|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells
|News||Notes on RHCSA Certification for RHEL 7||Recommended links||Lecture notes for RHCSA certification for RHEL 7||RHEL7 documentation||The tar pit of Red Hat overcomplexity||Systemd||Unix History with some Emphasis on Scripting||Red Hat history|
|Understanding and using essential tools||Access a shell prompt and issue commands with correct syntax||Finding Help||Managing files in RHEL||Working with hard and soft links||Working with archives and compressed files||Using the Midnight Commander as file manager||Text files processing||Using redirection and pipes|
|Use grep and extended regular expressions to analyze text files||Finding files and directories; mass operations on files||Connecting to the server via ssh, using multiple consoles and screen command||RHCSA: Managing local users and groups||RHCSA: Introduction to Unix permissions model||Introduction to Process Management||Configuring network in RHEL7||Installation and configuration of KVM in RHEL7|
|Managing Software Packages with yum and rpm||Using yum||Using rpm|
|Sysadmin Horror Stories||Tips||Humor||Etc|
The default utility used to manage software packages on Red Hat Enterprise Linux is yum (Yellowdog update manager). Yum is written in Python and works with repositories, which are online connection of software packages, assessable via HTTP and HTTPS.
All "standard" software on RHEL is provided in the RPM (Red Hat Package Manager) format. This cpio based format which is enhanced to provide package metadata as well.
Repositories can be Red Hat maintained or local clones. In both cases patching of the servers, which is the most frequently used operation for production servers is done using yum the command:
The main advantage of yum over older rpm utility is that it attempts to resolve package dependencies (when it fails you have pproblem but you canresort to downloading and installing packages via locainstall option of Yum
Dependency problems induced by libraries is known as "package hell" problem in Linux.
Dependencies typically are connected with libraries as very few executables in RHEL are statically links. Even bash is not statically links which is blunder on the part of Red Hat. This means that to is path to libraries is not available you OS became unusable. The simplest way to provide in RHEL 7 is to delete symbolic links existing in root directory.
Dependencies are specified within RPM format and are extracted by YUM. The yum command then try to find them in the repositories configured on this system. It finds them it fetches the dependencies automatically. If all goes well you will see the list of the dependencies that will be installed. If some dependencies are not found you are in troubles. For system packages this happens rarely but for custom packages is a real problem.
Red Hat repositories are accessible only for registered instances on RHEL. Only after registering with RHN, you can install software packages from RHEL repositories. If you are using CentOS, you get access to the CentOS repositories automatically: they are configured during installation and can be used immediately without any registration.
Note that repositories are specific to an version of RHEL. Moreover using CentOS repositories in RHEL installation also creates problems. It is not recommended to add CentOS repositories to an RHEL server. If you want to provide additional software should add the EPEL (Extra Packages for Enterprise Linux) and Extra repositories. On how to add EPEL repositories see https://fedoraproject.org/wiki/EPEL for more information.
Installation of EPEL or CentOS repository in RHEL formally breaks your RHEL support contract.
To tell your server which repository to use, you need to create a file with a name that ends in .repo in the directory /etc/yum.repos.dTo define a new repository, you need to add a
.repofile in the
/etc/yum.repos.d/directory. It can be created manually or copied from other server which already has this repository subscribed.
To add such a repository to your system and enable it automatically, you need to use the command
root . This operation is called a subscription to the repository and the command to use in not yum, but
yum-config-manager --add rhel-7-server-optional-rpms yum-config-manager --add rhel-7-server-supplementary-rpms
For CentOS all the necessary repo files are created during the installation. The default content the
directory is as following:
d620@ROOT:/etc/yum.repos.d # ll total 32K -rw-r--r--. 1 root root 1.7K Nov 23 08:16 CentOS-Base.repo -rw-r--r--. 1 root root 1.3K Nov 23 08:16 CentOS-CR.repo -rw-r--r--. 1 root root 649 Nov 23 08:16 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 314 Nov 23 08:16 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 Nov 23 08:16 CentOS-Media.repo -rw-r--r--. 1 root root 1.3K Nov 23 08:16 CentOS-Sources.repo -rw-r--r--. 1 root root 5.6K Nov 23 08:16 CentOS-Vault.repoFor RHEL7 self-support the list is different:
b33:/etc/yum.repos.d # ll total 88 -rw-r--r--. 1 root root 70660 Jan 25 08:18 redhat.repo
Each file in /etc/yum.repos.d directory defines a set of repositories from a common provider and consists of section delineated with labels in square brackets. For example [rhel-7-server-supplementary-rpms] The .repo file can contain multiple repositories. In this vase there are multiple section with each section starting with a label that identifies the specific repository.
