Home Verkennen Help
Registreren Inloggen
AFS
/
infrastructure-notes
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 19d415a178
Aftakkingen Labels
infrastructure-...
/
Reposerver Notes.md

Reposerver Notes.md 2.8 KB
Geschiedenis Ruwe

Reposerver Notes

How to add a new package to the reposerver (which we want to move to S3)

Conduct security checks on packages:

#GPGKey check can be two types of GPG keyrings used on RPM-based systems; RPM or YUM GPG keyring - we use RPM
#Import GPG Pub keys to verify signatures in lieu of SHA (if necessary): https://www.redhat.com/sysadmin/rpm-gpg-verify-packages

cd /var/www/html/redhat/msoc/Packages/

# example of verifying Sensu upgrade
wget https://packagecloud.io/sensu/stable/gpgkey

# view public gpg key downloaded
cat 'name of key'

# import the gpgkey into the RPM database for use
rpm --import 'name of key'

# list the gpg key in the RPM database
rpm -qa 'name of key'*

# visit site to view original hash of package via URL in this example for Sensu 6.4.3; then download package
wget https://packagecloud.io/sensu/stable/packages/el/7/sensu-go-agent-6.4.3-5016.x86_64.rpm/download.rpm

# validate package signature with name of the package downloaded
rpm -K 'name of package'

# validate SHA256 integrity hash and match hash with vendor
sha256sum 'name of package'

# rename package with proper name from vendor
cp 'name of package' 'new name of package to match vendor with .rpm'

# cleanup old GPGKey associated with package after SHA256 passed and old package
rm -rf 'name of key' && rm -rf 'name of package'

msoc-repo

Drop the package(s) that need upgraded into /var/www/html/redhat/msoc/Packages and ensure they're owned by apache

#Multiple Lines
sudo -u apache /bin/bash
cd /var/www/html/redhat && createrepo msoc
exit
restorecon -R /var/www/html/redhat/

#Oneliner
chown -R apache:apache /var/www/html/redhat/msoc/Packages/ && cd /var/www/html/redhat/ && sudo -u apache createrepo msoc && restorecon -R /var/www/html/redhat/

#Splunk Repo uses the version
chown -R apache:apache /var/www/html/splunk/8.2/ && cd /var/www/html/splunk/ && sudo -u apache createrepo 8.2 && restorecon -R /var/www/html/splunk/8.2

#From target server; clean out the cache
yum clean all
yum makecache fast

#From target server; view the available packages
yum --disablerepo="*" --enablerepo="msoc" list available

#From target server
yum install 'name of package'

splunk repo

05/06/2020

Defined in salt/fileroots/splunk/new_install.sls /etc/yum.repos.d/splunk.repo http://reposerver.msoc.defpoint.local/splunk

New Splunk Version Splunk 7.2 needs to be created for PROD moose

cd /var/www/html/splunk
mkdir 7.2
chown -R apache: .
cd 7.2
wget -O splunk-7.2.5.1-962d9a8e1586-linux-2.6-x86_64.rpm 'https://www.splunk.com/page/download_track?file=7.2.5.1/linux/splunk-7.2.5.1-962d9a8e1586-linux-2.6-x86_64.rpm&ac=&wget=true&name=wget&platform=Linux&architecture=x86_64&version=7.2.5.1&product=splunk&typed=release'
chown -R apache: .
cd /var/www/html/splunk/7.2
sudo -u apache createrepo `pwd`
restorecon -R /var/www/html/splunk