QuantaStor Local Update Mirror: Difference between revisions

From OSNEXUS Online Documentation Site
Jump to navigation Jump to search
← Older edit
Visual
mNo edit summary
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:local_update_mirror]]
[[index.php?title=Category:Local update mirror]]


== Overview ==
== Overview ==


Often times QuantaStor systems are deployed in sites where there's no public internet access.  On these deployments the QuantaStor systems are unable to directly access packages.osnexus.com and in order for the systems to run upgrades they will need a local package mirror.  The local package mirror is basically a VM which has a copy of the QuantaStor and other package files from packages.osnexus.com so that the local DNS server can be configured to resolve packages.osnexus.com to the local mirror within the datacenter.
QuantaStor systems are sometimes deployed in sites where there's no public internet access.  On these deployments the QuantaStor systems are unable to directly access packages.osnexus.com and will need a local package mirror repository to run QuantaStor upgrades.  


There are a couple of methods by which a package mirror repository can be setup, those are:
The local package mirror is usually a VM, which has a copy of the QuantaStor repository, and other package files from packages.osnexus.com, so that the local DNS server can be configured to resolve packages.osnexus.com to the local mirror within the data center.


* Nginx + rsync of packages.osnexus.com
Below is our supported method of creating a local repository.
* Apache + apt-mirror of packages.osnexus.com


== Nginx + RSync Package Mirror Method ==
The basic process:


The Nginx + RSync method is the simplest and most common way to mirror the OSNexus package repository at packages.osnexus.com.
# Setup the offline mirror VM which will run a web server to serve the packages to QuantaStor (nginx example below).
# Download the QuantaStor repository (rsync example below, wget, ...)
# Either move the downloaded QuantaStor repository to the location where your QuantaStor servers live or setup networking to allow your QuantaStor servers to see your offline QuantaStor repository.
# Modify DNS so that the QuantaStor systems resolve packages.osnexus.com to point to your local QuantaStor repository OR modify certain /etc/apt files on each QuantaStor host to point to your QuantaStor repository (instead of packages.osnexus.com)
# Perform upgrade as normal


Follow the steps below to create a local mirror of the OSNEXUS QuantaStor update repository.
The offline QuantaStor repository will need to be updated before each upgrade.  This could be done with a cron job as shown below.


1. Contact support@osnexus.com to request that your SSH public key be added to the OSNEXUS QuantaStor replication mirror for rsync access. Support can also assist with the below process and any questions you may have.
=== Setup the offline mirror VM and web server ===
 
Any web server can be used to serve the offline QuantaStor repository to QuantaStor hosts for upgrading.  Below Nginx is used. This ships with the QuantaStor software so a simple community edition licensed QuantaStor VM could be used to host the offline QuantaStor repository.  Any web server can be used.
2. Setup a Linux VM with a web server, below is an example config file using nginx on Ubuntu 18.04 or newer:


==== Setting up nginx on Ubuntu 18.04 or newer: ====
Edit the /etc/nginx/sites-enabled/osnexus-mirror file. '''Please note. The file may be different depending on your nginx version or Linux OS. '''
Edit the /etc/nginx/sites-enabled/osnexus-mirror file. '''Please note. The file may be different depending on your nginx version or Linux OS. '''
 
Replace "yourserver.example.net" with your web server DNS FQDN.<pre>
'''Replace''' yourserver.example.net with your web server DNS FQDN.
 
<pre>


#
#
Line 38: Line 38:
     }
     }
}
}
</pre>
</pre>Now restart nginx and ensure it is enabled to startup automatically.<pre>
 
Now restart and ensure it is enabled to startup automatically.
 
<pre>
systemctl enable nginx
systemctl enable nginx
systemctl restart nginx
systemctl restart nginx
</pre>
</pre>


3. ensure your ssh key is available for the root user as the id_rsa file under /root/.ssh/
==== Alternative (less robust) Method of Serving the Offline QuantaStor Repository ====
Python has an internal web server that can be easily used to serve the offline QuantaStor repository files to the QuantaStor servers being upgraded. This is a CLI process that runs the server when started and if ^C stopped stops the web server.  This is not a robust permanent solution but can be used for upgrades.