After the label there are three main fields:
There are multiple labels in this file but the most important is the label [base]. In CentOS it defines mirrorlist and if you do not have a good mirror in vicinity you might have trouble with CentOS update. Mirrors for CentOS are provided voluntarily and mainly by educational institutions which often do not have great bandwidth to begin with. So patching servers at night is a better deal for CentOS.
You can replace mirrorlist with the best repository in your vicinity. That requires some research, but if you have difficulties accessing repositories via mirrorlist (for example due to the proxy) it pays off.
# CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
You can also have local repositories. To access them you need to creat .repo file. When creating a repository file, the baseurl parameter is the most important because it tells your server where to find the files that are to be installed. The baseurl takes as its argument the URL where files need to be installed from. This will often be an HTTP or FTP URL, but it can be a file-based URL as well.
When using a URL, two components are used. First, the URI identifies the protocol to be used and is in the format protocol://, such as http://, ftp://, or file:// or nfs://. Following the URI is the exact location on that URL. That can be the name of a web server or an FTP server, including the subdirectory where the files are found. If the URL is file based, the location on the file system starts with a / as well. Therefore, for a file system-based URL, there will be three slashes in the baseurl, such as baseurl:///repo, which refers to the directory /repo on the local file system.
To help you determine the status of packages provided, Red Hat (as well as CentOS) groups packages in different repositories. Each of these has a different support status, so it is important to know where you are installing software from if you are interested in keeping the support status of your server.
NOTE: When installing RHEL7 updates you typically will see systemd updates as well. This is the case of "The cowboys work is never done" ;-)
d620@ROOT:/etc/yum.repos.d # yum -y update Loaded plugins: fastestmirror Determining fastest mirrors * base: mirror.trouble-free.net * extras: mirror.trouble-free.net * updates: mirror.trouble-free.net base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/2): extras/7/x86_64/primary_db | 187 kB 00:00:00 (2/2): updates/7/x86_64/primary_db | 3.3 MB 00:00:01 Resolving Dependencies --> Running transaction check ---> Package NetworkManager.x86_64 1:1.12.0-8.el7_6 will be updated ---> Package NetworkManager.x86_64 1:1.12.0-10.el7_6 will be an update ---> Package NetworkManager-libnm.x86_64 1:1.12.0-8.el7_6 will be updated ---> Package NetworkManager-libnm.x86_64 1:1.12.0-10.el7_6 will be an update ---> Package NetworkManager-team.x86_64 1:1.12.0-8.el7_6 will be updated ---> Package NetworkManager-team.x86_64 1:1.12.0-10.el7_6 will be an update ---> Package NetworkManager-tui.x86_64 1:1.12.0-8.el7_6 will be updated ---> Package NetworkManager-tui.x86_64 1:1.12.0-10.el7_6 will be an update ---> Package NetworkManager-wifi.x86_64 1:1.12.0-8.el7_6 will be updated ---> Package NetworkManager-wifi.x86_64 1:1.12.0-10.el7_6 will be an update ---> Package bind-libs-lite.x86_64 32:9.9.4-72.el7 will be updated ---> Package bind-libs-lite.x86_64 32:9.9.4-73.el7_6 will be an update ---> Package bind-license.noarch 32:9.9.4-72.el7 will be updated ---> Package