Say you would like to host a yum repository with 99.9% uptime due to an SLA requirement. One way to pull this off is to have some sort HA solution with multiple instances behind a load balancer, or just use S3.
Unfortunately for this to work, you will need to have a tiny VM / EC2 instance with enough disk space
to sync the bucket and update the repo metadata
repomd.xml. This VM is used only
to update the repo.
Lets say you loose this VM because amazon hates you. Your infrastructure wouldn’t even notice. Your clients will still be able to query the repository and function as expected. The only downside is that the repository will not be up to date, until you get a new VM online.
So lets get to it, hosting a yum repository on S3 is surprisingly easy. Here is how…
Setup IAM credentials
Create an EC2 instance with an IAM role that looks similar to the following.
Make sure to create your IAM role first then attach the role to your EC2 instance.
Setup Bucket Policy
Create an S3 Bucket and add the following bucket policy. This bucket policy restrict access to specific IP addresses. Which is convenient for network setups that have one IP address per VPC, otherwise it becomes a bit compression to manage the whitelisting of IPs.
The update script
This script requires the awscli tool which can be installed via pip. Install
awscli and the update script on your newly created server that is attached
to the newly created IAM role.
$ pip install awscli
I would recommend to run this script on a cron job.
* * * * * root /path/to/update_repo.sh
To set up your clients to connect to the repo, create
that looks similar to the following example.
At this point your done! But one improvement you can make is to start adding rules to your S3 bucket so that packages auto-expire. Depending on your environment, you can set up rules to send packages to glacier or simply be deleted after a specific amount of time.