Create Local Rocky Linux Repository with Ansible and Ascender, AWX, or AAP
Whether for security reasons(you don’t want hosts connecting directly to internet) and/or for efficiency reasons(uses less of your internet connection), it’s often valuable to create a local repository for your Rocky packages. In short, keep a local copy of all the Rocky packages you use so that your servers will just pull from there instead of the internet.
You can do that manually via this useful article here, or you can do it via automation as shown here using ansible playbooks and ascender.
You need a Rocky host with access to the internet, a webserver running on it, and the rsync utility. If you have the Rocky host, this automation can not only setup the rsync, but it can also install and configure the webserver if you like.
Demo Video
Playbook
All of my assets can be found here.
There’s a playbook and a few templates.
I’ll break the playbook down portions of the playbook below:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | vars:
# path to webserver directory to hold all files
web_path: /var/www/local-repo
# path to where scripts and script data should be stored
script_path: /opt/scripts
# how frequent in hours to sync repo
sync_hours_freq: 4
# would you like to install and configure an nginx webserver
configure_webserver: true
# configure selinux for webserver folder storing repo files
selinux_config: true
# sync the repo immediately instead of waiting for standard time interval
sync_now: false
# exclude objects from repository sync
# this list was kindly supplied by Jimmy Conner
repo_exclude:
- '*/Devel*'
- '*/Live*'
- '*/aarch64*'
- '*/ppc64le/*'
- '*/s390x/*'
- '*/kickstart/*'
- '*/source/*'
- '*/debug/*'
- '*/images/*'
- '*/isos/*'
- '*/live/*'
- '*/Devel*'
- '8/*'
- '8.4/*'
- '8.5/*'
- '8.6/*'
- '9/*'
- '9.0/*' |
First I’m setting up several variables. The path variables are pretty straightforward; where do you want things stored. The playbook will actually make sure those paths exist, and then place said files based on the templates in the templates folder.
The sync_hours_freq variable sets how often the cronjob that does the rsync runs. I’ve currently got it set to 4 hours, which should be pretty solid.
The configure_webserver variable(if set to true) will install an Nginx webserver, setup its config file, and configure the firewall to allow access to the server.
selinux_config: true will configure the selinux settings for the web root folder if a configure_webserver is also set to true.
sync_now will(when set to true) start the rsync immediately instead of waiting for the standard interval.
Last, the repo_exclude variable will set up a list of objects in the remote repository to ignore when performing the rsync. The current list was created by my teammate Jimmy Conner, so be sure to thank him.
The remainder of the playbook is pretty straightforward and well documented, so I’ll skip discussing it here.
Conclusion
There are a LOT of benefits to running a local repo, and running this playbook(on average) takes about 40 seconds…so what are you waiting for? Granted, while the playbook runs quickly, it does take a little while for the rsync to complete, but should have its initial run completed in less than a couple hours. After that, updates will move fairly rapidly. As always, please reach out with any questions or comments.
Happy automating and repo-ing!