• Improve this Doc

    Show / Hide Table of Contents

    How to access CentOS update servers

    Overview

    Each of the two security domains within the UKCloud platform presents its own challenges regarding patching and updating CentOS machines. This article explains how to access the CentOS repository servers to receive updates.

    Before you attempt to establish a connection to the CentOS repo servers, you need to make sure your virtual machines (VMs) can communicate with the CentOS server, which exists outside of your cloud organisation.

    This may involve editing your NAT and firewall settings within your edge gateway to allow traffic to traverse into your virtual data centre (VDC). For how to do this, see the How to create NAT rules and How to create firewall rules.

    Assured OFFICIAL platform

    UKCloud's Assured OFFICIAL security domain is internet facing, so you have the option to configure your VM to connect to the internet and use a standard update tool (such as Spacewalk RHN) or the pubicly accessible CentOS mirrors, or you can use UKCloud-managed repositories.

    Elevated OFFICIAL platform

    Our Elevated OFFICIAL security domain doesn't natively connect to the internet, and the PSN network doesn't have any CentOS repo servers. To receive CentOS updates, you can use UKCloud-managed repository servers or a Walled Garden. Both options are described below.

    Option 1. UKCloud-managed repository servers

    We provide both CentOS standard repositories and EPEL (Extra Packages for Enterprise Linux) for CentOS 6, 7 and 8 on our Elevated OFFICIAL security domain.

    Important

    CentOS6.x is deprecated. You can view details of the CentOS Public Mirror Site here.

    For both Assured and Elevated OFFICIAL security domains, you can configure your systems to reference the following server: https://rh-cds.ukcloud.com. In Assured, this domain is configured in DNS, so you'll automatically be able to resolve it. For Elevated, you'll need to contact UKCloud Support to get the correct IP address and add an entry to /etc/hosts on your systems, or add an entry to your own internal DNS, to be able to resolve it.

    To access CentOS base files, you have 2 options.

    Create your own configuration file

    Create a file called centos-<x>.repo in /etc/yum.repos.d, where <x> is either 6, 7 or 8 depending on your version of CentOS, and populate it with the following:

    CentOS 6:

    [centos-6-base]
    name=centos-6-base
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-base/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
    sslverify=1
    
    [centos-6-updates]
    name=centos-6-updates
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-updates/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
    sslverify=1
    
    [centos-6-extras]
    name=centos-6-extras
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-6-extras/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-6
    sslverify=1
    

    CentOS 7:

    [centos-7-base]
    name=centos-7-base
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-base/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
    sslverify=1
    
    [centos-7-updates]
    name=centos-7-updates
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-updates/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
    sslverify=1
    
    [centos-7-extras]
    name=centos-7-extras
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-7-extras/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-7
    sslverify=1
    

    CentOS 8:

    [centos-8-base]
    name=centos-8-base
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-base/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
    sslverify=1
    
    [centos-8-updates]
    name=centos-8-updates
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-updates/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
    sslverify=1
    
    [centos-8-extras]
    name=centos-8-extras
    baseurl=https://rh-cds.ukcloud.com/centos/packages/centos-8-extras/
    gpgcheck=1
    enabled=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-CentOS-Official
    sslverify=1
    

    To access CentOS EPEL files, create a file called epel_<x>.repo in /etc/yum.repos.d, where <x> is either 6,7 or 8 depending on your version of CentOS, and populate it with the following:

    CentOS 6:

    [epel-6]
    name=Extra Packages for Enterprise Linux 6 - $basearch
    baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-6/
    enabled=1
    gpgcheck=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-6
    sslverify=1
    

    CentOS 7:

    [epel-7]
    name=Extra Packages for Enterprise Linux 7 - $basearch
    baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-7/
    enabled=1
    gpgcheck=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-7
    sslverify=1
    

    CentOS 8:

    [epel-8]
    name=Extra Packages for Enterprise Linux 8 - $basearch
    baseurl=https://rh-cds.ukcloud.com/centos/packages/epel-8/
    enabled=1
    gpgcheck=1
    gpgkey=https://rh-cds.ukcloud.com/centos/keys/RPM-GPG-KEY-EPEL-8
    sslverify=1
    

    Download the configuration file

    Download the repo configuration file directly from the repo server, using the following command (where <x> is either 6, 7 or 8 depending on your version of CentOS):

    CentOS base updates and extras:

    wget -P /etc/yum.repos.d/ https://rh-cds.ukcloud.com/centos/repofiles/centos-x.repo
    

    CentOS EPEL:

    wget -P /etc/yum.repos.d/ https://rh-cds.ukcloud.com/centos/repofiles/epel-x.repo
    

    Remove all other *.repo files in /etc/yum.repos.d/ then execute yum clean all; rm -rf /var/cache/yum; yum repolist.

    Option 2. Walled Garden

    Choose this option only if you want full control of CentOS updates and are already thinking of deploying a Walled Garden. This option involves pulling updates into the Assured security domain, then using UKCloud's Walled Garden to move them to the Elevated security domain.

    It's a much more complex solution than using UKCloud-managed repository servers, and you have sole responsibility for deploying and managing it.

    For more information about the Walled Garden, see the Getting Started Guide for Cross Domain Security Zone.

    Feedback

    If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.

    ☀
    ☾
    Generated by DocFX
    Back to top
    © UKCloud Ltd, 2021. All Rights Reserved.
    Privacy Policy. Terms of Use. Contribute.

    The UKCloud Knowledge Centre uses cookies to ensure that we give you the best experience on our website. If you continue we assume that you consent to receive all cookies on this website.