- 3,708,775 Users
- 2,241,125 Discussions
- 7,840,603 Comments
Forum Stats
Discussions
Categories
- 22 Industry Applications
- 3.2K Intelligent Advisor
- 4 Insurance
- 746 On-Premises Infrastructure
- 251 Analytics Software
- 21 Application Development Software
- 1.7K Cloud Platform
- 700.4K Database Software
- 17.4K Enterprise Manager
- 4 Hardware
- 107 Infrastructure Software
- 70 Integration
- 45 Security Software
Problem with patching Oracle Linux servers on AWS EC2 Instances
GauravGoel
Posts: 4 Green Ribbon
I am running multiple Oracle Linux servers on AWS EC2 instances and need to be able to patch them. The traffic from AWS to Oracle is traversing through our on-prem firewall. However, I have an issue where the on-prem firewall is intermittently denying outgoing traffic from AWS servers due to mismatch in IP addresses for https://yum.oracle.com URL. When the IP address at on-prem DNS servers and AWS DNS servers are matching, the traffic/request is allowed by the firewall otherwise denied.
I believe this could be due to the fact that Oracle portal is behind a CDN network and the IP addresses keep changing very frequently or different DNS lookup commands are returned with different IP addresses from the pool.
I tried to change the requests to https://yum-us-ashburn-1.oracle.com but it appears to be stuck at Oracle side.
Can someone help me with this please?
Answers
Right,
yum.oracle.comis hosted by Akamai and thus the IP address will change often, based on the geographic location of the request.If you want fixed IP addresses for updates, you'll need to either create your own mirror of
yum.oracle.comor use ULN (which requires an Oracle Linux support subscription).Alternatively you'll need to allow your firewall to allow any akamaitechnologies.com IP address when resolving yum.oracle.com.
Thank you so much. Could you please also share the steps for creating own mirror of yum.oracle.com? Also, can you please explain what is the difference between own mirror and ULN? I don't have Oracle support so I can't check out https://support.oracle.com/knowledge/Oracle%20Linux%20and%20Virtualization/2225149_1.html
If you want to create your own mirror of yum.oracle.com, you can use reposync. I highly recommend using Oracle Linux 8 and the reposync plugin for dnf and the "--download-metadata" parameter to make this easy: https://dnf-plugins-core.readthedocs.io/en/latest/reposync.html
https://oracle-base.com/articles/linux/create-a-local-yum-repository-for-oracle-linux-7 has a solution for Oracle Linux 7.
Thank you so much Miller. I was able to setup my own mirror.
Awesome!