Notes personelles

In case you have a server in a DMZ, with no internet access, you need to have another to update your server and keep it safe from knwown vulnerabilities. Tested sucessfully with a RedHat server 8

Prerequisites :

• 1 updated redhat server 8 with an activated subscription and an internet access
• an access to the offline server to download/upload the offline tar file we will create from the RPM database

1) Create a tar file from the RPM database on the offline server, and copy this tar file to the online server (to be updated) :

tar cjf rpm_db.tar.bz2 /var/lib/rpm
scp rpm_db.tar.bz2 root@online:/tmp/

2) Extract the tar file on the online system into an empty directory

mkdir /tmp/rpm_db/
tar xf /tmp/rpm_db.tar.bz2 -C /tmp/rpm_db/

3) On the online system, download all the RPM packages. It will download all the last available updates based on the offline RPM database previously uncompressed

yum update --downloadonly --downloaddir /tmp/rpm_db --installroot=/tmp/rpm_db/

4) Create the downloaded rpm updates into a tar file, and copy it from the online system to the offline system, and untar it into a new directory :

tar cjf rpm-updates.tar.bz2 /tmp/rpm_db/*.rpm
scp rpm-updates.tar.bz2 root@offline:/tmp/
ssh root@offline
mkdir /tmp/rpms
tar xf /tmp/rpm-updates.tar.bz2 -C /tmp/rpms

5) On the offline server, to be sure the update will work and won't try to download any file on internet, verify in your /etc/yum.repos.d/redhat.repo if all enabled and enabled_metadata entries are set to 0

grep enabled /etc/yum.repos.d/redhat.repo

6) Update the offline system with the command :

yum localinstall /tmp/rpms/tmp/rpm_db/*.rpm

7) The installation will be performed !

Enjoy