bind-license.noarch 32:9.9.4-73.el7_6 will be an update ---> Package containers-common.x86_64 1:0.1.31-7.gitb0b750d.el7.centos will be updated ---> Package containers-common.x86_64 1:0.1.31-8.gitb0b750d.el7.centos will be an update ---> Package cpp.x86_64 0:4.8.5-36.el7 will be updated ---> Package cpp.x86_64 0:4.8.5-36.el7_6.1 will be an update ---> Package dbus.x86_64 1:1.10.24-12.el7 will be updated ---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update ---> Package dbus-libs.x86_64 1:1.10.24-12.el7 will be updated ---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update ---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.2 will be updated ---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.3 will be an update ---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.2 will be updated ---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.3 will be an update ---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.2 will be updated ---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.3 will be an update ---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.2 will be updated ---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.3 will be an update ---> Package docker.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated ---> Package docker.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update ---> Package docker-client.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated ---> Package docker-client.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update ---> Package docker-common.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated ---> Package docker-common.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update ---> Package freetype.x86_64 0:2.8-12.el7 will be updated ---> Package freetype.x86_64 0:2.8-12.el7_6.1 will be an update ---> Package gcc.x86_64 0:4.8.5-36.el7 will be updated ---> Package gcc.x86_64 0:4.8.5-36.el7_6.1 will be an update ---> Package grub2.x86_64 1:2.02-0.76.el7.centos will be updated ---> Package grub2.x86_64 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-common.noarch 1:2.02-0.76.el7.centos will be updated ---> Package grub2-common.noarch 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-pc.x86_64 1:2.02-0.76.el7.centos will be updated ---> Package grub2-pc.x86_64 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-pc-modules.noarch 1:2.02-0.76.el7.centos will be updated ---> Package grub2-pc-modules.noarch 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-tools.x86_64 1:2.02-0.76.el7.centos will be updated ---> Package grub2-tools.x86_64 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-tools-extra.x86_64 1:2.02-0.76.el7.centos will be updated ---> Package grub2-tools-extra.x86_64 1:2.02-0.76.el7.centos.1 will be an update ---> Package grub2-tools-minimal.x86_64 1:2.02-0.76.el7.centos will be updated ---> Package grub2-tools-minimal.x86_64 1:2.02-0.76.el7.centos.1 will be an update ---> Package kernel.x86_64 0:3.10.0-957.10.1.el7 will be installed ---> Package kernel-headers.x86_64 0:3.10.0-957.5.1.el7 will be updated ---> Package kernel-headers.x86_64 0:3.10.0-957.10.1.el7 will be an update ---> Package kernel-tools.x86_64 0:3.10.0-957.1.3.el7 will be updated ---> Package kernel-tools.x86_64 0:3.10.0-957.10.1.el7 will be an update ---> Package kernel-tools-libs.x86_64 0:3.10.0-957.1.3.el7 will be updated ---> Package kernel-tools-libs.x86_64 0:3.10.0-957.10.1.el7 will be an update ---> Package krb5-libs.x86_64 0:1.15.1-34.el7 will be updated ---> Package krb5-libs.x86_64 0:1.15.1-37.el7_6 will be an update ---> Package libblkid.x86_64 0:2.23.2-59.el7 will be updated ---> Package libblkid.x86_64 0:2.23.2-59.el7_6.1 will be an update ---> Package libgcc.x86_64 0:4.8.5-36.el7 will be updated ---> Package libgcc.x86_64 0:4.8.5-36.el7_6.1 will be an update ---> Package libgomp.x86_64 0:4.8.5-36.el7 will be updated ---> Package libgomp.x86_64 0:4.8.5-36.el7_6.1 will be an update ---> Package libmount.x86_64 0:2.23.2-59.el7 will be updated ---> Package libmount.x86_64 0:2.23.2-59.el7_6.1 will be an update ---> Package libsmartcols.x86_64 0:2.23.2-59.el7 will be updated ---> Package libsmartcols.x86_64 0:2.23.2-59.el7_6.1 will be an update ---> Package libstdc++.x86_64 0:4.8.5-36.el7 will be updated ---> Package libstdc++.x86_64 0:4.8.5-36.el7_6.1 will be an update ---> Package libuuid.x86_64 0:2.23.2-59.el7 will be updated ---> Package libuuid.x86_64 0:2.23.2-59.el7_6.1 will be an update ---> Package lvm2.x86_64 7:2.02.180-10.el7_6.2 will be updated ---> Package lvm2.x86_64 7:2.02.180-10.el7_6.3 will be an update ---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.2 will be updated ---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.3 will be an update ---> Package nss.x86_64 0:3.36.0-7.el7_5 will be updated ---> Package nss.x86_64 0:3.36.0-7.1.el7_6 will be an update ---> Package nss-pem.x86_64 0:1.0.3-5.el7 will be updated ---> Package nss-pem.x86_64 0:1.0.3-5.el7_6.1 will be an update ---> Package nss-sysinit.x86_64 0:3.36.0-7.el7_5 will be updated ---> Package nss-sysinit.x86_64 0:3.36.0-7.1.el7_6 will be an update ---> Package nss-tools.x86_64 0:3.36.0-7.el7_5 will be updated ---> Package nss-tools.x86_64 0:3.36.0-7.1.el7_6 will be an update ---> Package nss-util.x86_64 0:3.36.0-1.el7_5 will be updated ---> Package nss-util.x86_64 0:3.36.0-1.1.el7_6 will be an update ---> Package oci-systemd-hook.x86_64 1:0.1.18-2.git3efe246.el7 will be updated ---> Package oci-systemd-hook.x86_64 1:0.1.18-3.git8787307.el7_6 will be an update ---> Package openldap.x86_64 0:2.4.44-20.el7 will be updated ---> Package openldap.x86_64 0:2.4.44-21.el7_6 will be an update ---> Package openssl.x86_64 1:1.0.2k-16.el7 will be updated ---> Package openssl.x86_64 1:1.0.2k-16.el7_6.1 will be an update ---> Package openssl-libs.x86_64 1:1.0.2k-16.el7 will be updated ---> Package openssl-libs.x86_64 1:1.0.2k-16.el7_6.1 will be an update ---> Package perl.x86_64 4:5.16.3-293.el7 will be updated ---> Package perl.x86_64 4:5.16.3-294.el7_6 will be an update ---> Package perl-Pod-Escapes.noarch 1:1.04-293.el7 will be updated ---> Package perl-Pod-Escapes.noarch 1:1.04-294.el7_6 will be an update ---> Package perl-libs.x86_64 4:5.16.3-293.el7 will be updated ---> Package perl-libs.x86_64 4:5.16.3-294.el7_6 will be an update ---> Package perl-macros.x86_64 4:5.16.3-293.el7 will be updated ---> Package perl-macros.x86_64 4:5.16.3-294.el7_6 will be an update ---> Package policycoreutils.x86_64 0:2.5-29.el7 will be updated ---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update ---> Package policycoreutils-python.x86_64 0:2.5-29.el7 will be updated ---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be an update ---> Package polkit.x86_64 0:0.112-18.el7 will be updated ---> Package polkit.x86_64 0:0.112-18.el7_6.1 will be an update ---> Package python-perf.x86_64 0:3.10.0-957.1.3.el7 will be updated ---> Package python-perf.x86_64 0:3.10.0-957.10.1.el7 will be an update ---> Package rear.x86_64 0:2.4-2.el7 will be