-   Linux - Virtualization and Cloud (
-   -   Offline Repositories and Updates in an OpenStack Environment for multiple Linux Distros (

j_wellman2005 02-03-2016 07:23 AM

Offline Repositories and Updates in an OpenStack Environment for multiple Linux Distros
Newish Linux user here. I have recently found myself working on a project that is primarily run on Linux. A previous shop has already locked in deployment options and its been signed off on by higher. However, once deployed, I have some flexibility on supporting and maintaining it with some caveats. Here is what we have:

1 x Laptop running CentOS7 - serves as an administration platform
1 x Server running CentOS7 - Serves as the Controller Node for OpenStack
1 x Server running CentOS7 - Serves as the Compute Node for Openstack
Additional Laptops that can be imaged as needed

OpenStack VMs:
Various Debian distros - (Security Onion, Kali, etc)
Various RHEL distros - Vulnerability Assessment Images
Various Windows Images - Additional Vulnerability Tools

This kit primarily is involved in incident response for our various customer bases. However, I am not allowed to connect it directly to the internet which puts me in an awkward position to keep my images and tools up-to-date. I've been looking into apt-mirror and apt-offline lately for building a mechanism for an offline repository and a way to pull updates. This may suffice my Debian based images but I am not as familiar with RHEL mechanisms. I'm also researching using cloud-init and/or heat within Openstack to force my VMs to update immediately upon bootup. This of course assumes I have an updated local repository to point them too. At first I was thinking I would create the repository on a volume within OpenStack and have it automount the volume via cloud-init/heat but from what I can tell, a volume can only be attached to a single instance at any given time which means I have to launch instances one at a time and wait for it to update. A second solution would be to use my admin laptop to hold the repositories since it will be connected anytime I'm firing up my VMs. This might prove useful as all I have to do is populate its IP into the sources list of each of my distros. Although I'm not sure how easily it will be to keep that repo up-to-date for say a Debian system since my laptop is running CentOS. That's probably my inexperience speaking since I haven't had to maintain a repo.

I'm seeking advice and experience to lessen my learning curve here. If you have experience you can share with regard to offline repositories I'd love to hear it. If you have experience with private offline clouds in OpenStack and how you kept them up-to-date, I'd love to hear it. If you have general advice on how you would tackle the problem, I'd love to hear it as well. I look forward to hearing from you all.

All times are GMT -5. The time now is 11:56 AM.