Centos 7 update repository

You may need your own repository if you use a secure network segment, want to reduce package download time, use your own builds for installation packages. Installation and configuration will be done from the command line.

Time to read

Cheat sheet for working with the Yum (Yellowdog Updater, Modified) package manager, which is used in popular Linux distributions: RedHat, CentOS, Scientific Linux (and others). To save space, command output is not shown.

Inexpensive website hosting

Only a small number of base packages are available in the standard (official) RHEL/CentOS repositories, and they sometimes offer not the latest versions of programs. However, you can use third-party public or private repositories to install new software versions on Red Hat Enterprise Linux, CentOS, Oracle Linux, and Scientific Linux. The most common third-party repositories include Remi and EPEL. In this article, we will look at the features of connecting, managing and using additional repositories using the YUM package manager in CentOS 7.

The repository is an updatable repository of Linux rpm packages. Various package managers can use network repositories to install and update programs.

Connecting EPEL and Remi repositories to CentOS

When installing the operating system (CentOS 7 in our example), the base repositories are installed by default. You can view their list with the following command:

As you can see in the screenshot, 3 repositories are installed in the system — base, extras, updates.

These main repositories are enough to get you started on installing the base software and installing additional repositories.

Let’s see how to add additional repositories to CentOS.

Perhaps the most popular repository at the moment is EPEL.

EPEL (Extra Packages for Enterprise Linux) is an open source and free repository project provided by the Fedora team. It contains high quality additional software packages for Linux distributions. This repository hosts a huge number of packages ranging from ftp servers to php and system monitoring utilities. This is the most popular additional repository. It is important to note that EPEL packages do not conflict with or replace native CentOS/RHEL packages.

The EPEL repository on CentOS 7 is very easy to install (unlike CentOS 6) via the RPM package (this is the easiest way to add the repository):

yum install epel-release

After installation, this repository is displayed in the list, even without additional manipulations (clearing the yum cache is not required).

To connect the Remi repository, run the command:

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

Remi is another popular repository for CentOS. Contains the latest versions of php, as well as mysql. Was created by a man named Remi Collet. To use this repository, Epel must be installed on the system. Please note that there may be conflicts between packages from this repository and packages from the base repositories.

If there is no RPM package for the desired repository, you can add it by manually creating a config .repo file in the /etc/yum.repos.d directory (see the next section).

To understand from which repositories specific packages are installed on your system, you can display the full list of packages:

yum list installed

As you can see, for each package it is indicated from which repository it is installed (on the screenshot there are base, update, epel and anaconda repositories).

You can list the packages available for installation in a particular repository:

yum repo-pkgs epel list

Configuration files of repositories (*.repo)

All repository configuration files are located in the /etc/yum.repos.d/ directory. In the *.repo configuration file. A typical repository configuration file contains the following parameters:

At a minimum, a repo file might look like this:

For example, after connecting the REMII repository, several Remi configuration files (remi-*.repo) will appear in the repository directory.

As you can see, Remi has a separate config file for each version of php. You need to enable the version you need in the configuration file, for example, my server will have php 7.3 version, for this I included this particular repository (in the remi-php73.repo file I specified enabled=1):

You can enable the repository manually by creating a repository configuration file in the /etc/yum.repos.d/ directory. Let’s connect the MaruaDB repository.

Let’s add data to it, which is provided to us by the developer of the MariaDB package:

How to disable repository in CentOS?

To disable one of the connected repositories, it is enough to specify enabled=0 in its configuration file.

After that, you need to reset the cache in yum:

yum clean all

And recreate it again:

Now, when installing or updating packages, the remi-php73 repository will not be used.

If you want a particular repository not to be used only by the current package update/install command, you can disable the repository as part of the yum query, for example:

yum update —disablerepo=epel

In this example, we disabled the EPEL repository and performed a package update on the system.

You can temporarily disable all but certain repositories. For example, to install updates only for packages from the MariaDB repository:

yum update —disablerepo «*» —enablerepo=mariadb

To remove repositories, use the yum-config-manager utility, which is included in the yum-utils suite.

yum -y install yum-utils

Delete the repository, for example remi:

yum-config-manager —disable remi

To completely remove a repository, you need to delete its configuration files and update the yum cache.

