Understanding Software Sources
OS Management Hub provides OS content to Oracle Linux instances using software sources (repositories).
A software source is a collection of packages and modules. Use software sources to control the content that's available to instances managed by OS Management Hub. When you add or create software sources in OS Management Hub, it's on a per region basis.
Software sources apply to Oracle Linux instances only. Windows instances don't use software sources.
See also:
Software Source Types
Vendor Software Sources
A vendor software source is a software repository provided by an OS vendor. To use a vendor source in OS Management Hub, you must add the vendor source to the root compartment of the tenancy. You can then replicate the source to other compartments if needed. Some vendor software sources might be restricted, or be a premium product, requiring an entitlement to unlock access (see Availability).
Vendor software sources are the foundational software source type in OS Management Hub. They're used as the basis for content in custom software sources and versioned custom software sources. You must first add vendor software sources to the service before creating custom software sources.
OS Management Hub receives package updates from the OCI regional yum server and updates any corresponding vendor software sources (or custom software sources that use the auto-update feature). These package updates are then available to instances that use those software sources.
Third-party (private) repositories aren't supported in OS Management Hub. See Known Issue: Can't use private or third-party repositories.
See also: Creating a Snapshot of a Vendor Software Source.
Guidelines for Adding Vendor Software Sources
When you add vendor sources to OS Management Hub, follow these guidelines:
-
Add vendor software source to OS Management Hub before registering Oracle Linux instances with the service.
Note
Autonomous Linux instances require a minimum set of vendor software sources which are automatically added to OS Management Hub when you register an Autonomous Linux instance. For more information, see Mandatory Software Sources.
-
Add at least the minimum software sources to support the OS version of an instance.
- Oracle Linux 8 and Oracle Linux 9 require the BaseOS and AppStream software sources.
- If using Oracle Linux Unbreakable Enterprise Kernel (UEK), add the UEK software source to ensure that instances get kernel updates and patches.
- See Managing Software in Oracle Linux for more information on Oracle Linux repositories.
-
Only add the content that's relevant to your environment to follow security best practices. This is the first level of control you have over the content available to instances in OS Management Hub. See Security: Selecting Software Sources.
- For example, if you aren't using the Gluster AppStream repository in Oracle Linux 8, don't add that software sources to the service.
Custom Software Sources
A custom software source is a software repository derived from vendor software sources. Custom sources enable you to create specific sets of packages or modules that you want to manage and apply to instances.
To create a custom source, you select vendor software sources to use as a foundation. These must all be of the same OS version and architecture. Then using filters or a package list, you identify the packages and modules to include or exclude from the vendor software sources. This creates a source that's a subset of the packages and modules provided by the base vendor software sources. You can then attach custom software sources to profiles, instances, or groups (lifecycle environments use versioned custom software sources).
The availability of a custom software source depends on the availability of the vendor software sources that are used to create it. For example, if a custom source uses a vendor source that's available only in OCI, then the custom source is also available only in OCI.
- Creating a Snapshot of a Vendor Software Source
- Automatically Resolving Dependencies
- Automatically Updating Content
- Using Filters and Package Lists
- Limiting Packages and Modules to the Latest Version
Creating a Snapshot of a Vendor Software Source
A common use of custom software sources is to create a snapshot of a vendor software source. To do this, create a custom software source with auto-update disabled, auto-resolve disabled, and no filters or package list specified. This creates a copy of the vendor software source but with packages that remain at the versions available when the source was created. This can be useful if you want instances to have access to a vendor software source, but want to limit access to future package updates.
Automatically Resolving Dependencies
When creating a custom software source, you can choose to have the service automatically resolve package and module dependencies by enabling the Automatically resolve packages and module dependencies option. Dependency resolution can only include packages within vendor software sources that are part of the custom source. If a dependent package resides in an vendor source not included in the custom source, the dependent package will not be included and the custom software source creation will fail.
When using the auto-resolve option, the custom software source also includes the package dependencies of your filters or package list. Therefore, when viewing available packages, you might see packages in the custom software source not explicitly specified by your filters or package list.
If you don't provide filters or a packages list, the auto-resolve option is ignored and a snapshot of the vendor software sources is created. See Creating a Snapshot of a Vendor Software Source.
Automatically Updating Content
When creating a custom software source, you can choose to have the service automatically update the content of the custom software source to include the latest available packages by enabling the Automatically update content option. OS Management Hub checks for updates once every 24 hours.
If using filters and the auto-update option, the service only updates content when the filter doesn't specify a version (such as Include | Package | zsh
). When the filter specifies a version (such as Include | Package | zsh | 5.5.1-6.el8
), the service ignores the auto-update option and the package remains at the specified version.
If using a package list and the auto-update option, the service ignores the auto-update option for packages specified in the list. Package lists require the full version of the package to be specified and these packages remain at the version specified.
If also using the auto-resolve option, dependent packages that aren't specified in the package list or by a filter could be updated.
You can't use the auto-update option with versioned custom software sources.
Using Filters and Package Lists
You can use either filters or a package list to identify specific content that the custom software source contains. You define filters or a package list when creating a custom software source or when editing filters or the package list for a custom software source.
- Filters
-
Use filters to either include or exclude content to build custom software sources. The types of filters include:
- Group to specify a package group. The package groups available depend on the software sources included in the custom source.
- Module to specify a module stream and module stream profile.
- Package to specify a package name and version. The acceptable package version format is 'epoch:version-release' or 'version-release'. For example, package name:
edk2-ovmf
and package version:1:20210616-3.el8
.
If using the auto-resolve dependencies option, the custom software source also includes the package dependencies of your filters. Therefore, when viewing available packages, you might see additional packages in the custom software source not explicitly specified by your filters.