4. Run an initial rsync to synchronize the QuantaStor update repo using the credentials and SSH key setup with the OSNEXUS support team in step 1.
Note on this command the server will listen on port 9999 not the normal port 80 (or 443). This means that the /etc/apt/sources* files will have to be changed to something like "http://<IP of offline QuantaStor repository>:9999/..."
python3 -m http.server 9999
That command should be run in the top level repository directory (ie the location where the repository was downloaded to).


<pre>
=== Download the QuantaStor repository ===
rsync -aPv rsync://YOURUSER@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/
The official online QuantaStor repository is accessible via http/s as well as the rsync protocol.  In the example below, rsync is used to mirror.  Rsync is useful because once your initial download has completed, future updates of your offline QuantaStor repository will only need to download new changes. (rsync can be used via the rsync protocol or rsync over ssh).
</pre>


5. Add a cron entry that will run every day to synchronize your local mirror with the QuantaStor repo. Note that this requires ssh access from your mirror server to pkgmirror.osnexus.com
As the online QuantaStor repository is also accessible via http/s, other tools such as wget, aptly, or other mirroring tools can be used to download the QuantaStor repository.


==== Run an initial rsync to synchronize the QuantaStor update repository. ====
<pre>
<pre>
edit the /etc/cron.d/osnexus-mirror-sync file and add the below contents:
mkdir -p /var/lib/www/packages-root/
0 02 * * * root /usr/bin/rsync -aPv rsync://YOURUSER@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/
RSYNC_PASSWORD=guest rsync -aPv rsync://guest@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/
</pre>
</pre>


6. Add your new local mirror to your QuantaStor systems for all updates:
==== Update an already rsync'd QuantaStor repository ====
 
For periodic automatic updates, add a cron entry that will run to synchronize your local mirror with the QuantaStor repository. The example below runs daily. Just running the rsync part of this command will do a one time update.<pre>
'''Replace''' yourserver.example.net with your web server DNS FQDN.
edit the /etc/cron.d/osnexus-mirror-sync file and add the below contents:
 
0 02 * * * root RSYNC_PASSWORD=guest /usr/bin/rsync -aPv rsync://guest@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/
<pre>
echo 'deb http://yourserver.example.net/packages quantastor-bionic main' > /etc/apt/sources.list.d/osnexus.list
</pre>
</pre>


If you need any further assistance, please contact support@osnexus.com.
=== Allow Offline QuantaStor Servers to See the Downloaded QuantaStor Repository ===
 
Each site will have different requirements for this process.  In some cases, the downloaded QuantaStor repository server would be isolated from the protected network via a firewall change, opened up to the internet for the download or update of the repository, then isolated from the internet and opened to the internal QuantaStor servers.
== Apache + apt-mirror Package Mirror Method ==


Follow the steps below to create a local mirror of the OSNEXUS QuantaStor update repository using apt-mirror for systems with Ubuntu 14.04 as its base operating system. The below instructions assume you already have an local Ubuntu server currently installed.  
In another case, it may be download, scan, and physically move the offline QuantaStor repository to the location where the QuantaStor servers can see it.


[QS] label indicates commands will to run on your QuantaStor systems
Site policies will determine how you handle this step.


[MIR] label indicates commands to run on your package mirror server / VM
=== Modify DNS or /etc/apt Prior to Upgrades ===
On the QuantaStor systems to be upgraded, the /etc/apt/sources* files point to "packages.osnexus.com".  Since they are offline, this cannot be accessed.


=== Instructions ===
One method to make offline QuantaStor systems upgradable from the offline QuantaStor repository server would be to edit all /etc/apt/sources* files (including sources.list.d sub-directory files) to change packages.osnexus.com to point to the DNS name or IP of the offline QuantaStor repository server you setup.  NOTE other hostnames found in those files *.unbuntu.com do NOT need to be changed.  The QuantaStor qs_upgrade.py does NOT use those.