Check for updates in the desired repository

We can check if there are package updates in the required repository, modify the command from the previous paragraph a bit:

yum check-update —disablerepo «*» —enablerepo=mariadb

This way you can manage the connected repositories on the server. Note that different repositories may contain the same packages, and you may have version conflicts when upgrading. Therefore, always leave enabled only those repositories that you work with.

Other popular package repositories for CentOS

MariaDB — as you might guess from the name, this is a repository that contains MariaDB packages. The repository was created by the MariaDB developers, maintained and updated constantly.

To install this repository into the system, you need to create a repo file for it with the contents:

Nginx — similar to the previous repository, it contains packages related to the nginx httpd server.

And connecting this repository is similar to connecting the MariaDB repository. Create a .repo file and put this information there:

This list of repositories is enough to set up the so-called LAMP, with nginx installed as a front-end server.

Perhaps this list of repositories is enough for almost every user, I will give a couple more examples of more or less popular ones.

Webtatic — this repository is maintained by a limited number of people, mostly Andy Thompson, it contains packages related to php, but less popular than Remi, and I can guess why. At the time of writing, the latest version of php in this repository is 7.2.

mod_php71w.x86_64 7.1.31-1.w7 webtatic
mod_php72w.x86_64 7.2.21-1.w7 webtatic
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~
php72w-tidy.x86_64 7.2.21-1.w7 webtatic
php72w-xml.x86_64 7.2.21-1.w7 webtatic
php72w-xmlrpc.x86_64 7.2.21-1.w7 webtatic

To enable this repository, you need to install the rpm package:

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

MySQL — well, perhaps I will remind you of mysql. This repository was not installed along with the popular ones, since in my opinion mysql as a database server has faded into the background and MariaDB is mainly installed on the server. N O If someone wants to install exactly mysql (for example, Bitrix needs mysql), you can connect this repository yourself. For example, if you want to connect mysql 5.7:

And install it:

rpm -Uvh mysql57-community-release-el7-9.noarch.rpm

After installation, I was able to install mysql:

In this article, we showed the features of managing repositories in CentOS and reviewed useful repositories.

In this article, we will look at the Yum package manager, which allows you to manage the installation, removal and updating of programs (. RPM packages), automatically resolve dependencies, manage additional repositories. This article about Yum should primarily be of interest as a cheat sheet for beginning Linux administrators.

Yum (Yellowdog Updater Modified) is a command-line package manager for Linux distributions based on RPM packages. ( RedHat Package Manager) This includes such popular operating systems as RedHat, CentOS, Fedora, Oracle Linux, Scientific Linux.

Install, update and remove packages

Where to start? Perhaps, as in any other cases, we start with a reference:

yum help — complete help for the yum package manager

Having opened it, I will highlight the main commands:

yum clean all — clear the cache of all packages (usually used when there are problems with yum).
yum makecache — recreate the package cache again.
yum repolist — display a list of connected repositories, the output looks like this:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.fasthost.ru
* extras: mirror.fasthost.ru
* updates: mirror.fasthost.ru
repo id repo name status
base/7/x86_64 CentOS-7 — Base 10.019
extras/7/x86_64 CentOS-7 — Extras 435
updates/7/x86_64 CentOS-7 — Updates 2,500
repolist: 12,954

I have only standard CentOS-7 repositories installed in my system: Base, Extras and Updates.

yum list available — list all available packages for installation.

yum list installed – list of all packages that are installed on the system.

yum list kernel — list packages related to the Linux kernel.

You can check if a certain package is installed on your system, for example, apache:

yum list installed httpd

yum info mariadb

To install a package, use the yum install command. To install the apache web server run:

yum install httpd

If you get the Traceback (most recent call last):thread.error: can’t start new thread error when you run yum commands, you probably don’t have enough RAM. Try adding more RAM or disable yum plugins (put plugins=0 in /etc/yum.conf).

Before installing a package, you can check it for dependencies and required packages using the command:

yum deplist httpd

If you want to install a package but forgot its full name, you can use the wildcard character *. For example:

yum install epel-*

If you enter simply:

No package epel available.
Error: Nothing to do

Alas, the package is not visible.

