So you’ve successfully switched from CentOS to Alma Linux and your hosts are on an isolated network. This post demonstrates how to patch a Alma Linux 8.7 host when it doesn’t have internet access or is an isolated system with no access to a yum repo.
On a host with internet access (Public facing host), perform the following steps. I used a Alma Linux 8.7 VM running on Windows 11 and VirtualBox 7.0.6. As long as you have internet access, any rpm based Linux distro will do as long as it has rsync, genisoimage, and yum-utils.
1) Make sure you have rsync, genisoimage and yum-utils installed. If not install them.
> sudo rpm -q genisoimage-*
genisoimage-1.1.11-39.el8.x86_64
> sudo rpm -q yum-utils
yum-utils-4.0.21-11.el8.noarch
> sudo rpm -q rsync
rsync-3.1.3-14.el8_6.2.x86_64
a) If not, install them.
> sudo yum install genisoimage
> sudo yum install yum-utils
> sudo yum install rsync
2) On your internet facing host, create folders for the repos and packages you need. You can specify any folder(s) you require. I require the repos below, but you may need packages installed from other repos so create those folders. Most people only need BaseOS and AppStream. The “updates” repo is no longer used in 8x and has been removed. Updated packages are just placed in their regular repo and not separated. The full list can be found on a mirror site like this one I use https://mirrors.rit.edu/almalinux/8.7/ but you can use any mirror you like.
a) Create the folders locally and harvest the data from the mirror site using rsync. Note that these folders will create an approx 35 Gig ISO file in step 3. You need a Blu-ray burner or USB drive to move the file to your air-gapped hosts. Also make sure the filesystem you write the ISO to has enough space. Note that there are two dashes before “- -“progress below, not one. It renders as one dash so make sure you have two dashes before progress or just remove that option from your cli. I have noticed that if you copy/paste from html to PuTTY or a terminal window and the rsync command fails, you have to backspace over the dashes in front of “avrt” and “progress” and retype them.
> sudo mkdir -pv /repo/BaseOS
> sudo /usr/bin/rsync -avrt – -progress rsync://mirrors.rit.edu/almalinux/8.7/BaseOS/x86_64/os/ /repo/BaseOS
> sudo mkdir -pv /repo/AppStream
> sudo /usr/bin/rsync -avrt – -progress rsync://mirrors.rit.edu/almalinux/8.7/AppStream/x86_64/os/ /repo/AppStream
3) Use genisoimage to create an ISO of the whole set. Note that in the command below, I write this ISO image to a VirtualBox shared folder mounted at /media/sf_vboxshare. Use any path you like as long as it is big enough. The syntax is: genisoimage cli options – location and name of ISO file to be created and files/folders to be included in the ISO.
> genisoimage -U -r -v -J -joliet-long -allow-multidot -allow-lowercase -iso-level 4 -o /media/sf_vboxshare/AlmaLinux8.7.repo.2023FEB03.iso /repo
4) Burn the ISO (as a file, not as an extracted image) to a Blu-ray, or copy to a USB drive and move it to the offline or air-gapped host. Since I have VMs, I will automount the ISO to the VM. If you need to mount the ISO on a host with a Blu-ray, USB drive, or from the local filesystem, the next three steps outline how to do it.
a) Mount the ISO on your offline or air-gapped system. You have options if you don’t automount ISOs. If your host is a VM, mount it as your hypervisor dictates. You can copy the ISO to the local filesystem and mount it. Or, manually mount the ISO from a local or USB attached Blu-ray or USB drive.
b) If copied to the local file system:
> sudo mkdir /mnt/iso
> sudo mount -t iso9660 -o loop /home/repouser/AlmaLinux8.7.repo.2023FEB03.iso /mnt/iso/
c) If mounted via usb drive or if automount is not enabled:
> sudo mkdir /mnt/iso
> sudo blkid (to find your cd/dvd device, chances are its /dev/sr0)
> mount /dev/sr0 /mnt/iso/
d) Verify your mount. The “Mounted on” path is important because it is used below when you create the local.repo file.