[MIR] 1. Elevate as root (<code>sudo -i</code>)
Another method would be to change your internal DNS server to point "packages.quantastor.com" to your downloaded offline QuantaStor repository server.


[MIR] 2. Update packages (<code>apt-get update</code>)
The example below should only be referenced for a method to change these files. NOTE it references a specific version of QuantaStor (focal) which may not be installed (ie jammy). Do NOT use this command without understanding how you should modify it.


[MIR] 3. Install and enable Apache Web Server (<code>apt install -y apache2 && systemctl enable apache2</code>)
Add your new local repository mirror to your QuantaStor systems for all updates:


[MIR] 4. Create a package directory and set the correct permissions (<code>mkdir -p /var/www/html/repo && chown www-data:www-data /var/www/html/repo</code>)
Replace "yourserver.example.net" with your web server DNS FQDN.


[MIR] 5. Install apt-mirror (<code>apt install -y apt-mirror</code>)
[MIR] 6. Make a backup of /etc/apt/mirror.list (<code>cp /etc/apt/mirror.list /etc/apt/mirror.list-bak</code>)
[MIR] 7. Edit /etc/apt/mirror.list to be like the below:
==== Ubuntu 18.04 (Bionic) mirror.list Configuration ====
<pre>
<pre>
set base_path    /var/www/html/repo
# for focal based quantastor deployments
set nthreads    20
echo 'deb http://yourserver.example.net/packages quantastor-focal main' > /etc/apt/sources.list.d/osnexus.list
set _tilde 0


deb http://packages.osnexus.com/packages bionic main
# for bionic based QuantaStor deployments
deb http://archive.ubuntu.com/ubuntu bionic main restricted universe multiverse
echo 'deb http://yourserver.example.net/packages quantastor-bionic main' > /etc/apt/sources.list.d/osnexus.list
deb http://archive.ubuntu.com/ubuntu bionic-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu bionic main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu bionic-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse
clean http://archive.ubuntu.com/ubuntu
clean http://packages.osnexus.com/packages
</pre>
 
==== Ubuntu 16.04 (Xenial) mirror.list Configuration ====
<pre>
set base_path    /var/www/html/repo
set nthreads    20
set _tilde 0
 
deb http://packages.osnexus.com/packages xenial main
deb http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
clean http://archive.ubuntu.com/ubuntu
clean http://packages.osnexus.com/packages
</pre>
 
==== Ubuntu 14.04 (Trusty) mirror.list Configuration ====
<pre>
############# config ##################
#
set base_path    /var/www/html/repo
#
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path    $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0
set nthreads    20
set _tilde 0
#
############# end config ##############
 
deb http://packages.osnexus.com/packages trusty main
deb http://archive.ubuntu.com/ubuntu trusty main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu trusty main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
clean http://archive.ubuntu.com/ubuntu
clean http://packages.osnexus.com/packages
</pre>
 
=== Running the Package Mirroring ===
 
[MIR] 8. Create a var folder in the local repo (<code>mkdir -p /var/www/html/repo/var</code>)
 
[MIR] 9. Copy /var/spool/apt-mirror/var/postmirror.sh to the var folder in the local repo (<code>mkdir -p cp /var/spool/apt-mirror/var/postmirror.sh /var/www/html/repo/var</code>)
 
[MIR] 10. Start the mirroring process (<code>nohup apt-mirror &</code>)
 
'''Note:''' Depending on your internet speed, this may take some time, but you can monitor the process with <code>tail nohup.out</code>. When it's finished, continue with step 11.
 
