How to access CentOS update servers

Overview

Each of the two security domains within the UKCloud platform presents its own challenges regarding patching and updating CentOS machines. This article explains how to access the CentOS repository servers to receive updates.

Before you attempt to establish a connection to the CentOS repo servers, you need to make sure your virtual machines (VMs) can communicate with the CentOS server, which exists outside of your cloud organisation.

This may involve editing your NAT and firewall settings within your edge gateway to allow traffic to traverse into your virtual data centre (VDC). For how to do this, see the How to create NAT rules and How to create firewall rules.

Assured OFFICIAL platform

UKCloud's Assured OFFICIAL security domain is internet facing, so you have the option to configure your VM to connect to the internet and use a standard update tool (such as Spacewalk RHN) or the pubicly accessible CentOS mirrors, or you can use UKCloud-managed repositories.

Elevated OFFICIAL platform

Our Elevated OFFICIAL security domain doesn't natively connect to the internet, and the PSN network doesn't have any CentOS repo servers. To receive CentOS updates, you can use UKCloud-managed repository servers or a Walled Garden. Both options are described below.

Option 1. UKCloud-managed repository servers

We provide both CentOS standard repositories and EPEL (Extra Packages for Enterprise Linux) for CentOS 6, 7 and 8 on our Elevated OFFICIAL security domain.

Important

CentOS6.x is deprecated. You can view details of the CentOS Public Mirror Site here.

For both Assured and Elevated OFFICIAL security domains, you can configure your systems to reference the following server: https://rh-cds.ukcloud.com. In Assured, this domain is configured in DNS, so you'll automatically be able to resolve it. For Elevated, you'll need to contact UKCloud Support to get the correct IP address and add an entry to /etc/hosts on your systems, or add an entry to your own internal DNS, to be able to resolve it.

To access CentOS base files, you have 2 options.

Create your own configuration file

Create a file called centos-<x>.repo in /etc/yum.repos.d, where <x> is either 6, 7 or 8 depending on your version of CentOS, and populate it with the following:

CentOS 6:

[centos-6-base]
name=centos-6-base
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-base/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
sslverify=1

[centos-6-updates]
name=centos-6-updates
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-updates/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
sslverify=1

[centos-6-extras]
name=centos-6-extras
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-extras/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
sslverify=1

CentOS 7:

[centos-7-base]
name=centos-7-base
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-base/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
sslverify=1

[centos-7-updates]
name=centos-7-updates
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-updates/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
sslverify=1

[centos-7-extras]
name=centos-7-extras
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-extras/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
sslverify=1

CentOS 8:

[centos-8-base]
name=centos-8-base
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-base/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
sslverify=1

[centos-8-updates]
name=centos-8-updates
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-updates/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
sslverify=1

[centos-8-extras]
name=centos-8-extras
baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-extras/
gpgcheck=1
enabled=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
sslverify=1

To access CentOS EPEL files, create a file called epel_<x>.repo in /etc/yum.repos.d, where <x> is either 6,7 or 8 depending on your version of CentOS, and populate it with the following:

CentOS 6:

[epel-6]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-6/
enabled=1
gpgcheck=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-6
sslverify=1

CentOS 7:

[epel-7]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-7/
enabled=1
gpgcheck=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-7
sslverify=1

CentOS 8:

[epel-8]
name=Extra Packages for Enterprise Linux 8 - $basearch
baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-8/
enabled=1
gpgcheck=1
gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-8
sslverify=1

Download the configuration file

Download the repo configuration file directly from the repo server, using the following command (where <x> is either 6, 7 or 8 depending on your version of CentOS):

CentOS base updates and extras:

wget -P /etc/yum.repos.d/ https://rh-cds.ukcloud.com/centos/repofiles/centos-x.repo

CentOS EPEL:

wget -P /etc/yum.repos.d/ https://rh-cds.ukcloud.com/centos/repofiles/epel-x.repo

Remove all other *.repo files in /etc/yum.repos.d/ then execute yum clean all; rm -rf /var/cache/yum; yum repolist.

Option 2. Walled Garden

Choose this option only if you want full control of CentOS updates and are already thinking of deploying a Walled Garden. This option involves pulling updates into the Assured security domain, then using UKCloud's Walled Garden to move them to the Elevated security domain.

It's a much more complex solution than using UKCloud-managed repository servers, and you have sole responsibility for deploying and managing it.

For more information about the Walled Garden, see the Getting Started Guide for Cross Domain Security Zone.

Feedback

If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.