背景
在工作中,企业或单位内部生产服务器出于安全性考虑往往是不能直接连接到互联网,对于服务器软件的安装和更新是一件很麻烦的事情,当使用rpm安装包离线安装一些软件的时候,经常会出现缺少依赖因而不能顺利完成安装的情况,此时通用的做法是在内部搭建本地yum源服务器,该服务器定时同步互联网上的资源,然后通过http或者https让内部其他服务器访问,即让内部服务器将yum源服务器作为安装更新yum。
YUM 常用命令参数:
yum makecache #构建缓存
yum check-update #列出所有可更新的软件清单命令
yum list all #列出所有已安装及可安装的软件包
yum provides ifconfig #列出ifconfig命令是那个软件包提供的
yum grouplist #查询可以用安装的组
yum update #内核升级或者更新所有软件(*谨慎使用*)
yum update nginx #仅更新指定的nginx软件包
yum -y install nginx #安装nginx软件包
yum search nginx #YUM搜索nginx软件包
yum list httpd #显示指定程序包安装情况nginx
yum remove httpd #删除程序包nginx
yum erase httpd #删除程序包httpd
yum update httpd #升级httpd 服务
yum clean all #清除缓存目录下的软件包及旧的 headers
基于ISO系统镜像包来构建本地YUM源
1、添加YUM源配置文件
mkdir -p /etc/yum.repos.d //如无此路径则创建
vi /etc/yum.repos.d/iso.repo //如无此文件则创建
//配置文件如下
[ios]
name=iso
baseurl=file:///mnt
enabled=1
gpgcheck=0
gpgkey=file:///mnt/RPM-GPG-KEY-CentOS-7 #指定挂载目录下的GPG-KEY文件验证
完成后保存,查询回显如下
cat /etc/yum.repos.d/iso.repo
2、挂载光盘步骤(如果没有该路径,自行创建)
[root@centos ~]# mount /dev/cdrom /mnt/ #挂载光盘
mount: /dev/sr0 is write-protected, mounting read-only
[root@centos ~]# df -h #查看挂载情况
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 20G 1.6G 18G 8% /
devtmpfs 901M 0 901M 0% /dev
tmpfs 912M 9.0M 903M 1% /run
tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda2 197M 121M 77M 62% /boot
tmpfs 183M 0 183M 0% /run/user/0
dev/sr0 4.3G 4.3G 0 100% /mnt #挂载的ISO系统镜像包
3、开启开机自启动挂载
方式一:vim /etc/fstab
方式二:vim /etc/rc.local
添加内容:/dev/cdrom /mnt iso9660 defaults 0 0
[root@centos ~]# cat /etc/fstab |grep iso9660 #在/etc/fstab文件中添加
/dev/cdrom /mnt iso9660 defaults 0 0
添加内容:/dev/cdrom /mnt
[root@centos ~]# cat /etc/rc.local |grep /mnt #在/etc/rc.local文件中添加
/dev/cdrom /mnt
基于RPM包来构建本地Yum源
- httpd:使用http协议来搭建本地Yum源
- createrepo:用于生成yum源各软件之间的依赖索引
- yum-utils:安装后可使用 yumdownloader、reposync等命令下载所需软件包
1、下载网络Yum源中的RPM软件包
[root@centos ~]# yum -y install httpd yum-utils createrepo #安装几个必须要的软件包
[root@centos ~]# mkdir /var/www/html/centos6/ #创建RPM软件包下载存放目录
[root@centos ~]# ls /var/www/html/
centos6
[root@centos ~]# ss -antulp | grep :80 #查看httpd服务运行情况(Yum源通过http服务来搭建,需要启动httpd服务)
tcp LISTEN 0 128 :::80 :::* users:(("httpd",1952,6),("httpd",4551,6),("httpd",4552,6),("httpd",4553,6),("httpd",4554,6),("httpd",4555,6),("httpd",4556,6),("httpd",4557,6),("httpd",4558,6))
[root@centos ~]# yum repolist #查看网络Yum源情况(自行配置想要下载的网络Yum源)
Loading mirror speeds from cached hostfile
仓库标识 仓库名称 状态
