Recent Changes - Search:



My journals will take the place of a blog. They have moved to

Sites I take responsibility for






Places I frequent



Items for sale:


edit SideBar

RHN Redhat Network Updates

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs:

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
(:addThis btn="custom":)


To register a system: first buy the entitlement at and then run

 # rhn_register --nox

at the root command line. If you want the X windows interface then run without the "--nox" option. is the main portal for RHN


Delete /etc/sysconfig/rhn/systemid file (local)

Go login using your RHN account to the RHN website ( From there, delete your old system profile. (remote)

 # rm -f /etc/sysconfig/rhn/systemid


Performing the actual updates on the command line

In Redhat 7-9 and RHEL up through 4 use the up2date command.

In RHEL 5 it now uses the yum (Yellow Dog Updater) command.,289483,sid39_gci1244274,00.html


 # yum check-update

Lists rpms that need updating

To update everything:

 # yum -v update

Behind a firewall

How to mirror RHN behind your firewall. Posted on 2009-02-01 by ken_fallon

I was just listening to episode 283 of The Linux Link Tech Show and Linc asked if it was possible to mirror channels from the RedHat Network behind a firewall. RedHat offers the RHN satellite server and the RHN Proxy Server to do this however may people find these solutions complicated.

You may want to manage your own local RHN repository if your servers are prevented from communicating with the Internet or you wish to carefully control software updates through a DTAP (Design -> Test -> Acceptance -> Production) process. Whatever the reason please make sure you support RedHat by having a subscription for each and every server that you update. If you are not able to afford it please use CentOS instead and you will be able to achieve the same thing for free but without RedHat support. CentOS uses the same code base as RHEL but with the RedHat Trademarks removed.

First register the gateway server with the RedHat Network

 rhn_register --nox

If you need to go through a proxy server use

 rhn_register --nox --proxy=myproxy:8080

Install the yum-utils package from the RHN.

 yum install yum-utils

After this is installed you will be able to use the reposync command to download the channel locally. You can use “yum repolist” to get a list of the channels you are subscribed to. I’m assuming that you are subscribing to the RedHat Enterprise Linux 5 64 bit version for this example. You can download as many channels as you like if you have the subscription and the disk space.

 reposync -p /opt/mylocalrepo/ --repoid=rhel-x86_64-server-5 -l

Now you can yummify the local directory using the createrepo command. This goes through all the RPM’s and extracts version and dependency information which it uses to generate XML metadata files that the yum command can understand.

 createrepo /opt/mylocalrepo/

If you add your own RPMs or RPM’s from EPEL, DAG, etc to the repository then you need to re-run the createrepo command. A sub directory will be created called getPackage that holds all the RedHat RPM’s. You can add your own RPM’s where you like under the channel directory and they will will be picked up by the createrepo command.

Point apache at the local directory so that it’s accessible from an internal url e.g: http://myserver.local/myrepo/. You could also use NFS or FTP if you prefer. Once that is done you can distribute a yum config file for your new repo to /etc/yum.repos.d/my.repo on all the internal servers.

 name=My Red Hat Enterprise Linux $releasever - $basearch

All going well you should be able to see your new repo with the command

 >yum repolist
 Loading "security" plugin
 repo id     repo name                                status
 rhel-myrepo My Red Hat Enterprise Linux 5Server - x  enabled

You can now disable the Red Hat network by setting enabled = 0 in /etc/yum/pluginconf.d/rhnplugin.conf to prevent the server trying to connect directly to the RHN. It’s probably safe to turn the Red Hat Network updates service (rhnsd) off while you are at it.

All the RPM packages from the RHN channel you are subscribed to and your own RPM’s are available as one seamless whole. Now you can use yum to manage your internal servers and dependencies should be resolved from within the entire repository.

The following command will clean out yum’s cache and remove old header information

 yum clean all

Next you can list all packages with updates available in the yum repositories.

 yum list updates

If you’re happy then you can update the entire machine by running the command

yum update

While updating packages, yum will ensure that all dependencies are satisfied.

EDIT: Added info about “yum repolist” and getPackage following feedback from Linc. He also suggests that a “reposync -l” is enough to download the packages for the channels and he is using “reposync -n -l” in his crontab. I’m testing this now.


The repodata depend where the getPackage folder are. The repodata folder and the getPackage need to be in the same directory… we can re-use the repodata of rhn!

 reposync -p /opt/mylocalrepo/ –repoid=rhel-x86_64-server-5 -l
 # -l is for load plugin

 yum –disablerepo=* –enablerepo=$RELEASE makecache

 cp -f /var/cache/yum/$RELEASE/*.gz /var/cache/yum/$RELEASE/*.xml /opt/mylocalrepo/$RELEASE/repodata

The easiest way to check the Channel ID for reposync to work, log into RHN, click on Channels then select your version. After the page refreshes you can expand the selection (in this case Red Hat Enterprise Linux Server 5. Click on the architecture link to the right (in blue). when the page refreshes, you will the third line down titled “Label”, that will give you the name to put in the resposync command.

for Virtualization:

 reposync -p -repoid=rhel-x86_64-server-vt-5 -l

for i386

 reposync -p -repoid=rhel-x86-server-5 -l

which is why you did not get any packages when you ran reposync.

also man reposync will give you all the flags for the reposync command. Also – when updating you will want to add the flag -n for new packages only.

Another idea is to create shared mountpoint (NFS) on each subscribed system.

Then run the suggested idea above and sync repositories to a central location.

Build another server that will serve the repositories by using that shared mount point will provide all other systems services.

Rebuilding the repository

 # rpm -v --rebuilddb


Updating hosts in the DMZ by proxy:

Assumptions: These directions assume you have a SOCKS 4 or 5 proxy available some where with access to the public network (Internet), access via SSH to the DMZ CentOS, RHEL or Fedora host that needs the yum updates and that the proxy server also has OpenSSH installed. For the proxy server naturally I recommend a Linux server using OpenSSH 5.x and Squid proxy configured to listen internally (unless you want to supply your whole network with proxy service) on port 3128.

I am not going to explain how to configure the proxy here there are other resources for that else where just make sure it's listening to port 3128 at least. If it is listening on a different port make sure you change 3128 wherever you see them in these instructions to the port the proxy is actually listening to.

Remote host should also have OpenSSH 5.x running and should be allowing TCP Forwarding.

Allow TCP Forwarding on the remote end:

Edit sshd_conf (usually in /etc/ssh)

Add the following line if it is not already there, making sure it is not commented out.

    AllowTcpForwarding yes

Restart sshd

Now using OpenSSH from the proxy host run the following command:

 $ ssh kinscoe@yumhost -R

Now logged into the remote (DMZ) host with the yum repository

I had the same problem. I fixed it by editing /etc/wgetrc and edited the following:

  1. Many sites are behind firewalls that do not allow initiation of
  2. connections from the outside. On these sites you have to use the
  3. `passive' feature of FTP. If you are behind such a firewall, you
  4. can turn this on to make Wget use passive FTP by default.

passive_ftp = on

su to root. You must be root to run yum updates.

 $ su -
  1. You can set the default proxies for Wget to use for http and ftp.
  2. They will override the value in the environment.
 # http_proxy=; export http_proxy
 # ftp_proxy=; export ftp_proxy
 # env | grep -i proxy                              

Something to note:

the URL that you use for 'proxy' has to be a complete URL. Specifically, you need to use (say):


instead of

The latter works with wget, but causes the python urllibs to break, since they expect the protocol type to be at the start of the URL.

(:tags redhat:)

Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site -

Edit - History - Print - Recent Changes - Search
Page last modified on October 04, 2013, at 06:46 PM EST