Yum allows you to install multiple packages at once:

yum install httpd php wget rsyslog

yum reinstall proftpd

To remove an installed package with yum use the remove option:

yum remove httpd

But before removing any package, it is recommended to first check it for dependencies (there are packages, the removal of which entails the removal of many other packages, which, as a result, leads to the inoperability of the system):

yum deplist proftpd

Find a package by name or description

yum search nginx

With the provides option, you can find packages that contained a specific file, for example:

yum provides */squid.conf

You can update all installed packages using the command:

You can only update a specific package by specifying its name:

yum update php

You can check if there are available updates for the system with the command:

Get information about available security updates:

yum updateinfo list security

There are times when after updating a package or service, problems arise. For example, after updating php, your site stopped working. You can revert a package to a previous version by rolling back an installed package using yum:

yum downgrade perl

I also wanted to draw your attention to the group installation of packages through grouplist. The repository has predefined groups of packages with different sets of programs. You can list available groups:

Let’s consider the example of the group sheet «Basic Web Server». Get information about a group and packages in it:

yum groupinfo «Basic Web Server»

When checking, we see that a set of packages and services will be installed for the web server.

As you can see, this list contains packages that will be useful for monitoring and debugging.

You can set a group list with the command:

Installed packages will be in a separate block «Installed Groups»:

History and logs of installing/removing packages

You can display information about the installation history of yum packages (list of transactions) with the command:

yum history list

The output consists of 5 columns, the first one displays the transaction ID by which you can see all the information (installed packages, dependencies):

yum history info 10

Moreover, you can cancel this transaction with the command:

yum history undo 10

In my case, 4 packages would be deleted:

You can also see all the information about the history of installing / removing packages by the yum manager in the /var/log/yum.log log:
cat /var/log/yum.log

Sep 03 11:06:38 Installed: mpfr-3.1.1-4.el7.x86_64
Sep 03 11:06:38 Installed: libmpc-1.0.1-3.el7.x86_64
Sep 03 11:06:38 Installed: libquadmath-4.8.5-36.el7_6.2.x86_64
Sep 03 11:06:38 Installed: apr-1.4.8-3.el7_4.1.x86_64
Sep 03 11:06:38 Installed: m4-1.4.16-10.el7.x86_64
Sep 03 11:06:38 Installed: apr-util-1.5.2-6.el7.x86_64
Sep 03 11:06:38 Installed: unzip-6.0-19.el7.x86_64
Sep 03 11:06:38 Installed: patch-2.7.1-10.el7_5.x86_64
Sep 03 11:06:38 Installed: 1:perl-Error-0.17020-2.el7.noarch
Sep 03 11:06:38 Installed: boost-system-1.53.0-27.el7.x86_64
Sep 03 11:06:38 Installed: perl-Thread-Queue-3.02-2.el7.noarch
Sep 03 11:06:38 Installed: avahi-libs-0.6.31-19.el7.x86_64
Sep 03 11:06:38 Installed: zip-3.0-11.el7.x86_64
Sep 03 11:06:38 Installed: boost-thread-1.53.0-27.el7.x86_64
Sep 03 11:06:38 Installed: libgfortran-4.8.5-36.el7_6.2.x86_64
Sep 03 11:06:39 Installed: cpp-4.8.5-36.el7_6.2.x86_64

Additional useful yum options

The yum utility has several useful options that you often come to use when managing packages. In order to take no action when installing or removing packages after entering the command, you can use the -y option, for example:

yum update -y yum install httpd -y

To answer no when prompted, you must specify an option:

Use yum without plugins or disable a specific plugin:

Enable disabled plugin:

Enable disabled repository:

yum update —enablerepo=atomic

Disable a specific repository:

yum update —disablerepo=atomic

Configuration file /etc/yum. conf

The yum configuration file is /etc/yum.conf.