extras Qcloud centos extras - x86_64 47
os Qcloud centos os - x86_64 6,713
updates Qcloud centos updates - x86_64 1,169
repolist: 7,929
[root@centos ~]# reposync -r extras -p /var/www/html/centos6/ #根据网络Yum源的仓库标识,下载Yum源中的所有RPM软件包到文件夹
[extras: 1 of 47 ] Downloading Packages/bakefile-0.2.8-3.el6.centos.x86_64.rpm
bakefile-0.2.8-3.el6.centos.x86_64.rpm | 250 kB 00:00
[extras: 2 of 47 ] Downloading Packages/centos-release-azure-1.0-2.el6.centos.noarch.rpm
centos-release-azure-1.0-2.el6.centos.noarch.rpm | 4.0 kB 00:00
[extras: 3 of 47 ] Downloading Packages/centos-release-cr-6-0.el6.centos.x86_64.rpm
centos-release-cr-6-0.el6.centos.x86_64.rpm | 3.9 kB 00:00
[extras: 4 of 47 ] Downloading Packages/centos-release-gluster-legacy-3.10-1.el6.centos.noarch.rpm
centos-release-gluster-legacy-3.10-1.el6.centos.noarch.rpm | 4.6 kB 00:00
[extras: 5 of 47 ] Downloading Packages/centos-release-gluster-legacy-4.0-1.el6.centos.noarch.rpm
centos-release-gluster-legacy-4.0-1.el6.centos.noarch.rpm | 4.9 kB 00:00
[extras: 6 of 47 ] Downloading Packages/centos-release-gluster-legacy-4.0-3.el6.centos.noarch.rpm
centos-release-gluster-legacy-4.0-3.el6.centos.noarch.rpm | 5.1 kB 00:00
...
...
[root@vos7 ~]# reposync -r updates -p /var/www/html/centos6/ #下载网络Yum源仓库标识updates中所有的RPM软件包
[updates: 1 of 1169 ] Downloading Packages/389-ds-base-1.2.11.15-97.el6_10.x86_64.rpm
389-ds-base-1.2.11.15-97.el6_10.x86_64.rpm | 1.5 MB 00:00
[updates: 2 of 1169 ] Downloading Packages/389-ds-base-devel-1.2.11.15-97.el6_10.i686.rpm
389-ds-base-devel-1.2.11.15-97.el6_10.i686.rpm | 148 kB 00:00
[updates: 3 of 1169 ] Downloading Packages/389-ds-base-devel-1.2.11.15-97.el6_10.x86_64.rpm
389-ds-base-devel-1.2.11.15-97.el6_10.x86_64.rpm | 148 kB 00:00
[updates: 4 of 1169 ] Downloading Packages/389-ds-base-libs-1.2.11.15-97.el6_10.i686.rpm
389-ds-base-libs-1.2.11.15-97.el6_10.i686.rpm | 450 kB 00:00
[updates: 5 of 1169 ] Downloading Packages/389-ds-base-libs-1.2.11.15-97.el6_10.x86_64.rpm
389-ds-base-libs-1.2.11.15-97.el6_10.x86_64.rpm | 446 kB 00:00
[updates: 6 of 1169 ] Downloading Packages/adcli-0.8.1-3.el6_10.x86_64.rpm
adcli-0.8.1-3.el6_10.x86_64.rpm | 100 kB 00:00
[updates: 7 of 1169 ] Downloading Packages/autofs-5.0.5-140.el6_10.1.x86_64.rpm
autofs-5.0.5-140.el6_10.1.x86_64.rpm | 730 kB 00:00
[updates: 8 of 1169 ] Downloading Packages/autofs-5.0.5-140.el6_10.x86_64.rpm
autofs-5.0.5-140.el6_10.x86_64.rpm | 730 kB 00:00
...
