Hi. This page contains information and guidance on untested/pre-release software. Like all information, this page comes with no warranty.

Yam is Dag Wieers’s tool for mirroring the Red Hat Network (RHN) Updates to a local server. If you are using Red Hat Enterprise Linux (RHEL) or similar, and you have lots of machines to update, or want to keep a group of machines at exactly the same patch level, this is of interest to you. Yam supports apt, up2date and yum.

For me, the problem that yam offers to solve is baselining patches. With Solaris, it’s easy, download the latest patch bundle from Sun, apply to development machines, see if anything goes obviously wrong; apply to test machines, test properly; apply to production safe in the knowledge you’ve done everything you can to avoid breaking stuff.

Red Hat have set about making patching easier, using up2date to keep things as fully patched as possible. Just run

up2date -u

And some time later you have a patched machine. Easy peasy. BUT... Log into your test machines a week later and do the same, and you’ll probably get the same patches, plus a few more. Repeat on production a week later and you’re further out of step. You can’t (easily) roll out batches of patches and keep the versions the same as you progress through testing to production. Using Yam I’m hoping to update my repository, update dev, then test, then production against it, then update the repository... etc etc. All safe, I hope.

There are other good reasons to run yam. For instance, it saves on bandwidth, it’s easier to stay firewall friendly, and may speed up patching lots of machines.

You must have the machine you plan to use as the yam server registered with Red Hat Network. Up2date must be working. To test, try the following:

up2date --nox -l

You should get a list of packages to update. Although it is possible to get Yam working against other backends, like the free CentOS repos, this article is about setting up RHEL against RHN. RHN registration is not free, costing several hundred pounds/dollars/euros per server, per year. When registering your system make sure you send no information to Red Hat (this is an option when you run up2date for the first time) as this might confuse yam and RHN. If you’ve already registered you may have to (a) delete the file /etc/sysconfig/rhn/systemid and (b) delete the system from RHN (using the Red Hat web gui) and register again.

For more information about the rhn backend to yam read the README.rhn file that comes with the yam sources.

Some happy sysadmins have a slew of firewalls between their innocent servers and the internet. This is one reason why you might want to use Yam. However, if your proposed Yam master server also cannot ‘see’ the internet then you’ll need to set some proxy environment variables. Assuming bash:-

cd ~
export PROXY=proxy.example.com
export PROXYPORT=3128
export http_proxy=http://${PROXY}:${PROXYPORT}/
export HTTP_PROXY=$http_proxy
mkdir -p .subversion
echo "[global]
http-proxy-host = ${PROXY}
http-proxy-port = ${PROXYPORT}" >> .subversion/servers

Also, set yourself an environment variable for Dag’s repos. You’ll need them:

export DAG=http://dag.wieers.com/packages/

Yam has some dependencies that don’t ship with RHEL (or aren’t in a default install). Some of these are optional, but useful, so I’ve installed them all. To install:

mkdir yamwork
cd yamwork
wget ${DAG}/apt/apt-0.5.15cnc6-4.2.el4.rf.i386.rpm
rpm -i apt-0.5.15cnc6-4.2.el4.rf.i386.rpm
wget ${DAG}/yum/yum-2.0.7-2.1.el3.test.noarch.rpm
rpm -i yum-2.0.7-2.1.el3.test.noarch.rpm
wget $DAG/createrepo/createrepo-0.4.3-1.2.el4.rf.noarch.rpm
rpm -i createrepo-0.4.3-1.2.el4.rf.noarch.rpm
wget $DAG/hardlink++/hardlink++-0.02-2.2.el4.rf.i386.rpm
rpm -i hardlink++-0.02-2.2.el4.rf.i386.rpm
up2date -i rpm-build
up2date -i subversion
up2date -i httpd

Note that the yum version above is in testing and should be considered buggy.

cd ~/yamwork
mkdir yam
svn co http://svn.rpmforge.net/svn/trunk/tools/yam/

Like yum, this version of yam is in testing and should be considered buggy.

