Debian Planet

Welcome to Debian Planet


Apt-get into it.
Main Menu

  • Home

  • Topics

  • Web Links

  • Your Account

  • Submit News

  • Stats

  • Top 10

  • Debian

    These are important Debian sites one should not be without!

  • Official Debian site

  • Package search

  • Mailing list archives

  • Bug reports

  • Debian on CD

  • Unofficial woody CD ISOs

  • Unofficial APT sources

  • Developers' Corner

    Other great Debian news sources:

  • Debian Weekly News

  • Kernel Cousin Debian

    (Debian mailing lists digested)
  • Community Groups

    Need help? You're not alone on this planet.

  • debianHELP

    (User support site)

  • Debian International

  • DebianWorld




  • EsDebian


  • Debian-BR


  • DebianUsers


  • MaximumDebian


  • IRC

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on

    Many of the Debian Planet staff live there so pop by and say hello.

    Wanna write?

    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you've written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.


    DP is sponsored exclusively by Xinit Systems and

    Who's Online

    There are currently, 30 guest(s) and 1 member(s) that are online.

    You are Anonymous user. You can register for free by clicking here.

    Debian in a closed server environment
    Contributed by shawarma on Wednesday, January 16 @ 12:34:59 GMT

    Package Management
    I'm to install a Debian server in our server environment. The server will be behind a firewall, so using an official Debian mirrors as an apt source is out of the question.

    We have two server environments: A test centre and a data centre. The test centre is supposed to be an exact replica of the data centre. We're supposed to install everything in the test centre and make sure that it's up and running before we send it on to the data centre. Therefore, when I install it in the data centre, I have to use the exact same packages as in the test centre. Can anyone give me any pointers on how to work this out? I'm sure I'm not the first one in this situation. Have you others set up an apt source of your own containing some very specific packages? Have you chosen to use the (old) stable Potato distribution? Do you use dpkg instead of apt (please, say "no")..

    Related Links

  • Comparison by Joey Hess
  • More about Package Management
  • News by DanielS

    Most read story about Package Management:
    What are the *real* .deb and .rpm differences

    Last news about Package Management:

    Printer Friendly Page  Send this Story to a Friend
  • "Debian in a closed server environment" | Login/Create Account | 14 comments

    The comments are owned by the poster. We aren't responsible for their content.

    Re: Debian in a closed server environment (Score: 1)
    by knoester on Wednesday, January 16 @ 13:07:47 GMT
    (User Info)

    I've just updated a Debian box which is behind a firewall-plus-http-proxy-server (squid). Just put an environment variable on the Debian box:

    export http_proxy=http://ip-number-of-squid:port

    and apt-get on your Debian box wil find its way out to the mirror.


    Piet Knoester

    [ Reply ]

    Re: Debian in a closed server environment (Score: 1)
    by shawarma on Wednesday, January 16 @ 13:29:07 GMT
    (User Info)

    I don't just want a connection to the world outside. The machine is simply not meant to have access to the internet! On top of that, I'm supposed to be able to personally guarantee some sort of stability, so I have to test everything first in the test centre.. So how do I make sure the same packages are used on both machines? My conclusion so far is to use apt on the machine in the test-centre (which is conected to the internet) and then move all the debs to the data centre and set up an apt source there..

    [ Reply ]

    Re: Debian in a closed server environment (Score: 2, Informative)
    by pgammans on Wednesday, January 16 @ 13:44:24 GMT
    (User Info)

    Could you start to mirror the apt sources you want to use.

    You can do this with apt-move, then you alway update yor data centre and test centre from this mirror.

    [ Reply ]

    Run your own apt-get server (Score: 1, Informative)
    by Anonymous on Wednesday, January 16 @ 14:48:35 GMT

    I am in a similar sitation. (Most) of my machines do have internet access (but not all!). However, we wanted to be able to use testing/unstable and keep reasonably up-to-date (hence not use "stable"), but also test for reasonable stability before rolling something into production. Furthermore, we wanted a non-moving target to build from day-to-day, or, more accurately, we wanted to be able to choose when, and how, to move the target, so that a machine built on Thursday would be the same as one built on Monday, irrespective of how woody and sid might have changed on the debian servers.

    The answer was simple, mirror debian's testing/unstable apt-get server locally, and build from the local server(s). We have 3 servers, one of which builds current production machines, one of which builds the next target "release" we'll upgrade to when we're comfortable, and one which mirrors the debian stuff each weekend, for cutting edge, but nevertheless controlled, testing.

    The mirrors must have internet access to do their updates (at least the "cutting edge" one does ... the others just copy from each other when the time comes, i.e. target copies to production, and cutting-edge to target, at the appropriate times), but none of the other machines need to. Instead, their respective /etc/apt/sources.list simply point to the local mirrors and update from there.