Main parameters of the configuration file:

cachedir – local package cache (by default /var/cache/yum)

logfile — path to the file with yum logs

obsoletes — update or not, obsolete packages (1-yes, 0-no)

gpgcheck — check package signature before installation (1-yes,0-no)

keepcache — cache storage (1-yes, 0-no)

cachedir — cache storage directory (by default /var/cache/yum)

debuglevel – debug level from 1 to 10

plugins — enable yum plugins (1-yes,0-no)

bugtracker_url – link to which yum errors will be registered

installonly_limit — the maximum number of versions that can be installed for one package.

Useful yum plugins

What are yum plugins for? As elsewhere, they make our work easier.

Some popular plugins and their description:

yum-plugin-fastestmirror is a plugin used to measure the speed of mirrors and provide the fastest way to install packages.

yum-plugin-security is a plugin that provides a list of updates related to system security only.

yum-plugin-keys — allows you to work with keys keys, keys-info, keys-data, keys-remove

Directory where all plugins are stored /etc/yum/

yum-plugin-versionlock – allows you to block updates to specified packages

To list available yum plugins, run:

yum search yum-plugin

============================================ ======================== N/S matched: yum-plugin ================= ================================================= ====
PackageKit-yum-plugin.x86_64 : Tell PackageKit to check for updates when yum exits
fusioninventory-agent-yum-plugin.noarch : Ask FusionInventory agent to send an inventory when yum exits
kabi-yum-plugins.noarch : The CentOS Linux kernel ABI yum plugin
yum-plugin-aliases.noarch : Yum plugin to enable aliases filters
yum-plugin-auto-update-debug-info.noarch : Yum plugin to enable automatic updates to installed debuginfo packages
yum-plugin-changelog.noarch : Yum plugin for viewing package changelogs before/after updating
yum-plugin-copr.noarch : Yum plugin to add copr command
yum-plugin-fastestmirror.noarch : Yum plugin which chooses fastest repository from a mirrorlist
yum-plugin-filter-data.noarch : Yum plugin to list filter based on package data
yum-plugin-fs-snapshot.noarch : Yum plugin to automatically snapshot your filesystems during updates
yum-plugin-keys.noarch : Yum plugin to deal with signing keys
yum-plugin-list-data.noarch : Yum plugin to list aggregate package data
yum-plugin-local.noarch : Yum plugin to automatically manage a local repo. of downloaded packages
yum-plugin-merge-conf.noarch : Yum plugin to merge configuration changes when installing packages
yum-plugin-ovl.noarch : Yum plugin to work around overlayfs issues
yum-plugin-post-transaction-actions.noarch : Yum plugin to run arbitrary commands when certain pkgs are acted on
yum-plugin-pre-transaction-actions.noarch : Yum plugin to run arbitrary commands when certain pkgs are acted on
yum-plugin-priorities.noarch : plugin to give priorities to packages from different repos
yum-plugin-protectbase.noarch : Yum plugin to protect packages from certain repositories.
yum-plugin-ps.noarch : Yum plugin to look at processes, with respect to packages
yum-plugin-remove-with-leaves.noarch : Yum plugin to remove dependencies which are no longer used because of a removal
yum-plugin-rpm-warm-cache.noarch : Yum plugin to access the rpmdb files early to warm up access to the db
yum-plugin-show-leaves.noarch : Yum plugin which shows newly installed leaf packages
yum-plugin-tmprepo.noarch : Yum plugin to add temporary repositories
yum-plugin-tsflags.noarch : Yum plugin to add tsflags by a commandline option
yum-plugin-upgrade-helper.noarch : Yum plugin to help upgrades to the next distribution version
yum-plugin-verify.noarch : Yum plugin to add verify command, and options
yum-plugin-versionlock.noarch : Yum plugin to lock specified packages from being updated

You can install the selected plugin with yum install like any other package:

yum install yum-plugin-changelog

yum -y install yum-versionlock

To block package updates through the plugin, run:

yum versionlock nginx

List blocked packages:

yum versionlock list

Remove package from blocked:

yum versionlock delete nginx

If you don’t need to use a certain plugin at some point in time, you can disable it by adding a prefix when calling yum:

Or disable all plugins installed in the system:

Using yum through a proxy

If the proxy server requires authorization, add the lines:

To check if yum works through a proxy server, use the command

yum clean all && yum search nginx

To check, I specified a public proxy server from Germany and during installation, the fastestmirror plugin worked, found mirrors from which the speed would be higher:

If you need to use a proxy only for some repositories, you do not need to edit the /etc/yum.conf file, but specify the proxy settings in the /etc/yum.repos.d/your_config.repo repository configuration file.

