Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 6)

STEP 6 – build REPOSYNC and REPOTRACK commands for SCRIPTs (for getting filtered packages from BASE, UPDATES, and EXTRAS.
The same pattern works fine for EPEL, but I switched back to using REPOTRACK for EPEL, because I rarely utilize more than a few hundred MB of the EPEL packages and finally got around to parsing out a list.
  • “rs32-reposync-update.sh”    # for getting base, updates, and extras.
  • “rs64-reposync-update.sh”    # for getting base, extras

And, a REPOTRACK script for getting selected packages from EPEL:

  • “rt64-c7x64-update.sh”

An easy way to begin using REPOTRACK is to query existing systems for what packages are installed from a given repo.  To gather my EPEL package list, I ran these two commands on all of my application servers:

  • repoquery -a –installed –qf “%{ui_from_repo} %{name}” | grep ‘^@epel’
  • repoquery -a –installed –qf “%-20{ui_from_repo} %-30{name} %-7{arch} %{epoch}:%-12{version} %-4{release}” | grep ‘^@epel’

Parse the results however you want, and you’ve got the basis for your repotrack script.  Repotrack doesn’t behave exactly like reposync, but it DOES get dependencies for packages, so it isn’t necessary to identify everything in advance.  It also works with wildcards.


Synchronize the directories for the repositories.
The –newest-only option puts only the latest version of each package in the repos.
note: “repoid” must match a repo name in “/etc/yum{$}.repos.d/{$}.repo”

For the “rs-c7x64-update.sh” script:

  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/

list the package URLs, but don’t actually download anything.


  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls

  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=epel –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls

Create (or update) new repodata for the local repositories. Note the option “-g comps.xml” to update the package group information.

  • createrepo /var/www/html/repos/c7x64/base/ -g comps.xml
  • createrepo /var/www/html/repos/c7x64/extras/
  • createrepo /var/www/html/repos/c7x64/updates/
  • createrepo /var/www/html/repos/c7x64/epel/

Do this so that clients will be able to read from the httpd repos:
chcon -R -t httpd_sys_content_t /var/www/html/repos/
Something about “SE Linux” according to a doc at RHEL.
Might throw errors, not sure if it has to be done *after* the first time RepoSync runs and populates the local repos, or if it doesn’t apply when the security settings on the vm are “permissive”.

For the “rs-c7x32-update.sh” script:

  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
Create (or update) new repodata for the local repositories. Note the option “-g comps.xml” to update the package group information.
  • createrepo /var/www/html/repos/c7x32/base/ -g comps.xml
  • createrepo /var/www/html/repos/c7x32/extras/
  • createrepo /var/www/html/repos/c7x32/updates/


For the “rt64-c7x64-update.sh” script:


The repotrack options are very similar to reposync:

  • –config=CONFIG      # defaults to /etc/yum.conf
  • –config=/etc/yumrsc7x64.conf
  • –arch=ARCH # defaults to “current arch” (whatever the systems is currently running at).
  • –repoid=REPOID # default is all enabled.
  • –download_path=DESTDIR # Path to download packages to.
  • –urls # only show download urls, don’t download files.
  • –newest # defaults to newest-only.

For my script, I’ve sorted commands/packages into common groups.  The script is literally the following commands and comments:

# common packages:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest etckeeper htop nss-mdns epel-release

# security packages:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest haveged tripwire fail2ban

# only for a Gui VM:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest imlib2 openbox openbox-libs python2-pyxdg tweak yumex

# for python pypi … note: using “python36-pip” gets “python36, python36-libs, and python36-setuptools”.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest python36-pip 

# for a DNS server:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest dhcping 

# for a docker server… note: using “docker*” gets python dependencies; no need to type them all out.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest docker*

# some git servers want/need this… note: using “github2fedmsg” gets dependencies; no need to type them all out.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest github2fedmsg

# for a kitchen sink PYTHON36*…  using python36* gets a lot of stuff… including… numpy, pyvomi, pytests, requests, tkinter, virtualenv
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest python36*

# for more GIT* packages… includes items like gitolite, gitstats, git-extras, git-tools, 
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest git*

# for MYSQL* … fairly small list of items, some connectors, utilities, and some perl.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest mysql*

# for SQLITE* … small list of items
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest sqlite*

# BUILD THE LOCAL REPOS:
createrepo /var/www/html/repos/c7x64/epel/


One thought on “Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 6)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s