linux软件管理之yum管理rpm包

YUM

使用官方源

====================================================================================
http://mirrors.aliyun.com/

Base/Extras/Updates: 默认(国外源)
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/{*.repo,backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo (aliyun)
yum makecache

EPEL:
yum -y install epel-release (国外源)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo (aliyun)

Nginx:
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

MySQL:
yum -y install https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm


Zabbix:
# rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm

openstack:

使用自建源

====================================================================================
Base源 [centos7光盘文件]
第三方软件源 [yum缓存]

综合案例：建立YUM服务器

1. 提供基础软件包Base
2. 提供update软件包
3. 提供其它软件包如nginx, zabbix, docker, hadoop, openstack

实现目标1：提供基础软件Base

[root@yangs ~]# yum -y install vsftpd
[root@yangs ~]# mkdir /var/ftp/{centos6u6,centos7u2}
[root@yangs ~]# systemctl start vsftpd
[root@yangs ~]# systemctl enable vsftpd

配置防火墙
[root@yangs ~]# firewall-cmd --permanent --add-service=ftp
[root@yangs ~]# firewall-cmd --reload

关闭SELinux
[root@yangs ~]# setenforce 0
[root@yangs ~]# vim /etc/sysconfig/selinux
SELINUX=disabled

挂载centos镜像
[root@yangs ~]# mount -o loop /home/centos7u2.iso /var/ftp/centos7u2
[root@yangs ~]# echo “mount -o loop /home/centos7u2.iso /var/ftp/centos7u2” >> /etc/rc.local
[root@yangs ~]# chmod +x /etc/rc.d/rc.local

实现目标2: 提供其它软件包如nginx, zabbix

复制已缓存的Nginx 及依赖包 到自定义YUM仓库目录中：
[root@localhost ~]# mkdir /var/ftp/{nginx,zabbix}

YUM缓存：
1. 配置nginx及zabbix源
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

2. 启动yum缓存安装nginx
[root@yangs ~]# vim /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
debuglevel=2

[root@yangs ~]# yum clean all
[root@yangs ~]# yum -y install nginx
[root@yangs ~]# find /var/cache/yum/x86_64/7/ -iname "*.rpm" -exec cp -rf {} /var/ftp/nginx

3. 创建reopdata：
[root@yangs ~]# yum -y install createrepo
[root@yangs ~]# createrepo /var/ftp/nginx //如果加入新软件包，重新创建
[root@localhost ~]# ls /var/ftp/nginx/
nginx-1.8.1-1.el6.ngx.x86_64.rpm repodata

客户端使用YUM源：

[root@client ~]# vim /etc/yum.repos.d/centos7.repo //指向基础源
[centos7]
name=centos7
baseurl=ftp://x.x.x.x/centos7u2
gpgcheck=0

[root@client ~]# vim /etc/yum.repos.d/nginx.repo //指向nginx源
[nginx]
name=nginx
baseurl=ftp://x.x.x.x/nginx
gpgcheck=0

[root@client ~]# yum -y install nginx

1000台client使用自定义源：
1. Shell script
2. Saltstack, Asible, Puppet


YUM使用签名检查机制
rpm软件提供组织例如redhat在构建rpm包时，使用其private key对rpm进行签名
client在使用其rpm时，为了验证其合法性，可以使用redhat提供的public key进行签名检查

方法一： 事先导入公钥
[root@localhost ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1

方法二： 指定公钥的位置
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

额外选项：
--nogpgcheck //不检查软件包的签名

本地源：例如使用安装光盘 [了解]

挂载安装光盘（临时）：
[root@localhost ~]# mount /dev/cdrom /media
[root@localhost ~]# mount -o loop centos7u2.iso /media
[root@localhost ~]# vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=file:///media
gpgcheck=0
====================================================================================

使用YUM管理RPM包

====================================================================================
自动解决包的依赖关系


==检查目前可用的仓库
[root@localhost ~]# yum clean all //清空缓存及其它文件
[root@localhost ~]# yum makecache //重建缓存
[root@localhost ~]# yum repolist //查询可用的仓库

==安装
[root@localhost ~]# yum list mariadb-server //查询
[root@localhost ~]# yum install mariadb-server
[root@localhost ~]# yum -y install mariadb-server
[root@localhost ~]# yum -y install samba
[root@localhost ~]# yum -y install mysql* httpd vsftpd samba chrony
[root@localhost ~]# yum -y reinstall mariadb-server
[root@localhost ~]# yum -y update samba
[root@localhost ~]# yum -y update //升级所有软件包 [刚安装系统后]

==查询
[root@localhost ~]# yum list vsftpd mysql-server //查询单个软件包安装情况
[root@localhost ~]# yum grouplist //查询包组的包装情况
[root@localhost ~]# yum info vsftpd //查询包的信息
[root@localhost ~]# yum search chinese //查询包名和描述中带有chinese的包

[root@localhost ~]# vncviewer
bash: vncviewer: command not found
[root@localhost ~]# yum provides */vncviewer //查询指定的文件属于哪个包（该文件通常不存在于当前系统）
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel6/filelists_db | 3.7 MB 00:00
tigervnc-1.1.0-5.el6.x86_64 : A TigerVNC remote display system
Repo : rhel6
Matched from:
Filename : /usr/bin/vncviewer

[root@localhost ~]# yum -y install tigervnc-1.1.0-5.el6.x86_64


==卸载
[root@localhost ~]# yum -y remove mysql-server
[root@localhost ~]# yum -y groupremove mysql-server