I had no idea some of these options existed, so I appreciate everyones suggestions. In my situation we needed to develop a baseline based off of the current errata and updates. From this point forward we have to use this as a baseline for all certification testing to ensure that the production servers are kept identical to our lab servers that we've done certification testing on. Our lab architecture cannot talk to the production, and vice versa due to security. I had manually downloaded all updates after running a yum update and copying the list of all downloaded packages. I then went to red hat's site, downloaded all of them manually. I copied them to media, as well as to HPSA. When installing with HPSA it failed every time, stating that numerous dependencies were missing (even though they were all present). That could have been an issue with HPSA though. I had run a yum update, TEE-d the results to a file, and copied the exact versions of every listed package and dependency from Red hat's package repo on their website. I copied the same packages to a USB drive and attempted to install using RPM, and it complained about dependencies. I tried installing locally using yum, and it complained that the gpg key wasn't present. This was done on a secure network, so there was no way for me to get the key. Is there a simple way to get it? Is it its own RPM? We do have RHN satellites in both lab and prod, but those networks are inaccessible from our staging/build area, again due to to security constraints (the HPSA subnet is kept separate from everything else and that's the subnet used in the build area). As for setting up a mirror box, that would be impossible due to constraints at the data center where the boxes will be deployed. I'll look into mrepo though, that may help. On Tue, Mar 8, 2011 at 10:42 AM, R P Herrold <herrold@xxxxxxxxxxxx> wrote: > On Tue, 8 Mar 2011, Matty Sarro wrote: > >> Sadly with red hat you have the option of red hat, run satellites, or >> bust. You could use the cent OS repository bit you'd lose your support for >> the system. > > ehh? ÂThis not correct. It is simple enough to use 'mrepo' to 'mirror' > updates, then copy the same up some media to 'transit the air gap', and then > set up a local mirror that CAN be reached by a machine NOT connected > directly to an external network. > > Indeed, via setting up a mirror that CAN see the internet, and having a > second interface that does NOT ROUTE, one avoid the 'sneakernet' step > > 0.0.0.0 --- firewall --- mirror (non-routing) > Â Â Â Â Â Â Â Â Â Â Â Â Â | > Â Â Â Â Â Â Â Â Â Â Â Â Â | > Â Â Â Â Â Â Â Â Â Â Â Â client that cannot 'see' the internet > > We have used such a setup for 'builders' that need to see sources, but > should not be able to see the internet > > -- Russ herrold > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