updated ---> Package rear.x86_64 0:2.4-4.el7_6 will be an update ---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.6 will be updated ---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.9 will be an update ---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.6 will be updated ---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 will be an update ---> Package shadow-utils.x86_64 2:184.108.40.206-25.el7 will be updated ---> Package shadow-utils.x86_64 2:220.127.116.11-25.el7_6.1 will be an update ---> Package systemd.x86_64 0:219-62.el7 will be updated ---> Package systemd.x86_64 0:219-62.el7_6.5 will be an update ---> Package systemd-libs.x86_64 0:219-62.el7 will be updated ---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be an update ---> Package systemd-sysv.x86_64 0:219-62.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-62.el7_6.5 will be an update ---> Package tuned.noarch 0:2.10.0-6.el7 will be updated ---> Package tuned.noarch 0:2.10.0-6.el7_6.3 will be an update ---> Package tzdata.noarch 0:2018g-1.el7 will be updated ---> Package tzdata.noarch 0:2018i-1.el7 will be an update ---> Package util-linux.x86_64 0:2.23.2-59.el7 will be updated ---> Package util-linux.x86_64 0:2.23.2-59.el7_6.1 will be an update ---> Package xfsprogs.x86_64 0:4.5.0-18.el7 will be updated ---> Package xfsprogs.x86_64 0:4.5.0-19.el7_6 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================= Package Arch Version Repository Size ============================================================================================= Installing: kernel x86_64 3.10.0-957.10.1.el7 updates 48 M Updating: NetworkManager x86_64 1:1.12.0-10.el7_6 updates 1.7 M NetworkManager-libnm x86_64 1:1.12.0-10.el7_6 updates 1.4 M NetworkManager-team x86_64 1:1.12.0-10.el7_6 updates 159 k NetworkManager-tui x86_64 1:1.12.0-10.el7_6 updates 239 k NetworkManager-wifi x86_64 1:1.12.0-10.el7_6 updates 187 k bind-libs-lite x86_64 32:9.9.4-73.el7_6 updates 741 k bind-license noarch 32:9.9.4-73.el7_6 updates 87 k containers-common x86_64 1:0.1.31-8.gitb0b750d.el7.centos extras 21 k cpp x86_64 4.8.5-36.el7_6.1 updates 5.9 M dbus x86_64 1:1.10.24-13.el7_6 updates 245 k dbus-libs x86_64 1:1.10.24-13.el7_6 updates 169 k device-mapper x86_64 7:1.02.149-10.el7_6.3 updates 292 k device-mapper-event x86_64 7:1.02.149-10.el7_6.3 updates 188 k device-mapper-event-libs x86_64 7:1.02.149-10.el7_6.3 updates 188 k device-mapper-libs x86_64 7:1.02.149-10.el7_6.3 updates 320 k docker x86_64 2:1.13.1-94.gitb2f74b2.el7.centos extras 18 M docker-client x86_64 2:1.13.1-94.gitb2f74b2.el7.centos extras 3.9 M docker-common x86_64 2:1.13.1-94.gitb2f74b2.el7.centos extras 96 k freetype x86_64 2.8-12.el7_6.1 updates 380 k gcc x86_64 4.8.5-36.el7_6.1 updates 16 M grub2 x86_64 1:2.02-0.76.el7.centos.1 updates 31 k grub2-common noarch 1:2.02-0.76.el7.centos.1 updates 728 k grub2-pc x86_64 1:2.02-0.76.el7.centos.1 updates 31 k grub2-pc-modules noarch 1:2.02-0.76.el7.centos.1 updates 846 k grub2-tools x86_64 1:2.02-0.76.el7.centos.1 updates 1.8 M grub2-tools-extra x86_64 1:2.02-0.76.el7.centos.1 updates 995 k grub2-tools-minimal x86_64 1:2.02-0.76.el7.centos.1 updates 172 k kernel-headers x86_64 3.10.0-957.10.1.el7 updates 8.0 M kernel-tools x86_64 3.10.0-957.10.1.el7 updates 7.1 M kernel-tools-libs x86_64 3.10.0-957.10.1.el7 updates 7.0 M krb5-libs x86_64 1.15.1-37.el7_6 updates 803 k libblkid x86_64 2.23.2-59.el7_6.1 updates 181 k libgcc x86_64 4.8.5-36.el7_6.1 updates 102 k libgomp x86_64 4.8.5-36.el7_6.1 