> sudo df -h /dev/loop0
Filesystem Size Used Avail Use% Mounted on
/dev/loop0 35G 35G 0 100% /mnt/iso
> sudo df -h /dev/sr0
Filesystem Size Used Avail Use% Mounted on
/dev/sr0 35G 35G 0 100% /mnt/iso
If automounted it could look like this:
> sudo df -h /dev/sr0
Filesystem Size Used Avail Use% Mounted on
/dev/sr0 35G 35G 0 100% /run/media/root/CDROM
e) List the repos that will be used to create the local.repo file. Depending on how you mounted the ISO above (manual or automount), your /dev/sr0 mountpoint will be different. You simply need to adjust the baseurl path in local.repo in the next step.
> sudo ls -l /mnt/iso
or…
> sudo ls -l /run/media/repouser/CDROM
dr-xr-xr-x. 4 root root 2048 Jan 27 02:14 AppStream
dr-xr-xr-x. 7 root root 2048 Jan 27 02:14 BaseOS
5) Create a repos archive folder if it doesn’t already exist. Move existing *.repo files to the archive folder for safe keeping and create the new local.repo file.
> sudo mkdir -pv /etc/yum.repos.d/archive
> cd /etc/yum.repos.d/
> sudo /bin/mv *.repo archive/
> sudo vi local.repo
Copy/paste everything below between the # Start custom local.repo file # header and footer into the local.repo and wq! to save the file. Note the baseurl= file path. Edit this path based on how you mounted in step 4d above. Since I automounted the ISO in a VM, I used the ///run/media/root/CDROM/”repo name” path format.
If automounted, its baseurl=file:///run/media/root/CDROM/repo name/
If manually mounted, its baseurl=file:///mnt/iso/repo name/
# Start custom local.repo file #
[baseos-source]
name=AlmaLinux $releasever – BaseOS Source
baseurl=file:///run/media/root/CDROM/BaseOS
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream-source]
name=AlmaLinux $releasever – AppStream Source
baseurl=file:///run/media/root/CDROM/AppStream
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
# End custom local.repo file #
6) Update the host and reboot. If you get errors trying to run yum update due to gpg checks, just comment out gpgkey and change gpgcheck to 0 in the local.repo file, and then run yum update again. Or, you can download the key here https://mirrors.rit.edu/almalinux/RPM-GPG-KEY-AlmaLinux-8 and place it in /etc/pki/rpm-gpg.
a) Configure the repo and update.
> yum clean all
> yum repolist all
repo id repo name status
appstream-source AlmaLinux 8 – AppStream Source enabled
baseos-source AlmaLinux 8 – BaseOS Source enabled
> yum update
Transaction Summary
====================================================
Install 5 Packages
Upgrade 138 Packages
Total size: 450 M
Is this ok [y/N]: y
Downloading Packages:
b) If you get gpg errors, verify that you have the keys installed. The green key below is the one used in the gpgkey= path above in local.repo. If not installed, comment out gpgkey= and set gpgcheck to 0 in the local.repos file above or download the keys and copy to /etc/pki/rpm-gpg/.
> sudo gpg -quiet –show-keys /etc/pki/rpm-gpg/*
gpg: out of core handler ignored in FIPS mode
pub rsa4096 2021-01-12 [C] [expires: 2024-01-12]
5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
uid AlmaLinux <packager@almalinux.org>
sub rsa3072 2021-01-12 [S] [expires: 2024-01-12]
pub rsa4096 2009-02-24 [SC]
B08B659EE86AF623BC90E8DB938A80CAF21541EB
uid Red Hat, Inc. (beta key 2) <security@redhat.com>
pub rsa4096 2009-10-22 [SC]
567E347AD0044ADE55BA8A5F199E2F91FD431D51
uid Red Hat, Inc. (release key 2) <security@redhat.com>
> reboot
c) After reboot, eject the ISO if still mounted.
> umount /dev/sr0