This post is part of series where we are going to setup VDI solution based on open source components. Previously, we have setup DHCP server and TFTP server. Now, we will be setting up local repositories which will be used as source of packages for installation of hardened CentOS 7 operating system on thin clients.
We will be using the same machine on which we have configured DHCP server.
Let’s start by installing apache web server.
yum install httpd -y
To harden the webserver, we need to disable http trace method using following command.
echo 'TraceEnable off' >>/etc/httpd/conf/httpd.conf
Enable the webserver on startup and start the service as well.
systemctl enable httpd.service && systemctl start httpd.service
Allow apache traffic in firewalld on startup.
firewall-cmd --permanent --zone=public --add-service=http
Reload firewalld service to reload the configuration.
firewall-cmd --reload && firewall-cmd --list-all
Now, install required packages to sync the repositories.
yum install yum-utils createrepo -y
As this is a CentOS based machine, we need to enable EPEL repository on this machine.
yum install epel-release -y
As well as NUX Desktop repository which includes few of the packages like rdesktop and vlc packages.
wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
rpm -ivh nux-dextop-release-0-5.el7.nux.noarch.rpm
For installation of Microsoft teams, we are going to enable its associated repository. Create repo file.
cat > /etc/yum.repos.d/teams.repo<<"EOF"
[teams]
name=teams
baseurl=https://packages.microsoft.com/yumrepos/ms-teams
enabled=1
gpgcheck=0
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
EOF
We will be needing Teamviewer on the thin clients for providing remote support. Therefore, it is a good approach to sync Teamviewer repo as well.
cat > /etc/yum.repos.d/teamviewer.repo<<"EOF"
[teamviewer]
name=TeamViewer - $basearch
baseurl=http://linux.teamviewer.com/yum/stable/main/binary-$basearch/
gpgkey=http://linux.teamviewer.com/pubkey/TeamViewer2017.asc
gpgcheck=0
enabled=1
type=rpm-md
failovermethod=priority
EOF
Now we need to create directories in apache root directory. We are going to keep the directory structure in sync with upstream servers. This will enable us to make minimum changes in custom configuration files which we will add to thin clients.
mkdir -p /var/www/html/download/nux/dextop/el7/x86_64/
mkdir -p /var/www/html/repos/centos/7/{os/x86_64,updates/x86_64,extras/x86_64}
mkdir -p /var/www/html/repos/centos/7/os/x86_64/LiveOS/
mkdir -p /var/www/html/repos/centos/7/os/x86_64/isolinux/
mkdir -p /var/www/html/pub/epel/7/x86_64/
mkdir -p /var/www/html/yumrepos/ms-teams/
mkdir -p /var/www/html/yum/stable/main/binary-x86_64/
Sync the data from upstream repos to local directories and create repositories. Keep in mind that this will take time depending upon the bandwidth and size of repository. First is the Nux desktop repository.
reposync --plugins --repoid=nux-dextop --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/download/nux/dextop/el7/x86_64/ && createrepo --verbose --update /var/www/html/download/nux/dextop/el7/x86_64/
Next is the CentOS base repository.
reposync --gpgcheck --plugins --repoid=base --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/repos/centos/7/os/x86_64/ && createrepo --verbose --update /var/www/html/repos/centos/7/os/x86_64/ -g comps.xml
Next one is the CentOS update repository.
reposync --gpgcheck --plugins --repoid=updates --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/repos/centos/7/updates/x86_64/ && createrepo --verbose --update /var/www/html/repos/centos/7/updates/x86_64/
Now, we will be syncing CentOS extra repository.
reposync --gpgcheck --plugins --repoid=extras --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/repos/centos/7/extras/x86_64/ && createrepo --update /var/www/html/repos/centos/7/extras/x86_64/
EPEL repository download takes the maximum time due to its size.
reposync --gpgcheck --plugins --repoid=epel --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/pub/epel/7/x86_64/ && createrepo --verbose --update /var/www/html/pub/epel/7/x86_64/
MS Teams repository is next in line.
reposync --plugins --repoid=teams --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/yumrepos/ms-teams/ && createrepo --verbose --update /var/www/html/yumrepos/ms-teams/
Last one is the Teamviewer repository.
reposync --plugins --repoid=teamviewer --newest-only --delete --downloadcomps --download-metadata --arch=x86_64 --norepopath --download_path=/var/www/html/yum/stable/main/binary-x86_64/ && createrepo --verbose --update /var/www/html/yum/stable/main/binary-x86_64/