Chapter 5. Preparing network-based repositories


You must prepare repositories to install RHEL from your network system.

5.1. Ports for network-based installation

The following table lists the ports that must be open on the server for providing the files for each type of network-based installation.

Table 5.1. Ports for network-based installation
Protocol usedPorts to open

HTTP

80

HTTPS

443

FTP

21

NFS

2049, 111, 20048

TFTP

69

Additional resources

5.2. Creating an installation source on an NFS server

You can use this installation method to install multiple systems from a single source, without having to connect to physical media.

Prerequisites

  • You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
  • You have downloaded the full installation DVD ISO from the Product Downloads page.
  • You have created a bootable CD, DVD, or USB device from the image file.
  • You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
Important

Ensure that you use different paths in inst.ks and inst.repo. When using NFS to host the installation source, you cannot use the same nfs share to host the Kickstart.

Procedure

  1. Install the nfs-utils package:

    # dnf install nfs-utils
  2. Copy the DVD ISO image to a directory on the NFS server.
  3. Open the /etc/exports file using a text editor and add a line with the following syntax:

    /exported_directory/ clients
    • Replace /exported_directory/ with the full path to the directory with the ISO image.
    • Replace clients with one of the following:

      • The host name or IP address of the target system
      • The subnetwork that all target systems can use to access the ISO image
      • To allow any system with network access to the NFS server to use the ISO image, the asterisk sign (*)

      See the exports(5) man page for detailed information about the format of this field.

      For example, a basic configuration that makes the /rhel10-install/ directory available as read-only to all clients is:

      /rhel10-install *
  4. Save the /etc/exports file and exit the text editor.
  5. Start the nfs service:

    # systemctl start nfs-server.service

    If the service was running before you changed the /etc/exports file, reload the NFS server configuration:

    # systemctl reload nfs-server.service

    The ISO image is now accessible over NFS and ready to be used as an installation source.

    When configuring the installation source, use nfs: as the protocol, the server host name or IP address, the colon sign (:), and the directory holding the ISO image. For example, if the server host name is myserver.example.com and you have saved the ISO image in /rhel10-install/, specify nfs:myserver.example.com:/rhel-10-install/ as the installation source.

5.3. Creating an installation source by using HTTP or HTTPS

You can create an installation source for a network-based installation by using an installation tree, which is a directory containing extracted contents of the DVD ISO image and a valid .treeinfo file. The installation source is accessed over HTTP or HTTPS.

Prerequisites

  • You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
  • You have downloaded the full installation DVD ISO from the Product Downloads page.
  • You have created a bootable CD, DVD, or USB device from the image file.
  • You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
  • The httpd package is installed.
  • The mod_ssl package is installed, if you use the https installation source.
Warning

If your Apache web server configuration enables SSL security, prefer to enable the TLSv1.3 protocol. By default, TLSv1.2 (LEGACY) is enabled.

Important

If you use an HTTPS server with a self-signed certificate, you must boot the installation program with the noverifyssl option.

Procedure

  1. Copy the DVD ISO image to the HTTP(S) server.
  2. Create a suitable directory for mounting the DVD ISO image, for example:

    # mkdir /mnt/rhel10-install/
  3. Mount the DVD ISO image to the directory:

    # mount -o loop,ro -t iso9660 /image_directory/image.iso /mnt/rhel10-install/

    Replace /image_directory/image.iso with the path to the DVD ISO image.

  4. Copy the files from the mounted image to the HTTP(S) server root.

    # cp -r /mnt/rhel10-install/ /var/www/html/

    This command creates the /var/www/html/rhel10-install/ directory with the content of the image. Note that some other copying methods might skip the .treeinfo file which is required for a valid installation source. Entering the cp command for entire directories as shown in this procedure copies .treeinfo correctly.

  5. Start the httpd service:

    # systemctl start httpd.service

    The installation tree is now accessible and ready to be used as the installation source.

