appstream-self-rhui-rpms 110 k
mailcap noarch 2.1.48-3.el8 rhel-8-baseos-self-rhui-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 rhel-8-appstream-self-rhui-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 rhel-8-baseos-self-rhui-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
=========================================================================================================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Is this ok [y/N]: y
Downloading Packages:
[MIRROR] httpd-tools-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: Status code: 404 for http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-tools-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm (IP: 10.1.1.7)
[MIRROR] httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: Status code: 404 for http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm (IP: 10.1.1.7)
[MIRROR] httpd-tools-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: Status code: 404 for http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-tools-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm (IP: 10.1.1.7)
[MIRROR] httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: Status code: 404 for http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm (IP: 10.1.1.7)
[MIRROR] httpd-tools-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: Status code: 404 for http://ip-10-1-1-7.ec2.internal/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-tools-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm (IP: 10.1.1.7)
[FAILED] httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rpm: No more mirrors to try - All mirrors were already tried without success
(2-3/10): httpd-tools-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64.rp 74% [===================================================== ] 1.2 MB/s | 1.5 MB 00:00 ETA
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
Cannot download Packages/h/httpd-2.4.37-56.module%2bel8.8.0%2b18556%2ba66138c1.4.x86_64.rpm: All mirrors were tried404エラーでインストールに失敗していますね。
RHEL 9リポジトリサーバーでRHEL 8で使えるApache HTTP Serverのパッケージ一覧を確認すると、1つしかありませんでした。--newest-onlyが効いていそうですね。
$ find /var/repo/rhel-8-appstream-rhui-rpms/ -name "httpd-2.4.37-56.module*"
/var/repo/rhel-8-appstream-rhui-rpms/Packages/h/httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64.rpm最新のApache HTTP Serverをインストールします。
$ sudo dnf install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 8 for x86_64 - AppStream from self RHUI (RPMs) 1.7 MB/s | 4.5 kB 00:00
Last metadata expiration check: 0:00:01 ago on Tue 25 Jul 2023 12:51:58 AM UTC.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================
Installing:
httpd x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 rhel-8-appstream-self-rhui-rpms 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 rhel-8-appstream-self-rhui-rpms 130 k
apr-util x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 105 k
httpd-filesystem noarch 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 rhel-8-appstream-self-rhui-rpms 43 k
httpd-tools x86_64 2.4.37-56.module+el8.8.0+18758+b3a9c8da.6 rhel-8-appstream-self-rhui-rpms 110 k
mailcap noarch 2.1.48-3.el8 rhel-8-baseos-self-rhui-rpms 39 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+18751+b4557bca.3 rhel-8-appstream-self-rhui-rpms 155 k
redhat-logos-httpd noarch 84.5-1.el8 rhel-8-baseos-self-rhui-rpms 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 rhel-8-appstream-self-rhui-rpms 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
=========================================================================================================================================================================================
Install 10 Packages
Total download size: 2.1 M
Installed size: 5.5 M
Is this ok [y/N]: y
Downloading Packages:
(1/10): apr-1.6.3-12.el8.x86_64.rpm 20 MB/s | 130 kB 00:00
(2/10): apr-util-openssl-1.6.1-6.el8_8.1.x86_64.rpm 2.6 MB/s | 27 kB 00:00
(3/10): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 1.1 MB/s | 25 kB 00:00
.
.
(中略)
.
.
Verifying : httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch 8/10
Verifying : mailcap-2.1.48-3.el8.noarch 9/10
Verifying : redhat-logos-httpd-84.5-1.el8.noarch 10/10
Installed products updated.
Installed:
apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8_8.1.x86_64 apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64 httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 httpd-filesystem-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.noarch
httpd-tools-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 mailcap-2.1.48-3.el8.noarch mod_http2-1.15.7-8.module+el8.8.0+18751+b4557bca.3.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
Complete!問題なくインストールできました。
アップデートができるかも確認します。
$ sudo dnf upgrade tar
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:32 ago on Tue 25 Jul 2023 12:56:48 AM UTC.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================
Upgrading:
tar x86_64 2:1.30-9.el8 rhel-8-baseos-self-rhui-rpms 839 k
Transaction Summary
=========================================================================================================================================================================================
Upgrade 1 Package
Total download size: 839 k
Is this ok [y/N]: y
Downloading Packages:
tar-1.30-9.el8.x86_64.rpm 47 MB/s | 839 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 45 MB/s | 839 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : tar-2:1.30-9.el8.x86_64 1/2
Running scriptlet: tar-2:1.30-9.el8.x86_64 1/2
Running scriptlet: tar-2:1.30-5.el8.x86_64 2/2
Cleanup : tar-2:1.30-5.el8.x86_64 2/2
Running scriptlet: tar-2:1.30-5.el8.x86_64 2/2
Verifying : tar-2:1.30-9.el8.x86_64 1/2
Verifying : tar-2:1.30-5.el8.x86_64 2/2
Installed products updated.
Upgraded:
tar-2:1.30-9.el8.x86_64
Complete!アップデートできました。
AWSにおいてリモートリポジトリの作成は非推奨です。何かあっても自己責任で。
Red Hat Enterprise Linuxのリモートリポジトリサーバーを作ってみました。
AWSにおいてリモートリポジトリの作成は非推奨です。何かあっても自己責任になります。
SSM Patch Managerが使えない環境においてdnf upgrade時にパッケージのバージョンを揃えたい場合は、dnf historyからdnf upgradeでインストールやアップデートされたパッケージのバージョンを控えておき、揃えたいEC2インスタンスでパッケージ名を指定するのが良いでしょう。
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!
0
