Many organizations forbid directly connecting network infrastructure to the Internet, due to security or other management requirements. For these or other reasons, you may need to host your Cumulus Linux repository internally in your infrastructure.
Cumulus Linux is a derivative of Debian. All applications pre-installed in Cumulus Linux are comprised of Debian .deb
software packages. apt-get
is the standard utility for enabling the installation, upgrade, or downgrade of these packages. Cumulus Linux ships preconfigured-to-use Cumulus Networks hosted repositories.
In this situation, two suggested alternatives exist to preserve the use of apt-get
:
- Utilizing an HTTP proxy such as Squid or Blue Coat. In this scenario, actions are relayed through a trusted host onto Internet-facing servers.
- Hosting an
apt
-compatible mirror within your environment. This option has several advantages, such as faster deployment/upgrades due to local caching, along with not requiring external Internet connectivity for switches configured to utilize the local mirror.
Note: For more information on setting up a Debian repository, see wiki.debian.org/HowToSetupADebianRepository.
{{table_of_contents}}
Configuring the Proxy Server
The first approach is configuring a proxy server on the switches directly.
The proxy setup is enabled by adding the following line to the /etc/apt/apt.conf
file. This example assumes the hostname of proxy.example.com
running on port 3128.
Acquire::http::Proxy "http://proxy.example.com:3128/";
Configuring an Internal apt Mirror
An internal apt
mirror has a variety of uses:
- Quicker deployment of switches
- Caching of packages due to unreliable or slow Internet access
- Offline demos of switch features and packages (for trade shows or traveling in an airplane, for example)
- For switches that don't have routed/NAT'd Internet access
You should allocate at least 5GB of storage to your mirror.
Configuring the Mirror Server
This example uses a virtual machine called mirror01 running Debian. Ubuntu also works fine for the server OS.
Install apt-mirror
and Apache:
root@mirror01:~# apt-get update root@mirror01:~# apt-get upgrade root@mirror01:~# apt-get install apt-mirror apache2
Edit /etc/apt/mirror.list
to set the architecture and upstream repository URLs:
############# config ################## # # set base_path /var/spool/apt-mirror # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh set defaultarch amd64 # set postmirror_script $var_path/postmirror.sh # set run_postmirror 0 set nthreads 20 set _tilde 0 # ############# end config ############## deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
#deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
Sync the repository manually:
root@mirror01:~# apt-mirror root@mirror01:~# du -hs /var/spool/apt-mirror 383M /var/spool/apt-mirror
If the mirror server is located behind a proxy server, additional configuration is required.
Configuring apt-mirror Using an Unauthenticated/Anonymous Proxy
apt-mirror
uses the same proxy configuration as apt
. If, during the Debian installation, you specified a proxy server, it should already be written to the configuration. If it is not, edit /etc/apt/apt.conf
and specify the proxy server:
Acquire::http::Proxy "http://proxy.example.com:3128/";
While apt-mirror
is running, as the apt-mirror user, you must add the following variable to /etc/environment
:
http_proxy="http://proxy.example.com:3128/"
This doesn't use any authentication. The proxy might be configured with the IP address of the internal mirror server whitelisted, or *.cumulusnetworks / repo3.cumulusnetworks.com added to unauthenticated domain/hostname white lists.
Configuring apt-mirror Using an Authenticated Proxy
If the internal proxy requires authentication, the username and password can be specified as part of the URL:
Acquire::http::Proxy "http://username:password@proxy.example.com:3128/";
Configuring the Web Server
To serve the mirrored packages up to a switch running Cumulus Linux, a Web server is required. You can configure Apache by editing apache2.conf
:
Alias /dists/ /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/dists/ Alias /pool/ /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/pool/ <Directory /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/dists> AllowOverride None Options -MultiViews FollowSymLinks Indexes Order allow,deny Allow from all </Directory> <Directory /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/pool> AllowOverride None Options -MultiViews FollowSymLinks Indexes Order allow,deny Allow from all </Directory>
Automating Mirror Sync
Edit /etc/cron.d/apt-mirror
, and uncomment the last line:
# Regular cron jobs for the apt-mirror package # 0 4 * * * apt-mirror /usr/bin/apt-mirror > /var/spool/apt-mirror/var/cron.log
Changing the Repository Used by the Switches
In Cumulus Linux the hostname of the public repository is repo3.cumulusnetworks.com. You can edit /etc/apt/sources.list
to point at the hostname of internal apt mirror. This example uses mirror01.example.com.
After updating the repository name, you should update the list of available pages:
cumulus@switch:~$ apt-get update
Manually Changing the Repository
Edit /etc/apt/sources.list
and replace repo3.cumulusnetworks.com/repo with mirror01.example.com.
Here's the original contents of sources.list
:
cumulus@switch:~$ cat /etc/apt/sources.list deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
#deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
Here's the modified version referencing the custom repository:
cumulus@switch:~$ cat /etc/apt/sources.list deb http://mirror01.example.com CumulusLinux-3 cumulus upstream
#deb-src http://mirror01.example.com CumulusLinux-3 cumulus upstream
deb http://mirror01.example.com CumulusLinux-3-security-updates cumulus upstream
#deb-src http://mirror01.example.com CumulusLinux-3-security-updates cumulus upstream
deb http://mirror01.example.com CumulusLinux-3-updates cumulus upstream
#deb-src http://mirror01.example.com CumulusLinux-3-updates cumulus upstream
#deb http://mirror01.example.com CumulusLinux-3-early-access cumulus
#deb-src http://mirror01.example.com CumulusLinux-3-early-access cumulus
Automatically Changing the Repository
Changing the repository hostname can be easily automated as part of an autoprovisioning script. Add the following at the start of the script:
#!/bin/bash sed -i /etc/apt/sources.list -e 's/repo3.cumulusnetworks.com\/repo/mirror01.example.com/' apt-get update -y
Hi ,
This article is great.
The sources address should be changed from:
http://repo.cumulusnetworks.com
to:
http://repo3.cumulusnetworks.com/repo/
Thanks for catching this, Edward, I updated the article.
Hi Peter,
the article is not updated.
I find that the below is working:
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3 cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-updates cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-security-updates cumulus upstream
deb http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
#deb-src http://repo3.cumulusnetworks.com/repo CumulusLinux-3-early-access cumulus
also , don't forget to update the apace2.conf and /etc/apt/sources.list files
Sorry, went through this too quickly. Hope I got it right this time.
Hi,
is not needed to modify the httpd.conf.
Is possible to link to apache using:
ln -s /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/repo/dists/ /var/www/html/dists
ln -s /var/spool/apt-mirror/mirror/repo3.cumulusnetworks.com/repo/pool/ /var/www/html/pool
Hope this helps,
Francesco
This article seems to be relevant to only Cumulus 3. Can it be updated to reflect Cumulus version 4?