    This has given us all the advantages of debian (preserving configurations from upgrade-to-upgrade, saving man-months in work, ability to keep up-to-date with new package releases, etc.) without the disadvantages of running an unstable (i.e. at times unreliable) system. Indeed, with this appraoch we have typically had internal releases more stable than when we were using Red Hat, Suse, and Mandrake, and upgrading to official releases.

    Hope this helps!


    [ Reply ]

    Re: Debian in a closed server environment (Score: 1)
    by hexmode on Wednesday, January 16 @ 19:05:34 GMT
    (User Info)

    You should also look at FAI or Fully Automated Install.

    It will let you install multiple machines in a known state completely hands-off.

    [ Reply ]

    Re: Debian in a closed server environment (Score: 0)
    by Anonymous on Wednesday, January 16 @ 14:56:57 GMT

    what about RSYNC it is made for exactly that: a mirror.

    [ Reply ]

    Re: Debian in a closed server environment (Score: 0)
    by Anonymous on Wednesday, January 16 @ 17:16:03 GMT

    I find that adding the line:

    Acquire:http:Proxy {"http://server:port/"};

    to /etc/apt/apt.conf does exactly the same.


    [ Reply ]

    Apt-move can help (Score: 1, Informative)
    by Anonymous on Wednesday, January 16 @ 13:14:50 GMT

    I have just started experimenting with this myself.

    (Thanks to a post here;) I found that apt-move will take the packages from /var/cache/apt/archives and move them into a Debian package tree. Afterwards, it is simplicity itself to point a webserver at that tree and use it as a local archive. I don't think I found a web page explaining how to do this exactly, but that is probably because the documentation explained it all.

    One thing that caught me out, you have to generate a packages list on the server before you can start apt-getting.

    [ Reply ]

    Re: Apt-move can help (Score: 1)
    by shawarma on Wednesday, January 16 @ 13:30:09 GMT
    (User Info)

    Okay, that was what I was getting at as well. I just wanted to know if anyone had found *THE SOLUTION*(tm). Well, maybe this is it..

    [ Reply ]

    Re: Apt-move can help (Score: 0)
    by Anonymous on Wednesday, January 16 @ 13:58:03 GMT

    Actually, I don't understand your problem in the first place. Buy some stable CD-sets and use them for both the test and the production system. Upgrading packages boils down to security updates and point releases. I guess you can handle those by hand, if we are talking about two machines only. Just check the md5sums to make sure you got the same packages.


    [ Reply ]

    Re: Apt-move can help (Score: 0)
    by Anonymous on Wednesday, January 16 @ 14:14:43 GMT

    I think it is! Certainly it meets your requirements: No internet access for the datacentre machines. Control of what goes on. Ability for testing. Ability to add your own site specific packages.

    Iwould use three boxes. The only one connected to the internet would be the install server. Also in your test environment would be a pure test machine, setup exactly like the data centre. The third would of course be in the data centre.

    I would defintely use Stable. Which for a while yet looks like potato. If there are newer versions/packages you NEED then I would use the net connected box to compile potato versions of woody packages. ie, My net connected box would ONLY have stable sources for binaries, but would include testing/unstable sources for source.

    Now I have only done this at home, but I am helping push Linux at work, and I am trying to use this feature (as well as many others, of course!) to recommend Debian.


    [ Reply ]

    Re: Apt-move can help (Score: 0)
    by Anonymous on Saturday, January 19 @ 16:25:11 GMT

    or rsync-mirror:

    just look for 'debian rsync mirror script' on you'll find something

    [ Reply ]

    Re: Debian in a closed server environment (Score: 0)
    by Anonymous on Wednesday, January 16 @ 17:12:24 GMT

    Maybe, I did get this wrong here, so excuse me if this is not what you want. But why are you not buying a CD set? This way you can use the same packages in both environments.

    Using the right tools you can also propagate the package selection from machine A to machine B. This will ensure that both installations have the same packages installed and if they both install from the same source (i.e. CD set) the version is also the same.



    [ Reply ]

    Re: Debian in a closed server environment (Score: 2, Informative)
    by rob on Wednesday, January 16 @ 17:17:35 GMT
    (User Info)

    Might I recommend you look at using dpkg --get-selections and dpkg --set-selections for determining what packages are installed/what you want to be installed.

    Furthermore look at copying the debconf data in /var/lib/debconf as this will allow you to always have the same answers to questions. For deeper configuration cfengine might be helpful.


    [ Reply ]

    Based on: PHP-Nuke

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2000 by Debian Planet

    You can syndicate our news using the file backend.php.