Ascender Local Rocky Linux Repository

Whether for security reasons (you don’t want hosts connecting directly to the internet) and/or for efficiency reasons (uses less of your internet connection), it’s often valuable to create a local repository for your Rocky packages. In short, keep a local copy of all the Rocky packages you use so that your servers will just pull from there instead of the internet.

You can do that manually via this useful article, or you can do it via automation as shown here using Ansible playbooks and Ascender.

You need a Rocky host with access to the internet, a webserver running on it, and the rsync utility. If you have the Rocky host, this automation can not only set up the rsync, but it can also install and configure the web server if you like.

Demo Video

Playbook

All of my assets can be found here. There’s a playbook and a few templates.

I’ll break down portions of the playbook below:

  vars:
    # path to webserver directory to hold all files
    web_path: /var/www/local-repo

    # path to where scripts and script data should be stored
    script_path: /opt/scripts

    # how frequent in hours to sync repo
    sync_hours_freq: 4

    # would you like to install and configure an nginx webserver 
    configure_webserver: true

    # configure selinux for webserver folder storing repo files
    selinux_config: true

    # sync the repo immediately instead of waiting for standard time interval
    sync_now: false

    # exclude objects from repository sync
    # this list was kindly supplied by Jimmy Conner
    repo_exclude: 
      - '*/Devel*'
      - '*/Live*'
      - '*/aarch64*'
      - '*/ppc64le/*'
      - '*/s390x/*'
      - '*/kickstart/*'
      - '*/source/*'
      - '*/debug/*'
      - '*/images/*'
      - '*/isos/*'
      - '*/live/*'
      - '*/Devel*'
      - '8/*'
      - '8.4/*'
      - '8.5/*'
      - '8.6/*'
      - '9/*'
      - '9.0/*'

First, I’m setting up several variables. The path variables are pretty straightforward; where do you want things stored. The playbook will actually make sure those paths exist, and then place said files based on the templates in the templates folder.

The sync_hours_freq variable sets how often the cronjob that does the rsync runs. I’ve currently got it set to 4 hours, which should be pretty solid.

The configure_webserver variable (if set to true) will install an Nginx web server, set up its config file, and configure the firewall to allow access to the server.

selinux_config: true will configure the selinux settings for the web root folder if a configure_webserver is also set to true.

sync_now will (when set to true) start the rsync immediately instead of waiting for the standard interval.  

Last, the repo_exclude variable will set up a list of objects in the remote repository to ignore when performing the rsync. The current list was created by my teammate Jimmy Conner, so be sure to thank him.

The remainder of the playbook is pretty straightforward and well documented, so I’ll skip discussing it here.

Conclusion

There are a LOT of benefits to running a local repo, and running this playbook (on average) takes about 40 seconds…so what are you waiting for? Granted, while the playbook runs quickly, it does take a little while for the rsync to complete, but should have its initial run completed in less than a couple hours. After that, updates will move fairly rapidly. As always, please reach out with any questions or comments.

Happy automating and repo-ing!

Greg Sowell
Greg Sowell
Principal Solutions Engineer | + posts

Similar Posts