So, in this article we have covered the basic features of the yum package rpm manager in Linux CentOS/RHEL.

Table of contents

Teams
Yum Options
Yum-Utils Package
Configuration files
Plugins
Working through a proxy

display of commands and options

list of package names from repository

#yum list available

list of all installed packages

#yum list installed

whether the specified package is installed

#yum list installed httpd

list of installed and available packages

#yum list all

list of packages related to the kernel

#yum list kernel

display package information

#yum info httpd

list of dependencies and required packages

#yum deplist httpd

find the package that contains the file

#yum provides «*bin/top»

search for a package by name and description

#yum search httpd

#yum search yum

#yum updateinfo list security

display a list of groups

display the description and contents of the group

#yum groupinfo «Basic Web Server»

installation of the «Basic Web Server» package group

#yum groupinstall «Basic Web Server»

#yum groupremove «Basic Web Server»

Check for available updates

information about a specific repository

#yum repoinfo epel

information about packages in the specified repository

#yum repo-pkgs epel list

install all packages from the repository

#yum repo-pkgs reponame install

remove packages installed from repository

#yum repo-pkgs reponame remove

check local rpm database (dependencies, duplicates, obsoletes, provides are supported)

#yum check dependencies

viewing yum history (listing transactions)

#yum history list

view information of a specific transaction (installed packages, installed dependencies)

#yum history info 9

#yum history undo 9

#yum history redo 9

you can additionally view the log

delete cached packages

#yum clean packages

delete all packages and metadata

#yum clean all

#yum install httpd

#yum remove httpd

#yum update httpd

upgrade all packages

upgrade to a specific version

install from a local directory (dependencies will be searched/installed from connected repositories)

#yum localinstall httpd.rpm

#yum install httpd.rpm

install from http

#yum localinstall http://server/repo/httpd.rpm

roll back to the previous package version

reinstalling the package (recovering deleted files)

#yum reinstall httpd

removing unnecessary packages

creation of local repositories (createrepo is installed separately)

install scheduled updates (yum-cron is installed separately)

Web server setup

The repository for downloading and installing packages is a repository of files accessed via the http protocol. To do this, we need to deploy a web server.

We will use nginx as the last one. To install it, install the epel repository:

After we install nginx itself:

yum install nginx

Allow the web server to start:

systemctl enable nginx

systemctl start nginx

Options Yum

answer «yes» when asked,

#yum update -y

answer “no” when asked

or disable a specific plugin

enable plugins that are installed but disabled

enable disabled repository

#yum update -y —enablerepo=epel

#yum update -y —disablerepo=epel

#yum install httpd —downloadonly

Rpm

rpm is a low-level package management utility that does not install dependencies when installing a package, can get information about packages in the system. Similar to dpkg from Ubuntu.

Software groups and modules

Software groups are jointly installed software.

Environment groups are sets of other groups.

In addition to groups, there are modules. They, like groups, contain several packages at once, but in modules, packages are linked by versions.

Different releases of CentOS

In one repository, we can easily store packages for various releases of the CentOS operating system (and not only CentOS, but also PPAs). To do this, create a directory for the new release, synchronize it with the source and create a repository from it, for example:

* this example assumes the use of the repository for release 6.

Client Setting

To ensure that all packages will be downloaded from the local repository, disable the existing ones:

* In this example, we found and replaced enabled=1 with enabled=0 in the entire /etc/yum.repos.d directory files.
you can also do something radical and remove the repositories with the command
m /etc/yum.repos.d/

Create a file with repository settings:

* where local is the name of the repository; name — description; baseurl — the base http address where you need to look for packages; enabled — an indication to enable or disable the repository; gpgcheck — enable or disable verification of GPG signatures for packages.

You can also set the priority for each of the repositories:

* 1 is the highest priority.

Done. You can install.