You probably don’t want to be root for this. If you’ve not build rpms before and set up your .rpmmacros file and build directories, try this:

cd ~
echo %_topdir $(pwd)/redhat > .rpmmacros
mkdir -p ~/redhat/{SOURCES,BUILD,RPMS,SRPMS,SPECS,tmp}
cd ~/redhat
mkdir -p RPMS/i386 RPMS/athlon RPMS/i486 RPMS/i586 RPMS/i686 RPMS/noarch
cd ~

Once your build environment is ready, you can make the rpm:

cd yamwork
mv yam yam-0.8.0
tar cjf ../redhat/SOURCES/yam-0.8.0.tar.bz2 yam-0.8.0
rpmbuild --define "_tmppath ~/redhat/tmp" -ba yam-0.8.0/yam.spec
cp ~/redhat/RPMS/noarch/yam-0.8.0-1.noarch.rpm /tmp

Now, as root, install:

rpm -i /tmp/yam-0.8.0-1.noarch.rpm 
service httpd start
# ignore errors about yam as an unresolvable hostname for now
service yam start

Note that at some point there will be an official .rpm for 0.8.0. At that point you should uninstall yam and reinstall using the prepared .rpm Dag’s site. The version downloaded with subversion may not be the final 0.8.0 release.

You’ll find a series of README and other files in the yam folder that contain information about the package.

This walk through is for setting up a couple of RHEL mirrors for versions 3 and 4 based on RHN subscriptions and assuming your machine is running RHEL 4. There are many other possibilities, including mirroring third party repos like Dag’s own one, or other distributions like SuSE and Centos.

You must have your system registered with RHN for these steps to work.

Set up the directories where your repositories will be held and copy in your rhn-systemid.

mkdir -p /var/yam/rhel3es-i386/
mkdir -p /var/yam/rhel4es-i386/
cp /etc/sysconfig/rhn/systemid /var/yam/rhel3es-i386/
cp /etc/sysconfig/rhn/systemid /var/yam/rhel4es-i386/

Copying the systemid files may not be strictly necessary in this simple example, but if you need to support a more complex setup with systemid files taken from various hosts, it’s required.

You need to tell yam where to get its data from by configuring the yam.conf file. This is what my /etc/yam.conf looks like, it’s important you get the ‘as’, ‘es’ or ‘ws’ versions to match with what your RHN subscription is for, otherwise this will not work. Change the username:password to the ones you use login to RHN.

[main]
srcdir = /var/yam
wwwdir = /var/www/yam
arch = i386
rhnlogin = username:password

[rhel4es]
name = Red Hat Enterprise Server $release U1 ($arch)
release = 4
rhnrelease = 4ES
arch = i386
metadata = apt yum
iso = RHEL$release-U1-$arch-ES-disc?.iso
updates = rhn:///rhel-$arch-es-$release
extras = rhn:///rhel-$arch-es-$release-extras
#dag = rsync://apt.sw.be/pub/freshrpms/pub/dag/redhat/el$release/en/$arch/RPMS.$repo/

[rhel3es]
name = Red Hat Enterprise Server $release U6 ($arch)
release = 3
rhnrelease = 3ES
arch = i386
metadata = apt yum
iso = RHEL$release-U6-$arch-ES-disc?.iso
updates = rhn:///rhel-$arch-es-$release
extras = rhn:///rhel-$arch-es-$release-extras
#dag = rsync://apt.sw.be/pub/freshrpms/pub/dag/redhat/el$release/en/$arch/RPMS.$repo/

Some permissions tightening is now required, and bounce yam to make sure your file is readable:

chmod og= /etc/yam.conf
chown root.root /etc/yam.conf
service yam restart

Now copy all your ISO images of the RHEL install media, which is downloadable from RHN, into /var/yam/iso/

At this point you can optionally put copies of your ISO images in the /var/yam/iso directory. These then get mounted using ‘loopback’ filesystem and shared out by yam. If you use a lot of ISOs you may run out of loopback devices on your system. You’ll see an error like this:

mount: could not find any free loop device

To increase the number of loopbacks try:

rmmod loop
insmod /lib/modules/`uname -r`/kernel/drivers/block/loop.ko max_loop=32

Check that yam is happy with your configuration:

yam -vv

If everything is OK, then fire up the request for updates. You must do this one distribution at a time or you may break your RHN credentials. This is a known issue and will be fixed in later releases of yam.

for dist in rhel4es rhel3es
do
yam -gv -d $dist
done

You should see lots of output like this:

kdeaddons-3.1.3-1.i386.rpm: ########################## Done.

as the downloads are downloaded.

Subsequent updates can then be done:

for dist in rhel4es rhel3es
do
yam -uxv -d $dist
done