Linux配置yum源

it2023-11-07 67

文章目录

yum介绍一、Cetnos6 配置yum源1.1 阿里云源1.2 本地源二、Cetnos7 配置yum源2.1 阿里云源2.2 本地源系统初始化配置

yum介绍

Yum(全称为 Yellow dogUpdater, Modified)是一个在Fedora和RedHat以及CentOS中的Shell前端软件包管理器。基于RPM包管理，能够从指定的服务器自动下载RPM包并且安装，可以自动处理依赖性关系，并且一次安装所有依赖的软件包，无须繁琐地一次次下载、安装。yum提供了查找、安装、删除某一个、一组甚至全部软件包的命令，而且命令简洁而又好记。

yum的配置文件

yum 的配置文件在 /etc/yum.repos.d 目录下, 其中有多个配置文件,每一个配置文件中都可以配置一个或多个repository, 但是最终会被合并为一个交给系统，所以多个文件只是为了方便管理。

一、Cetnos6 配置yum源

1.1 阿里云源

备份，将 CentOS-Base.repo 为CentOS-Base.repo.backup

[root@localhost ~]$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

下载新的 http://mirrors.aliyun.com/repo/Centos-6.repo,并命名为CentOS-Base.repo

[root@localhost ~]$ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 或者 [root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

清除缓存

[root@localhost ~]$ yum clean all # 清除系统所有的yum缓存 [root@localhost ~]$ yum makecache # 生成yum缓存

如果报错If above article doesn't help to resolve this issue please open a ticket wit

http://mirrors.cloud.aliyuncs.com/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cloud.aliyuncs.com'"

解决办法： CentOS 6已经经历了2020年11月的结束进入了EOL（生命终结），不过有一些老设备依然需要支持，CentOS官方也给这些还不想把CentOS 6扔进垃圾堆的用户保留了最后一个版本的充分，只是这个有意义不会再有更新了

官方便在12月2日正式将CentOS 6相关的软件源移出了官方资源，随之而来逐级甚至也会陆续将其删除。

一键修复（复制到SSH执行即可）：

[root@localhost ~]$ sed -i "s|enabled=1|enabled=0|g" /etc/yum/pluginconf.d/fastestmirror.conf [root@localhost ~]$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup [root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo [root@localhost ~]$ yum clean all && yum makecache

如何使用epel源

下载安装epel源

#下载epel源 [root@localhost ~]$ wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm #安装epel源 [root@localhost ~]$ rpm -ivh epel-release-6-8.noarch.rpm #清除下缓存 [root@localhost ~]$ yum clean all && yum makecache

1.2 本地源

media：挂载一些移动设备，例如光盘，U盘等。

mnt：挂载一些硬盘等设备。

第一步：右击虚拟机——进入“虚拟机设置”——点击“CD/DVD（IDE）”——点击“浏览”——选中安装时的镜像——勾选上“已连接”——确定

第二步：挂载光盘到指定位置

[root@localhost ~]$ mkdir /mnt/cdrom #创建cdrom目录，作为光盘的挂载点 [root@localhost ~]$ ls /dev/cdro* #查看dev目录下的cdrom名称，有的不一致 [root@localhost ~]$ mount /dev/cdrom /mnt/cdrom/ mount: block device /dev/sr0 is write-protected, mounting read-only #挂载光盘到/mnt/cdrom目录下 [root@localhost ~]$ mount -a #挂载检查，没有报错则成功

第三步：修改其他几个yum源配置文件的扩展名，让它们失效，因为只有扩展名是“*.repo”的文件才能作为yum源配置文件

[root@localhost ~]$ cd /etc/yum.repos.d/ [root@localhost ~]$ mkdir repos && mv * repos

第四步：修改光盘yum源配置文件CentOS-Media.repo

[root@localhost ~]$ vim CentOS-Media.repo [c6-media] name=CentOS-$releasever - Media baseurl=file:///mnt/cdrom #地址为你自己的光盘挂载地址 # file:///media/cdrom/ # file:///media/cdrecorder/ #注释这两个不存在的地址 gpgcheck=1 enabled=1 #把enabled=0改为enabled=1，让这个yum源配置文件生效 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentO

开机自动挂载：

[root@localhost ~]$ vim /etc/fstab /dev/cdrom /mnt/cdrom iso9660 defaults 0 0 #添加说明: /dev/cdrom:表示设备的光驱 /Media/cdrom:表示光驱挂载的位置 Iso9660:iso文件的文件类型（固定的iso文件类型格式为iso9660） 0 0 不被dump备份，开机时不检查

测试：

[root@localhost ~]$ yum clean all [root@localhost ~]$ yum makecache [root@localhost ~]$ yum -y install gcc

二、Cetnos7 配置yum源

2.1 阿里云源

备份，将 CentOS-Base.repo 为CentOS-Base.repo.backup

[root@localhost ~]$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

下载新的 http://mirrors.aliyun.com/repo/Centos-7.repo,并命名为CentOS-Base.repo

[root@localhost ~]$ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 或者 [root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

清除缓存

[root@localhost ~]$ yum clean all # 清除系统所有的yum缓存 [root@localhost ~]$ yum makecache # 生成yum缓存

2.2 本地源

第一步：设置虚拟机第二步：挂载光盘到指定位置

第三步：修改其他几个yum源配置文件的扩展名，让它们失效，因为只有扩展名是“*.repo”的文件才能作为yum源配置文件

[root@localhost ~]$ cd /etc/yum.repos.d/ [root@localhost ~]$ mkdir repos && mv * repos

