Setting up a local mirrored repository is extremely easy, and can save a lot of time and bandwidth when you have a lot of servers with the same operating system, receiving the same updates.
Note: If you’re running LXD I’d suggest adding in a folder from the host, so all the data we download isn’t clogging up your ZFS partition. You can see how to do that here
Installing the required packages
We’ll need to install apt-mirror and cron.
sudo apt-get update && sudo apt-get install apt-mirror cron
Configuring apt-mirror
Edit the mirror config to specify what repositories should be mirrored.
nano /etc/apt/mirror.list
I’m mirroring all of debian stable, debian testing and then elastic.co’s repo, for filebeat updates (Used in my ELK logging guide here) I have deliberately left out the debian security repository, as I want to get security updates from the official repository, and not rely on my local mirror for those.
root@aptmirror:~# cat /etc/apt/mirror.list ############# config ################## # set base_path /aptmirror # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh # set defaultarch # set postmirror_script $var_path/postmirror.sh # set run_postmirror 0 set nthreads 20 set _tilde 0 # ############# end config ############## #Debian Stable deb http://ftp.nz.debian.org/debian stable main contrib non-free # Debian Testing deb http://ftp.nz.debian.org/debian testing main contrib non-free #Elastic.co ELK stack deb https://artifacts.elastic.co/packages/5.x/apt stable main clean http://ftp.nz.debian.org/debian clean https://artifacts.elastic.co/packages/5.x/apt
Note: Change nz in the repository URL to your country code for faster downloading. For example US for united states, DE for Germany.
Note: The ‘clean’ entries at the bottom specify what mirrored repository should be scanned for old packages for deletion. No deletion will happen automatically, you’ll be advised to run an additional script clean.sh after apt-mirror syncs to delete these.
Note: If you’re using LXD with a host directory mounted – then you’ll also want to uncomment and change base_path to the folder you added into the container.
Running Apt-Mirror
Once you’ve added in your repositories and changed the base path, you can start syncing them by simply swapping to the apt-mirror user and running the apt-mirror command in terminal. Depending on your internet connection, this might take a while. Download size for mine was approx 120GB
su apt-mirror apt-mirror
Creating the cron job to keep your apt-mirror up to date
Once the initial mirror has finished, you can set this up as a cron job, to ensure your local apt-mirror is kept up to date
apt-mirror installs a sample cron job, let’s enable that.
sudo nano /etc/cron.d/apt-mirror
Uncomment the below
0 4 * * * apt-mirror /usr/bin/apt-mirror > /var/log/apt-mirror/cron.log
and save. Once saved cron will run apt-mirror once a day at 4am, to update your local repositories.
Installing a webserver to offer your local repositories to client machines
For this tutorial, I’ll be using lighttpd as my webserver, but any other webserver will do.
sudo apt-get install lighttpd
Once installed, create symbolic links to your repositories into the webroot folder.
Mine are below, but depending on your distro, and what repositories you chose to sync, yours may be different. Check inside your apt-mirror root directory.
ln -s /aptmirror/mirror/ftp.nz.debian.org/debian /var/www/debian ln -s /aptmirror/mirror/artifacts.elastic.co/packages/5.x/apt /var/www/elastic.co
Client side configuration
Now that we have our apt-mirror server setup, all that is left is telling our client computers to use our local repositories. To do this edit the below two files.
/etc/apt/sources.list
/etc/apt/preferences
Editing sources.list.
deb http://security.debian.org/ jessie/updates main deb http://192.168.2.178/debian stable main contrib non-free deb http://192.168.2.178/debian testing main contrib non-free deb http://192.168.2.178/elastic.co stable main
Note: Change the IP Address to the IP Address of your apt-mirror server, and adapt as necessary for your configuration.
Editing preferences
If you’ve added the testing repository, make sure your preferences has this pinned below stable to prevent it being used over stable unless you explicitly state. This is very important if you want a stable system! It’s a good idea to add in unstable and experimental here too. Since we haven’t added them to our sources.list, we wont be receiving updates from them, but you can never be too safe!
Package: * Pin: release a=stable Pin-Priority: 900 Package: * Pin: release a=testing Pin-Priority: 750 Package: * Pin: release a=unstable Pin-Priority: 50 Package: * Pin: release a=experimental Pin-Priority: 1
Testing
Now that we’ve updated the sources.list and preferences files, run an apt-get update and verify the mirror is working as expected
sudo apt-get update
Note: If you added in the elastic.co repo, you’ll need to add the public key for the packages in each of your client machines, otherwise apt-get will give you an error regarding this repo.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
An example of a successful update is below
root@sv-aptmirror:~# sudo apt-get update && sudo apt-get install unattended-upgrades cron filebeat Ign http://192.168.2.178 stable InRelease Ign http://192.168.2.178 stable InRelease Get:1 http://192.168.2.178 stable Release.gpg [2373 B] Get:2 http://192.168.2.178 stable Release.gpg [473 B] Get:3 http://192.168.2.178 stable Release [148 kB] Get:4 http://192.168.2.178 stable Release [4360 B] Get:5 http://192.168.2.178 stable/main amd64 Packages [6776 kB] Get:6 http://security.debian.org jessie/updates InRelease [63.1 kB] Get:7 http://192.168.2.178 stable/contrib amd64 Packages [50.2 kB] Get:8 http://192.168.2.178 stable/non-free amd64 Packages [83.6 kB] Get:9 http://192.168.2.178 stable/contrib Translation-en [38.5 kB] Get:10 http://192.168.2.178 stable/main Translation-en [4582 kB] Get:11 http://192.168.2.178 stable/non-free Translation-en [72.1 kB] Get:12 http://192.168.2.178 stable/main amd64 Packages [12.2 kB] Ign http://192.168.2.178 stable/main Translation-en Get:13 http://security.debian.org jessie/updates/main amd64 Packages [401 kB] Get:14 http://security.debian.org jessie/updates/main Translation-en [210 kB] Fetched 12.4 MB in 3s (3312 kB/s) Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done
If you get errors downloading the package lists, ensure your client can contact the apt-mirror server, and ensure your symbolic links are set up correctly. If both look fine, then check the root path for your webserver, it could be different to mine.
