Alma Package Cache

Kory Albert

30 Dec 2024 • 2 min read

Today, I’m back to improving the local repository hosting for my homelab. In a previous blog post, I discussed hosting a local repository and having VMs pull updates from it. While this approach works, it presents challenges during major OS version upgrades.

Recently, I came across an excellent idea from apalrd, to whom all credit is due. I’m writing this new post because his build was Debian-based, whereas my environment is primarily RHEL-based. Naturally, I’ve added some automation to this setup, making it easy for anyone to replicate using the provided Terraform and Ansible scripts.

All the files, including Terraform and Ansible scripts, can be found on my GitHub account (Terraform, Ansible). To begin, we’ll set up the Terraform scripts. The only variable you need to edit is the clone variable, which specifies the image to be cloned. If you cloned the entire repository, the directory structure should remain intact. However, if you didn’t, you’ll also need to update the packageCache.tf file under the Ansible section to correctly reference the script path.

command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -i '${self.default_ipv4_address},' --private-key ${var.pvt_key} -e 'pub_key=${var.pub_key}' ../../../ansible/packageCache.yaml" <-- Edit this

Ansible Script

Next, let’s take a look at the Ansible script. The primary area you’ll need to customize for your setup is the NFS mount configuration. This can either be a local folder or a shared directory, depending on your preference. To adjust this, edit the two relevant tasks in the script. If you decide to keep the default directory, no further changes are necessary.

- name: Add nfs mount to fstab
  ansible.builtin.lineinfile:
    path: /etc/fstab
    line: 192.168.2.252:/mnt/Junk/packageCache /mnt/packagecache nfs _netdev	0 0
    create: no
  
- name: Mount NFS volume
  ansible.posix.mount:
    src: 192.168.2.252:/mnt/Junk/packageCache
    path: /mnt/packagecache
    opts: rw,_netdev
    state: mounted
    fstype: nfs

Rewrite script

To enable the VMs to connect to our new repository cache, we need to update the yum.repo.d files. The easiest way to handle this on existing servers is by using a script originally created by apalrd, which I’ve modified to work with Alma. This updated script is available on my GitHub. For my setup, the DNS entry for the new server is repo.local.koryalbert.net. You’ll need to update this to match your preferred domain name or simply use the server’s IP address.

Terraform

Now, that both the scripts have been modified, we can start provisioning! Inside the terraform folder, run the following commands.

terraform init
terraform plan
terraform apply

Testing

The newly created cache server should be listening for new connections. We should be able to hit it and see our rewrite script.

If we navigate to /almalinux, we will see the proxied repo. This means everything is being forwarded correctly to repo.almalinux.org.

Rewite yum.repo.d

To make this setup fully operational, we need to complete two tasks. First, update all existing VMs with the new repository address. Second, apply the same update to our gold image. To accomplish this, simply access each server and run the following command. This will download and execute the script to update the repository configurations.

bash <(curl -s http://repo.local.koryalbert.net/rewrite.sh)