YUM
使用官方源
====================================================================================
阿里镜像站的配置方法:
##epel 配置方法
###1、备份(如有配置其他epel源)
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
下载新repo 到/etc/yum.repos.d/
epel(RHEL 7)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
epel(RHEL 6)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
epel(RHEL 5)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-5.repo
Base/Extras/Updates: 默认(国内源)
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/{*.repo,backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo (aliyun)
yum makecache
EPEL:
yum -y install epel-release (国外源)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo (aliyun)
Nginx:
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
MySQL:
yum -y install https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
Zabbix:
# rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
openstack:
使用自建源
====================================================================================
Base源 [centos7光盘文件]
第三方软件源 [yum缓存]
综合案例:建立YUM服务器
1. 提供基础软件包Base
2. 提供update软件包
3. 提供其它软件包如nginx, zabbix, docker, hadoop, openstack
实现目标1:提供基础软件Base
[root@yangs ~]# yum -y install vsftpd
[root@yangs ~]# mkdir /var/ftp/{centos6u6,centos7u2}
[root@yangs ~]# systemctl start vsftpd
[root@yangs ~]# systemctl enable vsftpd
配置防火墙
[root@yangs ~]# firewall-cmd --permanent --add-service=ftp
[root@yangs ~]# firewall-cmd --reload
关闭SELinux
[root@yangs ~]# setenforce 0
[root@yangs ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
挂载centos镜像
[root@yangs ~]# mount -o loop /home/centos7u2.iso /var/ftp/centos7u2
[root@yangs ~]# echo “mount -o loop /home/centos7u2.iso /var/ftp/centos7u2” >> /etc/rc.local
[root@yangs ~]# chmod +x /etc/rc.d/rc.local
实现目标2: 提供其它软件包如nginx, zabbix
复制已缓存的Nginx 及依赖包 到自定义YUM仓库目录中:
[root@localhost ~]# mkdir /var/ftp/{nginx,zabbix}
YUM缓存:
1. 配置nginx及zabbix源
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
2. 启动yum缓存安装nginx
[root@yangs ~]# vim /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
debuglevel=2
[root@yangs ~]# yum clean all
[root@yangs ~]# yum -y install nginx
[root@yangs ~]# find /var/cache/yum/x86_64/7/ -iname "*.rpm" -exec cp -rf {} /var/ftp/nginx
3. 创建reopdata:
[root@yangs ~]# yum -y install createrepo
[root@yangs ~]# createrepo /var/ftp/nginx //如果加入新软件包,重新创建
[root@localhost ~]# ls /var/ftp/nginx/
nginx-1.8.1-1.el6.ngx.x86_64.rpm repodata
客户端使用YUM源:
[root@client ~]# vim /etc/yum.repos.d/centos7.repo //指向基础源
[centos7]
name=centos7
baseurl=ftp://x.x.x.x/centos7u2
gpgcheck=0
[root@client ~]# vim /etc/yum.repos.d/nginx.repo //指向nginx源
[nginx]
name=nginx
baseurl=ftp://x.x.x.x/nginx
gpgcheck=0
[root@client ~]# yum -y install nginx
1000台client使用自定义源:
1. Shell script
2. Saltstack, Asible, Puppet
YUM使用签名检查机制
rpm软件提供组织例如redhat在构建rpm包时,使用其private key对rpm进行签名
client在使用其rpm时,为了验证其合法性,可以使用redhat提供的public key进行签名检查
方法一: 事先导入公钥
[root@localhost ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
方法二: 指定公钥的位置
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
额外选项:
--nogpgcheck //不检查软件包的签名
本地源:例如使用安装光盘 [了解]
挂载安装光盘(临时):
[root@localhost ~]# mount /dev/cdrom /media
[root@localhost ~]# mount -o loop centos7u2.iso /media
[root@localhost ~]# vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=file:///media
gpgcheck=0
====================================================================================
使用YUM管理RPM包
====================================================================================
自动解决包的依赖关系
==检查目前可用的仓库
[root@localhost ~]# yum clean all //清空缓存及其它文件
[root@localhost ~]# yum makecache //重建缓存
[root@localhost ~]# yum repolist //查询可用的仓库
==安装
[root@localhost ~]# yum list mariadb-server //查询
[root@localhost ~]# yum install mariadb-server
[root@localhost ~]# yum -y install mariadb-server
[root@localhost ~]# yum -y install samba
[root@localhost ~]# yum -y install mysql* httpd vsftpd samba chrony
[root@localhost ~]# yum -y reinstall mariadb-server
[root@localhost ~]# yum -y update samba
[root@localhost ~]# yum -y update //升级所有软件包 [刚安装系统后]
==查询
[root@localhost ~]# yum list vsftpd mysql-server //查询单个软件包安装情况
[root@localhost ~]# yum grouplist //查询包组的包装情况
[root@localhost ~]# yum info vsftpd //查询包的信息
[root@localhost ~]# yum search chinese //查询包名和描述中带有chinese的包
[root@localhost ~]# vncviewer
bash: vncviewer: command not found
[root@localhost ~]# yum provides */vncviewer //查询指定的文件属于哪个包(该文件通常不存在于当前系统)
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel6/filelists_db | 3.7 MB 00:00
tigervnc-1.1.0-5.el6.x86_64 : A TigerVNC remote display system
Repo : rhel6
Matched from:
Filename : /usr/bin/vncviewer
[root@localhost ~]# yum -y install tigervnc-1.1.0-5.el6.x86_64
==卸载
[root@localhost ~]# yum -y remove mysql-server
[root@localhost ~]# yum -y groupremove mysql-server