• List of iSCSI Mutual CHAP Posts by OS
  • Tools and Utilities for Windows
  • Unix and Linux Distros

slice2

slice2

Monthly Archives: January 2021

Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System

01 Friday Jan 2021

Posted by Slice2 in Linux

≈ Leave a comment

This post demonstrates how to patch or upgrade a CentOS 7 host when it doesn’t have internet access or is an isolated system with no access to a yum repo. On a host with internet access (Public facing host) or a local repo, perform the following steps.

1) Make sure you have genisoimage and yum-utils installed. If not install them.

> sudo rpm -q genisoimage-*
genisoimage-1.1.11-25.el7.x86_64

> sudo rpm -q yum-utils
yum-utils-1.1.31-54.el7_8.noarch

> sudo yum install genisoimage
> sudo yum install yum-utils

2) On your internet facing host create folders for the packages you need. You can specify any folder(s) you require. I only require os, extras and updates but you may have packages installed from other folders. The full list is listed below.

atomic/
centosplus/
cloud/
configmanagement/
cr/
dotnet/
extras/
fasttrack/
isos/
messaging/
nfv/
opstools/
os/
paas/
rt/
sclo/
storage/
updates/
virt/

a) Create the folders.

> sudo mkdir -pv /repo/os
> sudo mkdir -pv /repo/updates
> sudo mkdir -pv /repo/extras

b) Use rsync to harvest the rpms and repo data. Note that these folders will create a 17.1 Gig ISO file in the next step. You need a Blu-ray burner or USB drive to move the file.

> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/os/x86_64/ /repo/os
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/updates/x86_64/ /repo/updates
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/extras/x86_64/ /repo/extras

c) Use genisoimage to create an ISO of the whole set. Note. In the command below, I write this ISO image to a VirtualBox shared folder mounted at /vboxshare. Use any path you like. The syntax is: genisoimage cli options – location and name of ISO file to be created and files/folders to be included in the ISO.
> genisoimage -U -r -v -J -joliet-long -allow-multidot -allow-lowercase -iso-level 4 -o /vboxshare/centos7.9.2009repo.20210101.iso /repo

3) Burn the ISO (as a file, not as an extracted image), or copy to a USB drive and move it to the offline host. Since I have VMs, I will mount the ISO to the VM. If you need to mount the ISO on a host with a Blu-ray player or on the local filesystem, see the manual mount section below.

a) Mount the ISO. You have options if you don’t automount ISOs. If your host is a VM, mount it as your hypervisor dictates. You can also copy the ISO to the local filesystem and mount it. Or, manually mount the ISO from a local or USB attached DVD/blu-ray.

> sudo mkdir /mnt/iso
> sudo mount -t iso9660 -o loop /home/repouser/centos7.9.2009repo.20210101.iso /mnt/iso/
— or
> sudo mkdir /mnt/iso
> sudo blkid (to find your cd/dvd device, chances are its /dev/sr0)
> mount /dev/sr0 /media/iso/

b) Once the ISO is mounted, verify the contents. In my case the path is shown below. If your mounted path is different, you need to adjust the baseurl path in local.repo in upcoming step 5.
> df -h
/dev/sr0 17G 17G 0 100% /run/media/root/CDROM

> ls -l /run/media/root/CDROM
dr-xr-xr-x. 4 root root 2048 Jan 1 10:30 extras
dr-xr-xr-x. 8 root root 2048 Jan 1 05:23 os
dr-xr-xr-x. 4 root root 2048 Jan 1 15:42 updates

Note: Each path location listed above must have a Packages and repodata folders inside. If they don’t, it won’t work.

4) On the CentOS host, create an archive folder if it doesn’t already exist.  Move existing *.repo files to the archive folder.

> sudo mkdir -pv /etc/yum.repos.d/archive
> cd /etc/yum.repos.d/
> sudo /bin/mv *.repo archive/

5) Create the local.repo file in /etc/yum.repos.d/ and paste in the contents below.

> cd /etc/yum.repos.d/
> sudo vi local.repo (add the lines below and issue a wq! to save the file)

[base]
name=CentOS-$releasever – Base
baseurl=file:///run/media/root/CDROM/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS-$releasever – Updates
baseurl=file:///run/media/root/CDROM/updates/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS-$releasever – Extras
baseurl=file:///run/media/root/CDROM/extras/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

6) Mount the CentOS rsync’d update ISO is not already done and update the OS.

> yum update
> reboot

Note: If you get errors trying to run yum update due to gpg checks, just comment out gpgkey and change gpgcheck to 0 in the local.repo file, and then run yum update again.

a) Login and check the release file to confirm the new version.

> cat /etc/centos-release

b) Mount the ISO again (if done manually). Install these packages on the offline system and then clean up old kernels to prevent your /boot from filling up. The – -count=2 leaves two kernels. Also, there are two dashes (- -) in front of oldkernels and count.

> sudo yum install genisoimage
> sudo yum install yum-utils
> package-cleanup – -oldkernels – -count=2

c) Move the new OS default repos to the archive folder.