...
2、生成Yum源repodata索引依赖
[root@centos ~]# ll /var/www/html/centos6/ #查看从网络Yum源下载的所有RPM包(会根据仓库标识下载到相关的文件夹)
drwxr-xr-x 3 root root 4096 10月 31 14:28 extras
drwxr-xr-x 3 root root 4096 10月 31 14:28 os
drwxr-xr-x 3 root root 4096 10月 31 13:14 updates
[root@centos ~]# createrepo /var/www/html/centos6/extras/ #生成extras仓库的repodata索引依赖
Spawning worker 0 with 47 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@centos ~]# createrepo /var/www/html/centos6/os/ #生成os仓库的repodata索引依赖
Spawning worker 0 with 6713 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@centos ~]# createrepo /var/www/html/centos6/updates ##生成updates仓库的repodata索引依赖
Spawning worker 0 with 1169 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
3、在Packages同级目录中可以看到生成的repodata索引目录
[root@centos ~]# ll /var/www/html/centos6/extras/
drwxr-xr-x 2 root root 4096 10月 31 14:28 Packages
drwxr-xr-x 2 root root 4096 10月 31 17:02 repodata
[root@centos ~]# ll /var/www/html/centos6/os/
drwxr-xr-x 2 root root 491520 10月 31 14:59 Packages
drwxr-xr-x 2 root root 4096 10月 31 17:04 repodata
[root@centos ~]# ll /var/www/html/centos6/updates/
drwxr-xr-x 2 root root 102400 10月 31 13:41 Packages
drwxr-xr-x 2 root root 4096 10月 31 17:11 repodata
[root@centos ~]# ll /var/www/html/centos6/extras/repodata/
-rw-r--r-- 1 root root 15328 10月 31 17:02 1ed5ff978f03e8fcf39583179c7f9985dd8750070c91bbe7d1352352ccdd59ee-other.sqlite.bz2
-rw-r--r-- 1 root root 31139 10月 31 17:02 6da60a601f4110345fe68378f9d645de44fd0c15c69920d12158edb117ce6dca-primary.sqlite.bz2
-rw-r--r-- 1 root root 19175 10月 31 17:02 858ad62599b6ab53cec5925757610c9b0c27f9f945e10d83f73649907222b304-filelists.xml.gz
-rw-r--r-- 1 root root 15164 10月 31 17:02 a6e80104250eaf5059025683e2e1a20cfdc5be28ca826f777b5565133c6097e5-primary.xml.gz
-rw-r--r-- 1 root root 26118 10月 31 17:02 ae6f61c5aea047a4dca9ea8a04f9b1cac9a74c93fc97f1691fe109c8d0d07f26-filelists.sqlite.bz2
-rw-r--r-- 1 root root 9129 10月 31 17:02 dd8378435f46ef4730b55355947f224f69d1a16184ddbb4f3cf9aa6f2f459bfc-other.xml.gz
-rw-r--r-- 1 root root 2993 10月 31 17:02 repomd.xml
4、备份原Yum源配置文件,创建新Yum源配置文件
[root@centos ~]# vi /root/centos6.repo
[extras] #yum源的ID,本地唯一,用于区分不同yum源
name=extras #描述信息
baseurl=http://192.168.1.36/centos6/extras #前面的http://是协议,后面的/centos6/extras是yum源包路径
gpgcheck=0 #值为1表示用公钥验证rpm包的正确性,值为0表示不验证
enabled=1 #值为1表示启用yum源,值为0表示禁用yum源
[os]
name=extras
baseurl=http://192.168.1.36/centos6/os
gpgcheck=0
enabled=1
[updates]
name=uodates
baseurl=http://192.168.1.36/centos6/updates
gpgcheck=0
enabled=1
5、测试验证自建的本地Yum源
[root@centos ~]# yum clean all
Cleaning repos: extras os updates
清理一切
Cleaning up list of fastest mirrors
[root@centos ~]# yum makecache
Determining fastest mirrors