If using the auto-update option, when your filter specifies a version of a package, the option is ignored for that package and it remains at the specified version. However, when your filter specifies a package without a version, the service will update the package to the latest available version.
Additionally, you can use the latest-only option to limit packages and modules to the latest versions. This option adds only the latest version of the package or module stream within the constraints of your filters or package list.
- Package List
-
Use a package list to specify which packages to include in the custom software source. You can run
rpm -qa
on a reference instance to create a list of packages.For example, the format of the packages would be:
pam-1.3.1-27.el8.x86_64 openssl-libs-1.1.1k-12.el8_9.x86_64 libreport-filesystem-2.9.5-15.0.4.el8.x86_64
The auto-update and latest-only options are ignored when using a package list. The package versions remain at the levels specified in the list.
Limiting Packages and Modules to the Latest Version
When creating a custom software source, you can choose to limit the packages and modules included in the source to only the latest available versions. Enabling the Only include the latest version option adds only the latest version of the package or module stream within the constraints of your filters or package list. This gives you more control over the content of the custom software source and prevents instances from installing older versions of packages.
When using the latest-only with a package list, the service includes only the specified version of the package.
When the latest-only option is enabled, 'Include' filters behave as follows:
- For a package filter that doesn't specify a version, includes only the latest available version of the package.
- For a package filter that specifies a version, includes only the specified version of the package.
- For a module filter that doesn't specify a stream, includes all available streams. Within each stream, includes only the latest version of packages.
- For a module filter that specifies a stream, includes only the latest version of packages for the specified stream.
- For a group filter, includes only the latest version of packages for the group.
If also using the auto-resolve option, dependent packages that aren't constrained by the package list or by a filter are limited to the latest version available.
As an example, consider the following filters for an Oracle Linux 8 custom software source:
Filter | Packages and modules included when using latest-only option | Packages and modules included when not using latest-only option |
---|---|---|
Include | Package | zsh |
zsh-5.5.1-10.el8 (includes only the latest version of the zsh package) |
zsh-5.5.1-10.el8 zsh-5.5.1-9.el8 zsh-5.5.1-6.el8 zsh-5.5.1-6.el8_1.2 (includes all versions of the zsh package) |
Include | Package | zsh | 5.5.1-6.el8 |
zsh-5.5.1-6.el8 (includes the latest version within constraints of the filter of the zsh package) |
zsh-5.5.1-6.el8 (includes the specified version of the zsh package) |
Include | Module | maven |
maven-3.7 maven-3.6 maven-3.5 (includes only the latest version of packages within each stream) |
maven-3.7 maven-3.6 maven-3.5 (includes all versions of packages in each stream) |
Include | Module | maven | 3.6 |
maven-3.6 (includes only the latest version of packages in the stream) |
maven-3.6 (includes all versions of packages in the stream) |
Include | Group | Networking Tools |
network-tools (includes only the latest version of packages in the group) |
network-tools (includes all versions of packages in the group) |
No filters | Includes only the latest version of packages from the underlying vendor software sources. For modules, this means only the latest packages from each module stream. | Includes all versions of packages and modules in the underlying vendor software sources. |
Versioned Custom Software Sources
A versioned custom software source is a custom software source specifically used in lifecycle environments. See Creating a Versioned Custom Software Source.
A versioned custom software source has several distinct attributes:
- Version designator: During creation, you assign a version to the software source.
- Specific package content: During creation, you use filters or a package list to limit the content. A versioned custom software source should only include the packages and modules you want to install on target instances. When creating a versioned custom software source with filters, the latest-only option is required.
- Immutable: Once created, you can't change the packages and modules in the software source, or its version.
Carefully select the packages and modules in a versioned custom software source. When promoted to a lifecycle stage, the service installs all content in a versioned source to the target instances.
Availability
After adding a vendor software source to the service, the source isn't automatically available to all instance types. The availability of the source can differ for OCI instances and on-premises or third-party cloud instances. Some sources, such as oci_included
, are only applicable to only OCI instances. Other sources, such as ksplice
, might require entitlements for non-OCI instances. Until you add the entitlement, the ksplice
software source is available only for OCI instances.
The availability of custom software sources is dictated by the availability of the vendor software sources that are used to create it. For example, if a custom source uses a vendor source that's available only in OCI, then the custom source is also available only in OCI.
Availability status of a software sources
You can view the availability of a software source in two places within the Console: on the source's details page or when adding vendor sources to the service.
When viewing a software source's details, possible statuses include:
- Available for instances in: OCI, On premises, 3rd-party cloud: The software source can be used by all instances.
- Available for instances in: OCI: The software source is restricted for on-premises or third-party cloud instances, but can be used by OCI instances. Some sources are available to OCI instances only, such as
oci_included
. For other sources, such asksplice
, you can add an entitlement to make it available to on-premises or third-party cloud instances. - Available for instances in: -: The software source hasn't yet been added to the service for use by instances. Add the vendor software source to make it available.
When adding a vendor software source, possible statuses in the Restricted column include:
- - (dash): The software source isn't restricted. It can be used by all instance types.
- Unavailable in non-OCI: The software source isn't restricted, but isn't valid for use by on-premises or third-party cloud instances. For example,
ol8_oci_included-x86_64
which provides packages only used by OCI instances. - OCI use only: The software source is currently only available to OCI instances. It can't be used by on-premises or third-party cloud until you add an entitlement.
Management Station Mirrors
A system assigned the role of management station mirrors and distributes software sources to instances on premises or in supported third-party clouds. Management stations only mirror the software sources required to support the instances that use it. The list of mirrored software sources will be empty until you register a profile that uses the station. See Understanding Mirror Syncing.