updates 157 k libmount x86_64 2.23.2-59.el7_6.1 updates 182 k libsmartcols x86_64 2.23.2-59.el7_6.1 updates 140 k libstdc++ x86_64 4.8.5-36.el7_6.1 updates 305 k libuuid x86_64 2.23.2-59.el7_6.1 updates 82 k lvm2 x86_64 7:2.02.180-10.el7_6.3 updates 1.3 M lvm2-libs x86_64 7:2.02.180-10.el7_6.3 updates 1.1 M nss x86_64 3.36.0-7.1.el7_6 updates 835 k nss-pem x86_64 1.0.3-5.el7_6.1 updates 74 k nss-sysinit x86_64 3.36.0-7.1.el7_6 updates 62 k nss-tools x86_64 3.36.0-7.1.el7_6 updates 515 k nss-util x86_64 3.36.0-1.1.el7_6 updates 78 k oci-systemd-hook x86_64 1:0.1.18-3.git8787307.el7_6 extras 34 k openldap x86_64 2.4.44-21.el7_6 updates 356 k openssl x86_64 1:1.0.2k-16.el7_6.1 updates 493 k openssl-libs x86_64 1:1.0.2k-16.el7_6.1 updates 1.2 M perl x86_64 4:5.16.3-294.el7_6 updates 8.0 M perl-Pod-Escapes noarch 1:1.04-294.el7_6 updates 51 k perl-libs x86_64 4:5.16.3-294.el7_6 updates 688 k perl-macros x86_64 4:5.16.3-294.el7_6 updates 44 k policycoreutils x86_64 2.5-29.el7_6.1 updates 916 k policycoreutils-python x86_64 2.5-29.el7_6.1 updates 456 k polkit x86_64 0.112-18.el7_6.1 updates 168 k python-perf x86_64 3.10.0-957.10.1.el7 updates 7.1 M rear x86_64 2.4-4.el7_6 updates 637 k selinux-policy noarch 3.13.1-229.el7_6.9 updates 483 k selinux-policy-targeted noarch 3.13.1-229.el7_6.9 updates 6.9 M shadow-utils x86_64 2:18.104.22.168-25.el7_6.1 updates 1.1 M systemd x86_64 219-62.el7_6.5 updates 5.1 M systemd-libs x86_64 219-62.el7_6.5 updates 407 k systemd-sysv x86_64 219-62.el7_6.5 updates 84 k tuned noarch 2.10.0-6.el7_6.3 updates 254 k tzdata noarch 2018i-1.el7 updates 490 k util-linux x86_64 2.23.2-59.el7_6.1 updates 2.0 M xfsprogs x86_64 4.5.0-19.el7_6 updates 897 k Transaction Summary ============================================================================================= Install 1 Package Upgrade 68 Packages Total download size: 168 M
To install packages with yum, you first need to know the exact name of the package. The yum search command can help to determine this name and typically is the frost stage in installation of the package.
When you use yum search, it first gets in touch with the online repositories (which might take a minute), after which it downloads the most recent repository metadata to the local machine. Then, yum search looks in the package name and description for the string you have been looking for. In Listing 11.4, you can see what the result looks like after using yum search user.
d620@ROOT:/etc/yum.repos.d # yum search documentation | grep -viP 'header|generat|developer' | wc -l 648
You can also use command
yum search user
Because the yum search command looks in the package name and summary only, it often does not show what you need. You often need to look for packages containing a specific file. To do this, the yum whatprovides or yum provides command will help you. (There is no functional difference between these two commands.) To make it clear that you are looking for packages containing a specific file, you need to specify the filename as */filename, or use the full path name to the file you want to use. So if you need to look for the package containing the file semanage, for example, use yum whatprovides */semanage. It will show the name of the package as a result.
Before installing a package, it is a good idea to get some more information about the package. Because the yum command was developed to be intuitive, it is almost possible to guess how that works. Just use yum info, followed by the name of the package.
