Lenovo Linux YUM Repository

Lenovo Data Center Group YUM Repository Instructions


Quick Links:
Lenovo Linux YUM repository design
Confirming integrity and authenticity of repository Downloads - Public Key Download
Determining what devices are install on server
Configuring and updating server - using Lenovo's configration and update assistant



Lenovo Linux YUM Repository Design

Lenovo provides customers with easy and quick access to supported Linux Server Server drivers. Customers can depend on Lenovo to maintain this repository with all the qualified drivers with links to firmware and utilities qualified in conjunction with these drivers.

Primary Linux Bundle features

  • Partitioned mini-bundles for each Lenovo ThinkSystem/SystemX Server and Red Hat Enterprise Linux/SuSE Enterprise Linux distros
  • Supported out of box drivers for each supported devices on each server. In cases where Lenovo fully supports the driver provided within the Linux Distro image, InBox support is indicated.
  • Bundle portability. A single tgz file contains the entire bundle's file structure; enables customer to create a replicated copy of the bundle on a locally hosted file server or USB key.
  • GPG signature files to confirm file integrity and Lenovo Authenticity
  • JSON based metadata files that can be used by customers to further automate server updates or deployment image creation.

Bundle Structure

  • The bundle's root directory index html page provides a map to what Lenovo servers and Linux Distro versions are supported.
  • The bundle's root directory also provides a TGZed portable bundle version
  • Selecting a Linux distro within the table of supported Lenovo Servers/Linux versions displays a listing of that server's supported devices. Each device will include information/links to available drivers, required device firmware and suggested utilities. In situations where multiple drivers are required, please ensure ALL the drivers are installed to the operating system.


Confirming Integrity and Authenticity of Repository Downloads

Each download from this Repository provides a GPG signature file to confirm the download's integrity and Lenovo's Authenticity.

Procedure

  1. Obtain Open Source GnuPG tool. This tool is included on almost all Linux installations.
  2. Download and import the Lenovo Data Center Group Public key into the GPG checking workstation or server. Each download within a single repository bundle uses the same Public Key. Lenovo changes the Public Key on a yearly basis.
    1. The URL to download Public Side required to confirm the bundle's downloads is provided here.
      Authenticity Signature Public Key Download
      Securely Download Public Key here: https://download.lenovo.com/servers_pdf/LenovoDCG_publickey4096b2022-2025
      (suggest using web browser "Save Link As..." feature to Download key)

      Key fingerprint:pub   rsa4096 2022-08-25 [SC] [expires: 2025-08-24]       0026 1809 3EF3 205F 0C40  12EC FBE8 73B2 C37E 0DEC uid           [ultimate] dcgrepos (Lenovo Data Center Group Software Repository Public Key) <dcgrepos@lenovo.com> sub   rsa4096 2022-08-25 [E] [expires: 2025-08-24]
      pub   rsa4096 2022-08-25 [SC] [expires: 2025-08-24]
            0026 1809 3EF3 205F 0C40  12EC FBE8 73B2 C37E 0DEC
      uid           dcgrepos (Lenovo Data Center Group Software Repository Public Key) <dcgrepos@lenovo.com>
      sub   rsa4096 2022-08-25 [E] [expires: 2025-08-24]
    2. Import the Public Key into your workstation or server's key repository.
      > gpg --import public_key.txt
    3. Confirm Public Key fingerprint
      > gpg --list-keys --fingerprint
      The 40-digit hexadecimal number provided should exactly match fingerprint provided on Public Key download page noted above.
    4. Mark the key as verified
      > gpg --edit-key fingerprint of key
      gpg> trust
      Your decision? 5
      Do you really want to set this key to ultimate trust? (y/N) y
      gpg> quit
      >gpg --list-keys --fingerprint
      Key uid should now have [ultimate] prefix

  3. Verification of download
    1. Download bundle file
    2. Download bundle's Lenovo Authenticity Signature file
    3. Verify download
      >gpg --verify bundle_signature_file bundle_file
      The gpg tool replying with Good Signature indicates that tested file downloaded without error is authentictly provided by Lenovo.

Return to Instructions Quick Links



Determining what devices are install on server

Device Driver updates and deployment images customized to contain the correct set of out-of-drivers can result in reduced server maintenance down time and faster deployments. Properly identifying the server devices installed is an important step to optimizing the process.

The device bundle web pages provide PCIe Sub Vendor and Sub Device ID information. The information collected here can be compared to that information to determine the code supported.
Two methods to collect device inventory are outlined below

  1. Query the Lenovo Base Management Controller (BMC (IMM: System x platforms, XCC: ThinkServer platforms))
    This process assume networking and administrative access to the controller

    1. Using the BMC web interface
      Direct browser to BMC url/ip address, log in.

      XCC: Select Inventory (1), then PCI Quick Link (2)

      Select Specific PCI device (3) and retrieve Sub Vendor ID and Sub Device ID indentifers (4).

      IMM: Select Server Management, then Adapters.

      Select Specific PCI device.

      Retrieve SubSystem Device and SubSystem Device indentifers.

    2. Using the BMC CLI
      Use SSH client to start BMC CLI session, then use the "adapter" command to query device(s)

Return to Instructions Quick Links



Configuring and updating server - using Lenovo's configration and update assistant

Using bundled updates is Lenovo's preferred approach to ensure servers represent configurations tested and certified by Lenovo Product Assurance organization.

Procedure

Lenovo provides a tool (yum_bundle_install.sh) to assist in the configuration of the Red Hat's yum or SuSE's zypper tools. Download the tool here. The command line syntax is as follows:

# yum_bundle_install.sh         [-b --bundle <downloaded bundle tgz> |                                -u --uri <uri of your Lenovo repositiory>  |                                -l --lenovo <latest | release_date>]Options:                                                                                                    -k --keyfile            Public Keyfile (default: Keyfile stored in bundle)                          -a --allpackages        Installs all packages qualified for server vs                                                       just packages for devices installed on server         -y --assumeyes          Answers yes to yum/zypper install/update questions        -h --help               Show this screen        -V --version            Show version         -K --keepconfig         Keeps lenovo.repo config file.                                default for -u or -l install method         -d --deleteconfig       Delete lenovo.repo config file.                                default for -b install method                                  

Usage notes:

  • Required parameter - Bundle Source
    The requires the location of the update bundle. Three locations are allowed:

    1. -b or --bundle: provide tool the previously downloaded bundle (tgz file). Download available at the bottom of the bundle release's home page

    2. -u or --uri: provide tool the uri of the update bundle. Typically used when a local repication of the bundle is available on a local intranet file server
    3. -l or --lenovo: Uses Lenovo's host version of the bundle.

  • Optional parameters

    • -k or --keyfile: Specifies authenticity keyfile to used. Default is use keyfile embedded in the bundle. Higher level of authenticity is achieved by manually downloading and specificing keyfile from Lenovo.com

    • -a or --allpackages: By default, the tool queries the targeted system and installs/updates only drivers/utilties actually used by installed devices. This flag disables the device query and installs/updates all the packages tested on the targeted system

    • -y or --assumeyes: Assumes yes for all yum/zypper questions

    • -h or --help:

    • -K or --keepconfig: Keeps the yum/zypper conf file after the executation of the install/update. This makes available future updates from this bundle. This is the default when specifying a uri or lenovo.com for the target's source.

    • -d or --deleteconfig: Deletes the yum/zypper conf file after the executation of the install/update.

    Return to Instructions Quick Links







Lenovo Data Center Group Linux Server OS Support Home Page
https://linux.lenovo.com