It is necessary for us to provide a list of links/ websites host names and ports on the outgoing network firewall and proxy to enable yum connections and installs from the centos public repositories:
For example, for redhat we are allowing the below
• subscription.rhn.redhat.com:443 [https] AND subscription.rhsm.redhat.com:443 [https]
• cdn.redhat.com:443 [https]
• *.akamaiedge.net:443 [https] OR *.akamaitechnologies.com:443 [https]
Please advise what websites/ links we have to allow for centos servers. I need to patch them.
centos public repo access via the proxy
Re: centos public repo access via the proxy
There is mirrorlist.centos.org (port 80), but that is going to return a randomish selection of external mirrors.
It might be easier for you to keep your own private mirror of the CentOS repositories and point your servers to use that private mirror. That way you would only need to allow that private mirror server outbound rsync access to some mirror that provides rsync.
https://wiki.centos.org/HowTos/CreateLocalMirror has a lengthy description of the process, but in the end it probably boils down to running rsync -vaHz, with possibly some --exclude options if you don't need all the content.
For reference, I use this for my own needs:
It might be easier for you to keep your own private mirror of the CentOS repositories and point your servers to use that private mirror. That way you would only need to allow that private mirror server outbound rsync access to some mirror that provides rsync.
https://wiki.centos.org/HowTos/CreateLocalMirror has a lengthy description of the process, but in the end it probably boils down to running rsync -vaHz, with possibly some --exclude options if you don't need all the content.
For reference, I use this for my own needs:
Code: Select all
#!/bin/sh
MIRRORROOT=/path/to/my/mirror/html
MIRRORSUBDIR=centos
UPSTREAM=rsync://rsync.nic.funet.fi/ftp/pub/mirrors/centos.org/
if ! cd $MIRRORROOT
then
echo "$MIRRORROOT does not exist"
exit
fi
if [ ! -d $MIRRORSUBDIR ]
then
echo "$MIRRORSUBDIR does not exist"
exit
fi
rsync -vaHz --bwlimit=5000 --delete-delay --max-delete=5000 --contimeout=30 --timeout=300 --partial \
--exclude filelist.gz \
$UPSTREAM $MIRRORSUBDIR
# some excludes that I have used at some point (I keep a copy of all files now now):
#--exclude '*/centosplus/*/*/kernel-*' \
#--exclude '5*' \
#--exclude '6*' \
#--exclude '7.3.1611/cloud/*' \
#--exclude '*/atomic/*' \
#--exclude '*/drpms/*' \
#--exclude '*/sclo/*' \
#--exclude '*/centosplus/*' \
#--exclude '*/*/*/repodata/*' \
#--exclude '*/updates/*/*/kernel-*' \
#--exclude '*/xen4/*' --exclude '*/sclo/*' --exclude '*/storage/*' \
#--exclude '*/paas/*' --exclude '*/cloud/*' --exclude '*/virt/*' --exclude '*/opstools/*' \