[QS] 11. Elevate as root (<code>sudo -i</code>)
 
[QS] 12. Make a copy of /etc/apt/sources.list and /etc/apt/sources.list.d/osnexus.list (<code>cp /etc/apt/sources.list /etc/apt/sources.list.bk && cp /etc/apt/sources.list.d/osnexus.list /etc/apt/sources.list.d/osnexus.list.bk</code>
 
[QS] 13. Edit /etc/apt/sources.list to be like the below:
 
 
==== Ubuntu 18.04 (Bionic) mirror.list Configuration ====
<pre>
</pre>
==== Ubuntu 16.04 (Xenial) mirror.list Configuration ====
<pre>
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial-updates main
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial universe
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial-updates universe
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial multiverse
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial-updates multiverse
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ xenial-security main restricted universe multiverse
</pre>
 
==== Ubuntu 14.04 (Trusty) mirror.list Configuration ====
<pre>
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty-updates main
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty universe
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty-updates universe
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty multiverse
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
</pre>
 
'''Note:''' Due to some oddities with apt-mirror, we have to specify using 64-bit with <code>[arch=amd64]</code>. If you don't, you'll see errors related to not being able to find 32-bit (i386) packages.
 
=== Upgrading QuantaStor ===
 
[QS] 14. Edit /etc/apt/sources.list.d/osnexus.list to be like the below:
 
<pre>
deb [arch=amd64] http://<YOUR_MIR_IP>/repo/mirror/packages.osnexus.com/packages/ trusty main
</pre>
</pre>


[QS] 15. Update packages and upgrade QuantaStor (<code>apt-get update && qs-upgrade</code>)
=== Perform upgrade as normal ===
After the above steps, QuantaStor hosts can be upgrade using all normal QuantaStor upgrade methods (Web UI, CLI)


'''Note:''' You may get stuck not being able to update the virt-what package. If this happens, you may either download (<code>wget</code>) and install (<code>dpkg -i</code>) the .deb package from a trusted source on the QuantaStor appliance, or download it to /var/www/html/repo/mirror/archive.ubuntu.com/ubuntu/pool/universe/v/virt-what.
=== Summary ===
OSNEXUS Support will provide support for this process for licensed QuantaStor deployments. If you need any further assistance, please see https://www.osnexus.com for support options.

Latest revision as of 15:57, 11 April 2025

index.php?title=Category:Local update mirror

Overview

QuantaStor systems are sometimes deployed in sites where there's no public internet access. On these deployments the QuantaStor systems are unable to directly access packages.osnexus.com and will need a local package mirror repository to run QuantaStor upgrades.

The local package mirror is usually a VM, which has a copy of the QuantaStor repository, and other package files from packages.osnexus.com, so that the local DNS server can be configured to resolve packages.osnexus.com to the local mirror within the data center.

Below is our supported method of creating a local repository.

The basic process:

  1. Setup the offline mirror VM which will run a web server to serve the packages to QuantaStor (nginx example below).
  2. Download the QuantaStor repository (rsync example below, wget, ...)
  3. Either move the downloaded QuantaStor repository to the location where your QuantaStor servers live or setup networking to allow your QuantaStor servers to see your offline QuantaStor repository.
  4. Modify DNS so that the QuantaStor systems resolve packages.osnexus.com to point to your local QuantaStor repository OR modify certain /etc/apt files on each QuantaStor host to point to your QuantaStor repository (instead of packages.osnexus.com)
  5. Perform upgrade as normal

The offline QuantaStor repository will need to be updated before each upgrade. This could be done with a cron job as shown below.

Setup the offline mirror VM and web server

Any web server can be used to serve the offline QuantaStor repository to QuantaStor hosts for upgrading. Below Nginx is used. This ships with the QuantaStor software so a simple community edition licensed QuantaStor VM could be used to host the offline QuantaStor repository. Any web server can be used.

Setting up nginx on Ubuntu 18.04 or newer:

Edit the /etc/nginx/sites-enabled/osnexus-mirror file. Please note. The file may be different depending on your nginx version or Linux OS.

Replace "yourserver.example.net" with your web server DNS FQDN.