Often example use the nmap package (which is a very useful tool). It is a network sniffer that allows you to find ports that are open on other hosts. Just use nmap 192.168.4.100 to give it a try, but be aware that some network administrators really do not like nmap and might consider this a hostile attack.
d620@ROOT:/etc/yum.repos.d # yum info nmap Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.trouble-free.net * extras: mirror.trouble-free.net * updates: mirror.trouble-free.net Installed Packages Name : nmap Arch : x86_64 Epoch : 2 Version : 6.40 Release : 16.el7 Size : 16 M Repo : installed From repo : base Summary : Network exploration tool and security scanner URL : http://nmap.org/ License : GPLv2 and LGPLv2+ and GPLv2+ and BSD Description : Nmap is a utility for network exploration or security auditing. It supports : ping scanning (determine which hosts are up), many port scanning techniques : (determine what services the hosts are offering), and TCP/IP fingerprinting : (remote host operating system identification). Nmap also offers flexible target : and port specification, decoy scanning, determination of TCP sequence : predictability characteristics, reverse-identd scanning, and more. In addition : to the classic command-line nmap executable, the Nmap suite includes a flexible : data transfer, redirection, and debugging tool (netcat utility ncat), a utility : for comparing scan results (ndiff), and a packet generation and response : analysis tool (nping).
If after looking at the yum info output you are happy with the package, the next step is to install it. As anything else you are doing with yum, it is not hard to guess how to do that: Just use yum install nmap. When used in this way, the yum command asks for confirmation. If when you type the yum install command you are sure about what you are doing, you might as well use the -y option, which passes a “yes” to the confirmation prompt that yum normally issues.
yum starts by analyzing what is going to be installed. Once that is clear, it gives an overview of the package that is going to be installed, including its dependencies. Then, the package itself is installed to the system.
To remove software packages from a machine, use the yum remove command. This command also will do a dependency analysis, which means that it will not only remove the selected package but also all packages that depend on it. This may sometimes lead to a long list of software packages that are going to be removed. To avoid unpleasant surprises, you should never use yum remove with the -y option.
Some packages are protected. Therefore, you cannot easily remove them. If yum remove encounters protected packages, it refuses to remove them.
When working with yum, you may also use the yum list command to show lists of packages. Used without arguments, yum list shows a list of all software packages that are available, including the repository they were installed from.
If a repository name is shown, the package is available in that specific repository. If @anaconda is listed, the package has already been installed on this system.
If you want to see which packages are installed on your server, you can use the yum list installed command. The yum list command can also prove useful when used with the name of a specific package as its argument. For instance, type yum list kernel to show which version of the kernel is actually installed and which version is available as the most recent version in the repositories. For example
yum list kernel
One of the major benefits of working with yum repositories is that repositories make it easy to update packages. The maintainer of the repositories copies updated packages to the repositories. The index in the repository always contains the current version of a package in the repository. On the local machine also, a database is available with the current versions of the packages that are used. When using the yum update command, current versions of packages that are installed are compared to the version of these packages in the repositories.
From this overview, type y to install the updates or d to simply down then without installation (this is new option in yum available only in RHEL7 and above)
Notice that while updating packages the old version of the package is replaced with a newer version of the package.
There is one exception, which is for the kernel package. Even if you are using the yum update kernel command, the kernel package is not updated, but the newer kernel is installed beside the old kernel, so that during booting you can select the kernel that you want to use.
This is useful because you may find that because of hardware compatibility issues the new kernel will not work. In that case, you can interfere on the GRUB 2 boot prompt
While managing specific services on a Linux machine, you often need several different packages. If, for instance, you want to make your machine a virtualization host, you need the KVM packages, but also all supporting packages such as qemu, libvirt, and the client packages. Or while configuring your server as a web server, you need to install additional packages like PHP as well in many cases.
To make it easier to manage specific functionality, instead of specific packages, you can work with package groups as well. A package group is defined in the repository, and yum offers the group management commands to work with these groups. For an overview of all current groups, use yum groups list.
d620@ROOT:/etc/yum.repos.d # yum group list Loaded plugins: fastestmirror There is no installed groups file. Maybe run: yum groups mark convert (see man yum) Loading mirror speeds from cached hostfile * base: mirror.trouble-free.net * extras: mirror.trouble-free.net * updates: mirror.trouble-free.net Available Environment Groups: Minimal Install Compute Node Infrastructure Server File and Print Server Basic Web Server Virtualization Host Server with GUI GNOME Desktop KDE Plasma Workspaces Development and Creative Workstation Available Groups: Compatibility Libraries Console Internet Tools Development Tools Graphical Administration Tools Legacy UNIX Compatibility Scientific Support Security Tools Smart Card Support System Administration Tools System Management Done
Notice that some yum groups are not listed by default. To show those as well, type yum groups list hidden. You see the list of groups that is displayed is considerably longer. The difference is that yum groups list shows environment groups, which contain basic functionality. Within an environment group, different subgroups can be used; these are displayed only when using yum groups list hidden.
