Monthly Archives: January 2021

Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System

01 Friday Jan 2021

Posted by in Linux

Leave a comment

This post demonstrates how to patch or upgrade a CentOS 7 host when it doesn’t have internet access or is an isolated system with no access to a yum repo. On a host with internet access (Public facing host) or a local repo, perform the following steps.

1) Make sure you have genisoimage and yum-utils installed. If not install them.

> sudo rpm -q genisoimage-*
genisoimage-1.1.11-25.el7.x86_64

> sudo rpm -q yum-utils
yum-utils-1.1.31-54.el7_8.noarch

> sudo yum install genisoimage
> sudo yum install yum-utils

2) On your internet facing host create folders for the packages you need. You can specify any folder(s) you require. I only require os, extras and updates but you may have packages installed from other folders. The full list is listed below.

atomic/
centosplus/
cloud/
configmanagement/
cr/
dotnet/
extras/
fasttrack/
isos/
messaging/
nfv/
opstools/
os/
paas/
rt/
sclo/
storage/
updates/
virt/

a) Create the folders.

> sudo mkdir -pv /repo/os
> sudo mkdir -pv /repo/updates
> sudo mkdir -pv /repo/extras

b) Use rsync to harvest the rpms and repo data. Note that these folders will create a 17.1 Gig ISO file in the next step. You need a Blu-ray burner or USB drive to move the file.

> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/os/x86_64/ /repo/os
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/updates/x86_64/ /repo/updates
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/extras/x86_64/ /repo/extras

c) Use genisoimage to create an ISO of the whole set. Note. In the command below, I write this ISO image to a VirtualBox shared folder mounted at /vboxshare. Use any path you like. The syntax is: genisoimage cli options – location and name of ISO file to be created and files/folders to be included in the ISO.
> genisoimage -U -r -v -J -joliet-long -allow-multidot -allow-lowercase -iso-level 4 -o /vboxshare/centos7.9.2009repo.20210101.iso /repo

3) Burn the ISO (as a file, not as an extracted image), or copy to a USB drive and move it to the offline host. Since I have VMs, I will mount the ISO to the VM. If you need to mount the ISO on a host with a Blu-ray player or on the local filesystem, see the manual mount section below.

a) Mount the ISO. You have options if you don’t automount ISOs. If your host is a VM, mount it as your hypervisor dictates. You can also copy the ISO to the local filesystem and mount it. Or, manually mount the ISO from a local or USB attached DVD/blu-ray.

> sudo mkdir /mnt/iso
> sudo mount -t iso9660 -o loop /home/repouser/centos7.9.2009repo.20210101.iso /mnt/iso/
— or
> sudo mkdir /mnt/iso
> sudo blkid (to find your cd/dvd device, chances are its /dev/sr0)
> mount /dev/sr0 /media/iso/

b) Once the ISO is mounted, verify the contents. In my case the path is shown below. If your mounted path is different, you need to adjust the baseurl path in local.repo in upcoming step 5.
> df -h
/dev/sr0 17G 17G 0 100% /run/media/root/CDROM

> ls -l /run/media/root/CDROM
dr-xr-xr-x. 4 root root 2048 Jan 1 10:30 extras
dr-xr-xr-x. 8 root root 2048 Jan 1 05:23 os
dr-xr-xr-x. 4 root root 2048 Jan 1 15:42 updates

Note: Each path location listed above must have a Packages and repodata folders inside. If they don’t, it won’t work.

4) On the CentOS host, create an archive folder if it doesn’t already exist.  Move existing *.repo files to the archive folder.

> sudo mkdir -pv /etc/yum.repos.d/archive
> cd /etc/yum.repos.d/
> sudo /bin/mv *.repo archive/

5) Create the local.repo file in /etc/yum.repos.d/ and paste in the contents below.

> cd /etc/yum.repos.d/
> sudo vi local.repo (add the lines below and issue a wq! to save the file)

[base]
name=CentOS-$releasever – Base
baseurl=file:///run/media/root/CDROM/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS-$releasever – Updates
baseurl=file:///run/media/root/CDROM/updates/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS-$releasever – Extras
baseurl=file:///run/media/root/CDROM/extras/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

6) Mount the CentOS rsync’d update ISO is not already done and update the OS.

> yum update
> reboot

Note: If you get errors trying to run yum update due to gpg checks, just comment out gpgkey and change gpgcheck to 0 in the local.repo file, and then run yum update again.

a) Login and check the release file to confirm the new version.

> cat /etc/centos-release

b) Mount the ISO again (if done manually). Install these packages on the offline system and then clean up old kernels to prevent your /boot from filling up. The – -count=2 leaves two kernels. Also, there are two dashes (- -) in front of oldkernels and count.

> sudo yum install genisoimage
> sudo yum install yum-utils
> package-cleanup – -oldkernels – -count=2

c) Move the new OS default repos to the archive folder.

> cd /etc/yum.repos.d/
> sudo /bin/mv CENTOS-*.repo archive/
> ls -l (and you should only have local.repo listed)

7) After you are done updating to the new OS release, comment out all of the [base] and [extras] sections in the local.repo file. All future patches will be in the [updates] repo. When a new OS version is released, just un-comment [base] and [extras].

a) Now that you are updated to 7.9.2009, you only need to rsync the updates folder and create the ISO with only the updates folder. For example, on the internet facing server you would only need to run these commands.
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/updates/x86_64/ /repo/updates
> genisoimage -U -r -v -J -joliet-long -allow-multidot -allow-lowercase -iso-level 4 -o /vboxshare/centos7.9.2009repo.20210101.iso /repo/updates