#
# A virtual host entry for an OSNEXUS QuantaStor mirror
#

server {
    listen       80;
    server_name  yourserver.example.net packages;
    location / {
        root /var/lib/www/packages-root;
        autoindex on;
    }
}

Now restart nginx and ensure it is enabled to startup automatically.

systemctl enable nginx
systemctl restart nginx

Alternative (less robust) Method of Serving the Offline QuantaStor Repository

Python has an internal web server that can be easily used to serve the offline QuantaStor repository files to the QuantaStor servers being upgraded. This is a CLI process that runs the server when started and if ^C stopped stops the web server. This is not a robust permanent solution but can be used for upgrades.

Note on this command the server will listen on port 9999 not the normal port 80 (or 443). This means that the /etc/apt/sources* files will have to be changed to something like "http://<IP of offline QuantaStor repository>:9999/..." 

python3 -m http.server 9999

That command should be run in the top level repository directory (ie the location where the repository was downloaded to).

Download the QuantaStor repository

The official online QuantaStor repository is accessible via http/s as well as the rsync protocol. In the example below, rsync is used to mirror. Rsync is useful because once your initial download has completed, future updates of your offline QuantaStor repository will only need to download new changes. (rsync can be used via the rsync protocol or rsync over ssh).

As the online QuantaStor repository is also accessible via http/s, other tools such as wget, aptly, or other mirroring tools can be used to download the QuantaStor repository.

Run an initial rsync to synchronize the QuantaStor update repository.

mkdir -p /var/lib/www/packages-root/
RSYNC_PASSWORD=guest rsync -aPv rsync://guest@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/

Update an already rsync'd QuantaStor repository

For periodic automatic updates, add a cron entry that will run to synchronize your local mirror with the QuantaStor repository. The example below runs daily. Just running the rsync part of this command will do a one time update.

edit the /etc/cron.d/osnexus-mirror-sync file and add the below contents:
0 02 * * * root RSYNC_PASSWORD=guest /usr/bin/rsync -aPv rsync://guest@pkgmirror.osnexus.com/packages /var/lib/www/packages-root/

Allow Offline QuantaStor Servers to See the Downloaded QuantaStor Repository

Each site will have different requirements for this process. In some cases, the downloaded QuantaStor repository server would be isolated from the protected network via a firewall change, opened up to the internet for the download or update of the repository, then isolated from the internet and opened to the internal QuantaStor servers.

In another case, it may be download, scan, and physically move the offline QuantaStor repository to the location where the QuantaStor servers can see it.

Site policies will determine how you handle this step.

Modify DNS or /etc/apt Prior to Upgrades

On the QuantaStor systems to be upgraded, the /etc/apt/sources* files point to "packages.osnexus.com". Since they are offline, this cannot be accessed.

One method to make offline QuantaStor systems upgradable from the offline QuantaStor repository server would be to edit all /etc/apt/sources* files (including sources.list.d sub-directory files) to change packages.osnexus.com to point to the DNS name or IP of the offline QuantaStor repository server you setup. NOTE other hostnames found in those files *.unbuntu.com do NOT need to be changed. The QuantaStor qs_upgrade.py does NOT use those.

Another method would be to change your internal DNS server to point "packages.quantastor.com" to your downloaded offline QuantaStor repository server.

The example below should only be referenced for a method to change these files. NOTE it references a specific version of QuantaStor (focal) which may not be installed (ie jammy). Do NOT use this command without understanding how you should modify it.

Add your new local repository mirror to your QuantaStor systems for all updates:

Replace "yourserver.example.net" with your web server DNS FQDN. 

# for focal based quantastor deployments
echo 'deb http://yourserver.example.net/packages quantastor-focal main' > /etc/apt/sources.list.d/osnexus.list

# for bionic based QuantaStor deployments
echo 'deb http://yourserver.example.net/packages quantastor-bionic main' > /etc/apt/sources.list.d/osnexus.list

Perform upgrade as normal

After the above steps, QuantaStor hosts can be upgrade using all normal QuantaStor upgrade methods (Web UI, CLI)

Summary

OSNEXUS Support will provide support for this process for licensed QuantaStor deployments. If you need any further assistance, please see https://www.osnexus.com for support options.

Retrieved from "https://wiki.osnexus.com/index.php?title=QuantaStor_Local_Update_Mirror&oldid=26313"