To get information about packages available in a group, you use yum groups info. Because group names normally contain spaces, do not forget to put the entire group name between quotes. So, type yum groups info "Basic Web Server" to see what is in the Basic Web Server group.
While working with yum, all actions are logged to the /var/log/yum.log file. You can use the yum history command to get an overview of all actions that have been issued. From the history file, it is possible to undo specific actions; use yum history undo followed by the number of the specific action you want to undo.
d620@ROOT:/etc/yum.repos.d # yum history Loaded plugins: fastestmirror ID | Command line | Date and time | Action(s) | Altered ------------------------------------------------------------------------------- 22 | -y update | 2019-03-20 14:59 | I, U | 16 PP 21 | -y update | 2019-03-20 14:56 | I, U | 69 ** 20 | install at | 2019-03-10 21:04 | Install | 1 19 | install psmisc.x86_64 | 2019-03-01 15:28 | Install | 1 18 | install gcc.x86_64 | 2019-03-01 15:20 | I, U | 9 17 | install wget | 2019-03-01 15:17 | Install | 1 16 | install mlocate | 2019-02-21 09:51 | Install | 1 15 | install tree | 2019-02-19 00:25 | Install | 1 14 | install tcpdump | 2019-01-30 16:31 | Install | 1 13 | install net-tools | 2019-01-30 11:30 | Install | 1 12 | install bash-completion | 2019-01-30 11:28 | Install | 1 11 | install traceroute.x86_6 | 2019-01-30 11:25 | Install | 1 10 | install dos2unix | 2019-01-28 20:48 | Install | 1 9 | install syslinux-extlinu | 2019-01-27 15:02 | Install | 1 8 | install rear | 2019-01-27 14:13 | Install | 7 7 | install httpd | 2018-12-13 13:45 | Install | 5 6 | install nmap | 2018-12-13 13:28 | Install | 3 5 | update | 2018-12-13 13:18 | I, O, U | 156 EE 4 | install docker | 2018-12-13 12:52 | I, U | 44 3 | install vim | 2018-12-07 01:45 | Install | 3
To undo any action type yum history undo <number>.
Using external Web-based repositories allows you install software packages from the Internet. This is convenient, but it also involves a security risk. When installing RPM packages, you do that with root permissions, and if in the RPM package script code is executed, that is executed as root as well. For that reason, you want to make sure that you can trust the software packages you are trying to install.
This is why repositories in general use keys for package signing. This is also why on Red Hat Enterprise Linux it is a good idea to use repositories provided though RHN only.
To secure packages in a repository, they are signed with a GPG key. This makes it possible to check whether packages have been changed since the owner of the repository provided them. The GPG key used to sign the software packages is typically made available through the repository as well. The users of the repository can download that key and store it locally so that the package signature check can be performed automatically each time a package is downloaded from the repository.
If repository security is compromised and an intruder manages to hack the repository server and put some fake packages on it, the GPG key signature will not match, and the yum command will complain while installing new packages. This is why it is highly recommended to use GPG keys when using Internet repositories.
If you are using a repository where GPG package signing has been used, on first contact with that repository the RPM command will propose to download the key that was used for package signing. That's what you have to do if you add EPEL repository. This is a transparent procedure that requires no further action.
The GPG keys that were used for package signing are installed to the /etc/pki/rpm-gpg directory by default.
The GPG keys that were used for package signing are installed to the /etc/pki/rpm-gpg directory by default.
For using internal repositories, the security risks are less. For that reason, you can use not signed packages.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: April 11, 2019