Create a local Ubuntu mirror

If you need to update more than one Ubuntu based Workstation or Server on a regular base, it can save you a good amount of bandwidth if you provide new packages and updates through a local Ubuntu mirror. In this document i write down the steps i’ve used to create one, based on Ubuntu 10.04 LTS, apt-mirror and the NGINX webserver.

One sidenote i need to mention is that this article should also work for Debian with little or no modification (untested)

General

Our setup will consist of a Ubuntu 10.04 LTS Server which runs apt-mirror on a daily schedule to receive the updates from the upstream mirror and nginx to deliver the packages to the local clients. I assume that you have a good working knowledge on how to do system administration tasks, like creating filesystems, editing files and restarting services. Because i am behind a complex Network which uses a HTTP Proxy to communicate with the outside world i will also describe the steps necessary to use the proxy to retrieve the updates.

Please read carefully through this tutorial as i will not always mention to adapt the settings to your own environment (hostnames and ports)

Server Setup

Base Installation

1. Install the Server system (or use a existing one which you would/could use for this purpose). Configure a /mirror mountpoint which has plenty of space available. At the date of writing, one distribution for both architectures (x86 and x64) eats up about 80 GiB of data.

2. Configure the server to use the proxy for apt operations by creating /etc/apt/apt.conf.d/09proxy and inserting the following line:

Acquire::http::proxy "http://yourproxy:8080/";

3. Perform a initial server update to get the latest and greatest packages available:

apt-get update
apt-get dist-upgrade

Network Time Protocol Installation

We want to make sure that our server has the correct time.

1. Install the Package

apt-get install ntp

2. Configure your time sources by editing /etc/ntp.conf (this step is only necessary if you have a local NTP server and can be skipped if you’re using Internet based timeservers)

server 10.138.15.160 version 3 prefer
server 10.154.15.160 version 3

3. Set the system time initially by executing:

ntpdate -b 10.138.15.160

4. Restart the NTP Daemon:

/etc/init.d/ntp restart

Postfix Installation

Our server should be able to send us emails (with status updates, etc.)

1. Install the Package

apt-get install postfix

2. During the installation you should choose “Satellite System” and configure your upstream SMTP Server. If you already have installed Postfix, do a

dpkg-reconfigure --configure postfix

to start the reconfiguration process again

3. Test your mail setup by executing:

sendmail me@mydomain.com << EOF
Hello
EOF

4. Make mails going to root and apt-mirror (this use does not exist already, but will when we are finished) forwarded to your real address. Edit /etc/aliases and append/replace:

root: me@mydomain.com
apt-mirror: me@mydomain.com

Afterwards, create the aliases database by executing:

newaliases

5. Restart the postifx Daemon:

/etc/init.d/postfix restart

Install apt-mirror

This is our real workhorse which will do the actual retrievment of packages and updates

1. Install the package

apt-get install apt-mirror

2. Configure which distributions you want to mirror by editing /etc/apt/mirror.list and inserting the following content (adopt to your needs):

############# config ##################
#
# set base_path    /var/spool/apt-mirror
#
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path     $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0

set base_path /mirror
set mirror_path /mirror/www
set nthreads     8
set defaultarch i386
set _tilde 0

# lucid lynx (10.04 LTS) for i386 architecture
deb http://at.archive.ubuntu.com/ubuntu lucid main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu lucid-security main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu lucid-backports main restricted universe multiverse

# lucidy lynx (10.04 LTS) for amd64 architecture
deb-amd64 http://at.archive.ubuntu.com/ubuntu lucid main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu lucid-security main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu lucid-backports main restricted universe multiverse


# oneiric ocelot (11.10) for i386 architecture
deb http://at.archive.ubuntu.com/ubuntu oneiric main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu oneiric-security main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu oneiric-updates main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu oneiric-proposed main restricted universe multiverse
deb http://at.archive.ubuntu.com/ubuntu oneiric-backports main restricted universe multiverse

# oneiric ocelot (11.10) for amd64 architecture
deb-amd64 http://at.archive.ubuntu.com/ubuntu oneiric main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu oneiric-security main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu oneiric-updates main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu oneiric-proposed main restricted universe multiverse
deb-amd64 http://at.archive.ubuntu.com/ubuntu oneiric-backports main restricted universe multiverse

# security patches for lucid
deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted
deb-i386 http://security.ubuntu.com/ubuntu lucid-security universe
deb-i386 http://security.ubuntu.com/ubuntu lucid-security multiverse
deb-amd64 http://security.ubuntu.com/ubuntu lucid-security main restricted
deb-amd64 http://security.ubuntu.com/ubuntu lucid-security universe
deb-amd64 http://security.ubuntu.com/ubuntu lucid-security multiverse

# security patches for oneiric
deb-i386 http://security.ubuntu.com/ubuntu oneiric-security main restricted
deb-i386 http://security.ubuntu.com/ubuntu oneiric-security universe
deb-i386 http://security.ubuntu.com/ubuntu oneiric-security multiverse
deb-amd64 http://security.ubuntu.com/ubuntu oneiric-security main restricted
deb-amd64 http://security.ubuntu.com/ubuntu oneiric-security universe
deb-amd64 http://security.ubuntu.com/ubuntu oneiric-security multiverse

