Update kernel in an airgapped environment (offline)

asfbar · October 12, 2023, 6:15am

Hello penguines,

I have 2 questions regarding updare for an airgapped environment.

how can i update only the rocky kernel (8.5) ?
how can i update an internal rocky repository (also air gapped) while i already created an internal repository let’s say… about a year ago?

Thank you.
Assaf.

iwalker · October 12, 2023, 6:26am

Hi,

Run dnf update kernel to update just the kernel.
A repository needs to have internet access so that it can be mirrored. This is why people run things like Red Hat Satellite or Foreman/Katello so that the server that has the local repository (satellite/foreman/katello) is updated via the internet, and all remaining servers get their updates from the local repository.

jlehtone · October 12, 2023, 8:10am

I do “mirror” repos with plain rsync. Since I sync (most of) directory tree, I do get both packages and repo metadata.
Are there “smarter” tools to mirror repo? Yes.
Is it more convenient to mirror via network? Definitely.

However, one can download repo to removable media, plug the media into isolated machine and sync (rsync -a --delete) from media to the “internal repo” in the machine. That replaces the internal repo with more recent content.

asfbar · October 12, 2023, 10:05am

As i mentioned, i don’t have a connection to the internet in that system so how dnf update will help me here?

iwalker · October 12, 2023, 10:19am

Well we don’t know that. Secondly in your post you said you had a local repository which would mean that you could do updates from it. Until you update that repository then dnf won’t work. In which case, download the kernel from a Rocky mirror and then copy that to the server and install it using:

dnf install ./kernel-version.rpm

where version is replaced with the rest of the filename of the rpm you downloaded. To be honest though you would be better to sort out your local mirror first and ensure the systems are connected to it so that dnf works.

And if you cannot download rpm’s and install them because you don’t have internet access at all, then you have no way to fix either items. Your only alternative then is to download everything using rsync for a mirror to a pendrive or whatever as @jlehtone suggested. In reality that is fine for a one-time update, but really you should be ensuring your local repository is able to have internet access and connect all the other servers to it.

asfbar · October 12, 2023, 10:26am

thank you.

so if i understand you right, the best way will be first to update my local repository (download everything from the internet and the use rsync…)
then, update the kernel.

one more qestion,
can i download a repository for a spesific kernel version?

iwalker · October 12, 2023, 10:37am

If you filter what packages you download with rsync based on filename then yes, otherwise it doesn’t make sense to do that. Just sync everything.