extras | 2.9 kB 00:00
extras/filelists_db | 26 kB 00:00
extras/primary_db | 30 kB 00:00
extras/other_db | 15 kB 00:00
os | 2.9 kB 00:00
os/filelists_db | 6.4 MB 00:00
os/primary_db | 4.7 MB 00:00
os/other_db | 2.8 MB 00:00
updates | 3.0 kB 00:00
updates/filelists_db | 12 MB 00:00
updates/primary_db | 14 MB 00:00
updates/other_db | 697 kB 00:00
元数据缓存已建立
[root@centos ~]# yum repolist
Loading mirror speeds from cached hostfile
仓库标识 仓库名称 状态
extras extras 47
os extras 6,713
updates uodates 1,169
repolist: 7,929
可以看到我们基于RPM包来构建的本地Yum源已经完成了。
DMZ区搭建yum源服务器,并定时同步互联网上的资源
1、 安装Nginx软件及相关必要依赖环境
安装编译所必须的软件
yum -y install gcc automake autoconf libtool make gcc-c++
安装PCRE库
cd /usr/local/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz
tar -zxvf pcre-8.37.tar.gz
cd pcre-8.34
./configure
make
make install
安装zlib库
cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make
make install
安装Nginx
cd /usr/local/src
wget http://nginx.org/download/nginx-1.12.2.tar.gz
cd nginx-1.12.2
yum -y install openssl openssl-devel
./configure --with-http_stub_status_module --with-http_ssl_module
2、 修改nginx配置文件
user root;
worker_processes 2;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 20m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
#gzip on;
server {
listen 443 ssl;
server_name repo.example.com;
ssl on;
ssl_certificate cert/789615.pem;
ssl_certificate_key cert/789615.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /opt/repo;
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
3、 创建本地源目录
创建存放同步源的目录(以CentOS7为例)
mkdir -p /opt/repo/centos/7/os/x86_64/
mkdir -p /opt/repo/centos/7/extras/x86_64/
mkdir -p /opt/repo/centos/7/updates/x86_64/
mkdir -p /opt/repo/epel/7/x86_64/
4、 同步源文件
使用rsync工具同步互联网上的源文件
rsync -av rsync://mirrors.ustc.edu.cn/centos/7/os/x86_64/ /opt/repo/centos/7/os/x86_64/
rsync -av rsync://mirrors.ustc.edu.cn/centos/7/extras/x86_64/ /opt/repo/centos/7/extras/x86_64/
rsync -av rsync://mirrors.ustc.edu.cn/centos/7/updates/x86_64/ /opt/repo/centos/7/updates/x86_64/
rsync -av --exclude=debug rsync://mirrors.ustc.edu.cn/epel/7/x86_64/ /opt/repo/epel/7/x86_64/
5、创建repo文件
[base]
name=CentOS-$releasever - Base
baseurl=https://repo.example.com/centos/$releasever/os/$basearch/
enable=1
gpgcheck=0
[updates]
name=CentOS-$releasever - Updates
baseurl=https://repo.example.com/centos/$releasever/updates/$basearch/
enable=1
gpgcheck=0
[extras]
name=CentOS-$releasever - Extras
baseurl=https://repo.example.com/centos/$releasever/extras/$basearch/
enable=1
gpgcheck=0
[epel]
name=epel-$releasever
baseurl=https://repo.example.com/epel/$releasever/$basearch/
enable=1
gpgcheck=0
至此,本地yum源服务器搭建完成,内网中的其他服务器可以通过这台本地yum源服务器来安装部署和更新软件了,在考虑安全的前提下,极大地提升了我们的工作效率。