    Note

    When configuring the installation source, use http:// or https:// as the protocol, the server host name or IP address, and the directory that contains the files from the ISO image, relative to the HTTP server root. For example, if you use HTTP, the server host name is myserver.example.com, and you have copied the files from the image to /var/www/html/rhel10-install/, specify http://myserver.example.com/rhel-10-install/ as the installation source.

5.4. Creating an installation source by using FTP

You can create an installation source for a network-based installation by using an installation tree, which is a directory containing extracted contents of the DVD ISO image and a valid .treeinfo file. The installation source is accessed over FTP.

Prerequisites

  • You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
  • You have downloaded the full installation DVD ISO from the Product Downloads page.
  • You have created a bootable CD, DVD, or USB device from the image file.
  • You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
  • The vsftpd package is installed.

Procedure

  1. Open and edit the /etc/vsftpd/vsftpd.conf configuration file in a text editor.

    1. Change the line anonymous_enable=NO to anonymous_enable=YES
    2. Change the line write_enable=YES to write_enable=NO.
    3. Add lines pasv_min_port=<min_port> and pasv_max_port=<max_port>. Replace <min_port> and <max_port> with the port number range used by the FTP server in passive mode, for example, 10021 and 10031.

      This step might be necessary in network environments featuring various firewall/NAT setups.

    4. Optional: Add custom changes to your configuration. For available options, see the vsftpd.conf(5) man page. This procedure assumes that default options are used.

      Warning

      If you configured SSL/TLS security in your vsftpd.conf file, ensure that you enable only the TLSv1 protocol, and disable SSLv2 and SSLv3. This is due to the POODLE SSL vulnerability (CVE-2014-3566). For more information, see the Red Hat Knowledgebase solution Resolution for POODLE SSLv3.0 vulnerability.

  2. Configure the server firewall.

    1. Enable the firewall:

      # systemctl enable firewalld
    2. Start the firewall:

      # systemctl start firewalld
    3. Configure the firewall to allow the FTP port and port range from the previous step:

      # firewall-cmd --add-port min_port-max_port/tcp --permanent
      # firewall-cmd --add-service ftp --permanent

      Replace <min_port> and <max_port> with the port numbers you entered into the /etc/vsftpd/vsftpd.conf configuration file.

    4. Reload the firewall to apply the new rules:

      # firewall-cmd --reload
  3. Copy the DVD ISO image to the FTP server.
  4. Create a suitable directory for mounting the DVD ISO image, for example:

    # mkdir /mnt/rhel10-install
  5. Mount the DVD ISO image to the directory:

    # mount -o loop,ro -t iso9660 /image-directory/image.iso /mnt/rhel10-install

    Replace /image-directory/image.iso with the path to the DVD ISO image.

  6. Copy the files from the mounted image to the FTP server root:

    # mkdir /var/ftp/rhel10-install
    # cp -r /mnt/rhel10-install/ /var/ftp/

    This command creates the /var/ftp/rhel10-install/ directory with the content of the image. Some copying methods can skip the .treeinfo file which is required for a valid installation source. Entering the cp command for whole directories as shown in this procedure will copy .treeinfo correctly.

  7. Make sure that the correct SELinux context and access mode is set on the copied content:

    # restorecon -r /var/ftp/rhel10-install
    # find /var/ftp/rhel10-install -type f -exec chmod 444 {} \;
    # find /var/ftp/rhel10-install -type d -exec chmod 755 {} \;
  8. Start the vsftpd service:

    # systemctl start vsftpd.service

    If the service was running before you changed the /etc/vsftpd/vsftpd.conf file, restart the service to load the edited file:

    # systemctl restart vsftpd.service

    Enable the vsftpd service to start during the boot process:

    # systemctl enable vsftpd

    The installation tree is now accessible and ready to be used as the installation source.

    When configuring the installation source, use ftp:// as the protocol, the server host name or IP address, and the directory in which you have stored the files from the ISO image, relative to the FTP server root. For example, if the server host name is myserver.example.com and you have copied the files from the image to /var/ftp/rhel10-install/, specify ftp://myserver.example.com/rhel-10-install/ as the installation source.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.