You can view the list of installed packages and from which repository they were downloaded with the command:

Files with repository data

The yum repository files are located in the directory

and contain approximately the following

Repositories and packages in repositories are signed with a private key, only people who add packages to repositories have it. This is done because someone can stand in the middle of the traffic and pretend to be the correct server. If someone pretends to be a repository, then the user will download and install packages from this server without realizing that they are installing fake packages. When adding a repository, the user receives a public key, it can be on the repository site, or come with the system. Thanks to the public key, you can make sure that the repository or package is exactly what you need.

rpm —import filekey.asc

To delete a repository, just delete its file.

Install rpm package with repository data

Installation via link

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

If the package with the repository is in the base repository, you can install it by specifying its name, for example, as epel

To remove a repository, you need to remove the corresponding package

yum remove epel-release

yum-config-manager utility

yum install yum-utils

Adding a repository is done by the command

Switching the repository off and on

yum-config-manager —disable epel
yum-config-manager —enable epel

The following commands are available after installing the yum-utils package

find which repository the package is installed from

find processes whose packages are up to date and need to be restarted

request to the repository, find out package dependencies without installing it

#repoquery —requires —resolve httpd

sync yum updates repository to local directory repo1

#reposync -p repo1 —repoid=updates

check local repository integrity

install the necessary dependencies to build the RPM package

manage configuration options and yum repositories

query to local yum database, display information about the package
(command used, checksum, URL from which it was set, etc.)

#yumdb info httpd

yumdownloader —source php

Yum (yellowdog updater modified) — package manager for rpm packages.

Epel Repo

For the Epel repository, the adding scheme is similar, except for the synchronization method — synchronization with yandex is performed using wget.

Create a separate directory branch:

When setting up the client, create a file with repository settings:

By the same principle, we can add any repository, for example, rpmforge, remi, nginx and others.

Installation history

yum has a history of installs, they are logged in

Yum work through a proxy server

if necessary, specify a password, add

specify a proxy for an individual user

I will be glad to any additions and comments.
Read more:

Some useful plugins

Adds command line option to view changelog before/after updates

selects faster repositories from the list of mirrors

adds keys, keys-info, keys-data, keys-remove commands that allow you to work with keys.

block specified packages from updating, yum versionlock command

adding yum verify-all, verify-multilib, verify-rpm commands to verify package checksums

Yum configuration files and their locations

Main configuration file

directory, with configurations (for example, yum plugins)

directory containing information about repositories

Some yum options. conf

Directory where yum stores cache and base files (default ‘/var/cache/yum’)

Specifies whether or not Yum should keep a cache of headers and packages after a successful installation. Values: 0 or 1. (default 1)

debug output level. Values: 1-10 (default 2)

log file (default ‘/var/log/yum.log’)

update obsolete packages

package signature verification. Values: 0 or 1 (default 1)

enable plugins. Values: 0 or 1 (default 1)

Creating a repository

Let’s set up our repository, which will store the installation packages. We will also configure their automatic synchronization with the CentOS repository.

Install the necessary utilities to work with the local repository:

yum install createrepo yum-utils

Create directories for the repository:

Synchronize our future repository with the package source, for example, with a mirror from Yandex:

After we synchronize updates:

* in this example, we added autoindex on for convenience — this will allow you to view the contents of the repository in the browser.

systemctl restart nginx

Server preparation

Performing some server security settings.

Firewall

Allow ports on which our server will receive requests:

* In this example, we allow http and https requests.

SELinux

It is better to disable this security model. To do this, enter two commands:

sed -i ‘s/^SELINUX=.*/SELINUX=disabled/g’ /etc/selinux/config

* The first command is to disable it once, the second — permanently.

Repository update

To keep the list of packages up to date, it is necessary to constantly update the installation files in the repositories. This can be done manually and/or automatically.

Manual update

To update the repository, we synchronize with the package source (same as we did the initial synchronization):

And update service information:

Similarly, with all other repositories.

Automatic update

Its essence boils down to running a script in cron. First, let’s create a folder for storing scripts, then the script itself:

We allow the script to be executed:

Add job to cron:

0 1 * * * /scripts/repos_update.sh

* In this example, we run our script every day at 1 am.