## remove the comments if you want to get the sources too
#deb-src http://at.archive.ubuntu.com/ubuntu lucid main restricted universe multiverse
#deb-src http://at.archive.ubuntu.com/ubuntu lucid-security main restricted universe multiverse
#deb-src http://at.archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse
#deb-src http://at.archive.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse
#deb-src http://at.archive.ubuntu.com/ubuntu lucid-backports main restricted universe multiverse

clean http://at.archive.ubuntu.com/ubuntu
clean http://security.ubuntu.com

In my case i am mirroring 10.04 LTS and 11.10, both architectures available and the security updates

3. Create the necessary directories:

mkdir /mirror/var /mirror/www /mirror/skel

4. Configure wget (which is used by apt-mirror) to go through the http proxy by editing /etc/wgetrc and enabling the following options (skip this one if you aren’t using a http proxy to connect to the internet)

http_proxy
use_proxy

5. Enable the cron entry for apt-mirror by editing /etc/cron.d/apt-mirror and removing the hash at the beginning of the line. Also adopt the time when to run the updater. In my case, the file looks like:

30 02   * * *   apt-mirror      /usr/bin/apt-mirror 2>&1 1>/mirror/apt-mirror.log

This one will run apt-mirror every night at 02:30 am

6. Make apt-mirror send you a status report of it’s last run by editing /mirror/var/postmirror.sh (this one is executed by apt-mirror after it has finished) and inserting the following script:

#!/bin/bash
# environment
export TEMPFILE=/tmp/apt-mirror-mail.tmp.${RANDOM}
export LOGFILE=/mirror/apt-mirror.log
export SENDMAIL=/usr/sbin/sendmail

# run clean script
CS=/mirror/var/clean.sh
chmod 755 ${CS}
${CS} 2>&1 >> ${LOGFILE}

# send status mail to apt-mirror
echo From: `whoami`@`hostname` >> ${TEMPFILE}
echo To: `whoami` >> ${TEMPFILE}
echo Subject: apt-mirror fetch status from `date` >> ${TEMPFILE}
echo >> ${TEMPFILE}
cat ${LOGFILE} >> ${TEMPFILE}

${SENDMAIL} `whoami` < ${TEMPFILE}
rm ${TEMPFILE}

This one will simply run the cleanup script (which in turn removes obsolete files) and send us the logfile

7. Do a initial mirror run

su --command apt-mirror apt-mirror

This will probably take a few hours to complete

Install nginx

We serve our updates to the clients using the nginx Webserver

1. Install the Package

apt-get install nginx

2. Remove the default configuration file

rm /etc/nginx/sites-enabled/default

3. Create a new configuration by creating /etc/nginx/sites-available/ubuntu-mirror with the following content:

server {
		listen   80 default;
		server_name susrtumi1.health.local susrtumi1;
		gzip off;

		access_log  /var/log/nginx/ubuntu-mirror-access.log;

		location /ubuntu {
				alias  /mirror/www/at.archive.ubuntu.com;
				autoindex on;
		}

		location /ubuntu-security {
				alias /mirror/www/security.ubuntu.com;
				autoindex on;
		}
}

4. Relink the new configuration file to be used by nginx:

cd /etc/nginx/sites-enabled
ln -s ../sites-available/ubuntu-mirror

5. Set the correct permissions:

chown -R apt-mirror:www-data /mirror
chmod -R 775 /mirror

6. Restart nginx

/etc/init.d/nginx restar

Possible Errors (i encountered these)

1. Disable your local proxy by removing /etc/apt/apt.conf.d/09proxy (not needed because the server will also fetch the updates from himself)

2. apt-mirror complains that it’s running, but its not – remove /mirror/var/apt-mirror.lock

3. apt-mirror complains about not being able to write to the mirror directory – this happened because permissions weren’t set up at the state apt-mirror was run:

chmod -R 775 /mirror/www
chown -R apt-mirror:www-data /mirror/www

Client configuration

1. Edit /etc/apt/sources.list to point to our local server. Below is a example for 10.04 LTS:

deb http://susrtumi1.health.local/ubuntu/ubuntu lucid main restricted
deb http://susrtumi1.health.local/ubuntu/ubuntu lucid-updates main restricted
deb http://susrtumi1.health.local/ubuntu/ubuntu lucid universe
deb http://susrtumi1.health.local/ubuntu/ubuntu lucid-updates universe
deb http://susrtumi1.health.local/ubuntu/ubuntu lucid multiverse
deb http://susrtumi1.health.local/ubuntu/ubuntu lucid-updates multiverse
deb http://susrtumi1.health.local/ubuntu-security/ubuntu lucid-security main restricted
deb http://susrtumi1.health.local/ubuntu-security/ubuntu lucid-security universe
deb http://susrtumi1.health.local/ubuntu-security/ubuntu lucid-security multiverse

2. If you are using non mirrored repositories (like google’s chrome repository) and your http proxy is not able to resolve your local mirror, use CNTLM to access your proxy for everything except the local mirror:

2.1. Install the CNTLM package

apt-get install cntlm

2.2. Configure CNTLM to use no proxy for the local update server by inserting the following line to it’s configuration:

NoProxy susrtumi1*

2.3. Configure APT to use the proxy by creating /etc/apt/apt.conf.d/09proxy with the following content:

Acquire::http::proxy "http://localhost:5865/";

3. Update your system

apt-get update
apt-get dist-upgrade

You should notice that apt is now using your local mirror.

Print This Page Print This Page