Configuring a Local Mirror of the ThousandEyes Package Repository
Last updated
Last updated
Customers may need to create a local copy of the ThousandEyes Linux package repositories used by ThousandEyes Enterprise Agents for reasons such as change control or security requirements. This document outlines the requirements and processes to create a local repository mirror containing packages required by the ThousandEyes Enterprise Agents, and to modify ThousandEyes Enterprise Agents to update from the local mirror.
Depending on the type of Linux operating system on which your Enterprise Agents run, you will need to create a Red Hat repository, an Ubuntu repository or both. Mirroring the ThousandEyes repository requires sufficient storage, along with permissions to install software. The Red Hat repository requires at minimum 100 GB storage and the Ubuntu repository requires at minimum 10 GB storage.
NOTE: ThousandEyes Enterprise Agents should run current versions of ThousandEyes packages. If the Agent cannot update because of failure to reach the mirrored repository or with the repository failing to provide current package versions, then there is risk that certain features of the Enterprise Agent will not work as advertised. Use this process at your own risk.
This document provides installation and configuration instructions on a Red Hat Enterprise Linux (RHEL) version 7 server operating system and on an Ubuntu 16.04 server operating system. Other operating systems can be used; consult your operating system documentation to determine what comparable commands are needed for the steps listed below, or contact the ThousandEyes Customer Engineering team.
Don’t be confused: a server running any type of operating system can host either Red Hat or Ubuntu repositories or both. In general, however, we recommend using the same Linux distribution for your server’s operating system as the type of repository, if possible.
General system administration tasks for the server, such as application of updates and patches, are out of scope for this document. Consult your operating system documentation.
Customers using any type of ThousandEyes Appliance should create an Ubuntu mirror. This includes Virtual Appliances, Hyper-V Appliances, Cisco IOS XE container-based Enterprise Agents and the Physical Appliance.
Customers with Enterprise Agents installed via Linux package or Docker container should create mirror types that are the same as the Linux distribution used for the Enterprise Agent (Alpine Linux).
To determine which type(s) of Enterprise Agents are used in your organization, review the listing of your Enterprise Agents from the Enterprise Agents page in the ThousandEyes platform. Enterprise Agent operating systems are listed in the General Info box:
Be sure to check all your Account Groups, as Enterprise Agents may not be assigned to all Account Groups in an organization. The Enterprise Agents page has a selector to display Agents in the current Account Group and not in the current Account Group:
Install wget and Apache’s web server (httpd). wget will be used to copy the contents of the ThousandEyes repository to your mirror.
For systems using systemd to manage services run the following commands (Red Hat v7 variants, Ubuntu 16):
Next we’ll need a directory for the repository’s content. You’ll need at least 10 GB per repository to host this content.
Change the directories of each repository to the apache user (the user is created when installing Apache):
Modify the default page for Apache to be the index of the root directory by editing /etc/httpd/conf.d/welcome.conf. Change the line:
to
then comment out or delete the lines below the LocationMatch directive block, so that the configuration file has only:
Next, based on whether you’re going to host a Red Hat mirror, an Ubuntu mirror or both, configure Apache’s DocumentRoot (the directory that is accessed when browsing a URL path of “/”) to be the newly created repository’s parent directory. Also, set the option to allow browsing the index of that directory. The configuration file is /etc/httpd/conf/httpd.conf.
This example shows the configuration for a single mirror of the Red Hat type:
If you are hosting an Ubuntu mirror, change the two instances of “yum” to “apt” in the above configuration. For an Alpine mirror, change to the two instances of “yum” to “apk”.
If hosting multiple types, the configuration uses the parent directory as the DocumentRoot:
Once edits to httpd.conf are complete, restart Apache:
If your security policies require your local mirror to run SSL/TLS, obtain and install a server certificate on the web server. This document doesn’t cover creation or installation of server certificates. Consult the Apache Project’s HTTP Server documentation and other publicly available resources.
NOTE: self-signed certificates cannot be used to host a repository server, as the certificate verification performed by the yum, apt, apk, and other package management utilities will fail.
If the server is running iptables, then configure a rule (typically in the INPUT chain) to allow access to port 80/TCP from any Enterprise Agent (or port 443 if using SSL/TLS). If the server is running another type of host-based firewall, then consult the documentation for the firewall software to allow access to the web server.
Verify that you can access the web server in a browser on the local network. You should be able to use Chrome or another browser to load the web site on port 80/TCP and/or 443/TCP if using SSL/TLS. Ensure that you can get a directory listing of the DocumentRoot directory and the yum/apt/apk directories.
On each Enterprise Agent, you’ll need to modify the repository location in the file that the package manager consults when checking for packages. The location is based on the choice of installation type: yum, apt, or apk.
Modify the existing repository file
Edit /etc/yum.repos.d/thousandeyes.repo and add an enabled=0 line to the file.
Change "[thousandeyes]" to "[thousandeyes-mirror]"
Change "name=Thousandeyes" to "name=Thousandeyes-mirror"
Set enabled=1
Change "basename" to use the destination to the IP address or hostname of the web server
Change "basename" to use the https protocol if using SSL/TLS
Edit /etc/apt/sources.list.d/thousandeyes.list and comment out the one line in the top of the file by adding a # character to the beginning of the line.