> cd /etc/yum.repos.d/
> sudo /bin/mv CENTOS-*.repo archive/
> ls -l (and you should only have local.repo listed)

7) After you are done updating to the new OS release, comment out all of the [base] and [extras] sections in the local.repo file. All future patches will be in the [updates] repo. When a new OS version is released, just un-comment [base] and [extras].

a) Now that you are updated to 7.9.2009, you only need to rsync the updates folder and create the ISO with only the updates folder. For example, on the internet facing server you would only need to run these commands.
> /usr/bin/rsync -avrt rsync://mirror.umd.edu/centos/7.9.2009/updates/x86_64/ /repo/updates
> genisoimage -U -r -v -J -joliet-long -allow-multidot -allow-lowercase -iso-level 4 -o /vboxshare/centos7.9.2009repo.20210101.iso /repo/updates

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Recent Posts

  • Patch Alma Linux 8.7 on an Offline or Air-Gapped System
  • HOWTO Remove /home logical volume and add that space to the root partition
  • Patch Rocky Linux 8.6 on an Offline or Air-Gapped System
  • HOWTO Install the Splunk Universal Forwarder on FreeBSD
  • HOWTO install a Splunk Universal Forwarder on Solaris 11 SPARC and x64 Using pkg(p5p) and tar
  • HOWTO install a Splunk Universal Forwarder on Solaris 10 SPARC and x64 Using pkgadd and tar
  • Recover Files from a Windows NTFS partition using Linux based SystemRescue
  • Sysmon Event ID 1 Process Creation rules for Splunk Universal Forwarder and McAfee All Access
  • Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System
  • HOWTO Easily Resize the Default LVM Volume on Ubuntu 18.04
  • Create a Docker Container for your Cisco ESA, SMA or WSA Offline Content Updates
  • Apply the Mozilla Firefox STIG to Firefox on Ubuntu Linux 18.04
  • Dynamically Resize Those Tiny BlackArch Linux Terminals and Add a Scrollbar
  • Kali Linux OVA for Air-Gapped Use Build Process
  • HOWTO install the XFCE 4 Desktop on NetBSD 8.1
  • Build a Kali Linux ISO with the latest OS patches and packages
  • HOWTO quickly STIG Firefox 59.01
  • HOWTO mount a Synology NAS SMB share on Linux with SMBv1 disabled
  • Howto safely delete the WSUS WID on Windows 2012R2
  • HOWTO quickly STIG Firefox 45.0.1
  • Completing the vSphere vCenter Appliance Hardening Process
  • HOWTO install the XFCE 4.12 Desktop on NetBSD 7
  • Enabling TLS 1.2 on the Splunk 6.2x Console and Forwarders using Openssl and self signed certs.
  • HOWTO enable SSH on a Cisco ASA running 9.1.x
  • Apply a Windows 2012 R2 Domain GPO to a standalone Windows 2012 R2 server
  • Enable legacy SSL and Java SSL support in your browser for those old, crusty websites
  • HOWTO update FreeBSD 10.1 to the latest 11-current release
  • HOWTO Secure iSCSI Luns Between FreeBSD 10.1 and NetApp Storage with Mutual CHAP
  • HOWTO install the XFCE 4 Desktop on NetBSD 6.1.5
  • HOWTO Secure iSCSI Luns Between Ubuntu Server 14.10 and NetApp Storage with Mutual CHAP

Categories

  • Cisco (2)
  • ESXi (4)
  • FreeBSD (2)
  • HP (5)
  • iSCSI (12)
  • Linux (31)
  • Nessus (3)
  • NetApp (31)
  • NetBSD (10)
  • Oracle (9)
  • Security (48)
  • Solaris (9)
  • Splunk (5)
  • VMware (19)
  • Windows (20)
  • Wireshark (4)
  • XFCE (3)

Archives

  • February 2023
  • August 2022
  • July 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • January 2021
  • December 2020
  • November 2020
  • August 2020
  • May 2020
  • September 2019
  • August 2019
  • March 2018
  • November 2016
  • March 2016
  • January 2016
  • November 2015
  • July 2015
  • June 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013

Blogroll

  • Adobe Security Bulletins
  • CentOS Blog
  • Cisco Security Blog
  • CSO Magazine
  • DHS National Vulnerability Database
  • Eric Sloof's NTPRO
  • HT SSL Tests
  • Intel Corp Security Advisories
  • Internet Usage World Stats
  • Kali Linux Blog
  • Linux Mint Blog
  • Meltdown and Spectre
  • Microsoft Security Blog
  • Microsoft Security Intelligence Report
  • Microsoft Security Research & Defense
  • Microsoft Security Response Center
  • MITRE CVE Site
  • NetApp Blogs
  • NetBSD Blog
  • Oracle OTN Security
  • Oracle Security Blog
  • PacketStorm
  • Redhat Security Blog
  • SC Magazine
  • Shodan Search Engine
  • US-CERT Alerts
  • US-CERT Bulletins
  • US-CERT Vulnerability Notes KB
  • VMware Blogs
  • VMware Security Advisories

Category Cloud

Cisco ESXi FreeBSD HP iSCSI Linux Nessus NetApp NetBSD Oracle Security Solaris Splunk VMware Windows Wireshark XFCE

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 38 other subscribers

Powered by WordPress.com.

 

Loading Comments...