第四步：修改光盘yum源配置文件CentOS-Media.repo

[root@localhost ~]$ vim CentOS-Media.repo [c7-media]#这个是本源的名字，不能和其他的重复（随便，不重复） name=CentOS-$releasever - Media #名字（随便） baseurl=file:///mnt/cdrom #上方步骤一挂载镜像创建的目录 enabled=1 #yum源是否启用 1-启用 0-不启用 gpgcheck=1 #安全检测 1-开启 0-不开启 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

开机自动挂载：

测试：

[root@localhost ~]$ yum clean all [root@localhost ~]$ yum makecache [root@localhost ~]$ yum -y install gcc

系统初始化配置

设置静态ip

[root@localhost ~]$ cd /etc/sysconfig/network-scripts [root@localhost ~]$ vim ifcfg-ens33 TYPE=Ethernet #网络类型 PROXY_METHOD=none BROWSER_ONLY=no DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=ens33 UUID=59ab8840-ef2e-441b-97d1-f9f7fde61d7b DEVICE=ens33 ONBOOT=yes #开机自启 BOOTPROTO=static #修改此处，改为static IPADDR=192.168.88.100 #ip地址 NETMASK=255.255.255.0 #子网掩码 GATEWAY=192.168.88.2 #网关，可在虚拟机中查看 DNS1=114.114.114.114 #dns地址

安装常用软件包

#安装依赖包 [root@localhost ~]$ yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools lrzsz telent #安装lrzsz,源码包直接拖进shell即可

关闭 SELINUX

[root@localhost ~]$ swapoff -a && sed -i '/ swap / s/^$.*$$/#\1/g' /etc/fstab [root@localhost ~]$ setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config && reboot

关闭防火墙

#centos6 [root@localhost ~]$ iptables -F && service iptables save #centos7 [root@localhost ~]$ systemctl stop firewalld && systemctl disable firewalld

系统初始化脚本

[root@localhost ~]$ vim init.sh #!/bin/bash # Description: system init script # Date: 2021-01-01 # Author: lurenjia # Network ping -c 1 -W 3 114.114.114.114 &> /dev/null if [ ! $? = 0 ];then echo "Cannot be networked" exit 1 fi #提取本机的ip #ip=$(ifconfig|grep "inet"|grep -v "127.0.0.1"|cut -d: -f2|awk '{print $2}') # Set PATH Variables export PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/root/bin export LANG="en_US.UTF-8" # Set output color COLUMENS=80 SPACE_COL=$[ $COLUMENS-15 ] #VERSION=`uname -r | awk -F'.' '{print $1}'` VERSION=`uname -r | awk -F'.' '{print $4}' | awk -F 'l' '{print $2}'` #根据是6还是7来判断 RED='\033[1;5;31m' GREEN='\033[1;32m' NORMAL='\033[0m' success() { REAL_SPACE=$[ $SPACE_COL - ${#1} ] for i in `seq 1 $REAL_SPACE`; do echo -n " " done echo -e "[ ${GREEN}SUCCESS${NORMAL} ]" } failure() { REAL_SPACE=$[ $SPACE_COL - ${#1} ] for i in `seq 1 $REAL_SPACE`; do echo -n " " done echo -e "[ ${RED}FAILURE${NORMAL} ]" exit 1 } #echo -e "\033[34m当前ip $ip \033[0m" # 01 Data="01) 关闭selinux..." echo -n $Data setenforce 0 /bin/cp /etc/selinux/config /etc/selinux/config.bak sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config &> /dev/null [ `grep "SELINUX=enforcing" /etc/selinux/config|wc -l` -eq 0 ] && success "$Data" || failure "$Data" # 02 Data="02) 关闭iptables或者firewalld..." echo -n $Data if [ $VERSION = 6 ];then service iptables stop &> /dev/null chkconfig iptables off &> /dev/null [ `chkconfig --list | grep iptables| grep 3:on | wc -l` -eq 0 ] && success "$Data" || failure "$Data" else systemctl stop firewalld &> /dev/null systemctl disable firewalld &> /dev/null [ `systemctl list-unit-files | grep firewalld | grep enabled | wc -l` -eq 0 ] && success "$Data" || failure "$Data" fi # 03 Data="03) 设置公网DNS..." echo -n $Data cat << EOF >> /etc/resolv.conf options timeout:1 attempts:1 rotate single-request-reopen nameserver 114.114.114.114 nameserver 114.114.114.115 EOF [ `grep '114.114.114.114' /etc/resolv.conf | wc -l` -ne 0 ] && success "$Data" || failure "$Data" # 04 Data="04) 安装常用基础命令..." echo -n $Data yum -y install vim expect screen lrzsz tree openssl openssh-clients openssl-devel openssh-server telnet iftop iotop sysstat wget ntpdate dos2unix lsof net-tools mtr gcc gcc-c++ cmake zip unzip git sudo psmisc &> /dev/null if [ ! $? = 0 ];then failure "$Data" else success "$Data" fi # 05 Data="05) 配置阿里云yum源..." echo -n $Data cd /etc/yum.repos.d mkdir -p /etc/yum.repos.d/repo_bak mv *.repo /etc/yum.repos.d/repo_bak/ wget http://mirrors.aliyun.com/repo/Centos-$VERSION.repo &> /dev/null wget http://mirrors.aliyun.com/repo/epel-$VERSION.repo &> /dev/null yum clean all &> /dev/null && yum makecache &> /dev/null [ `grep aliyun.com /etc/yum.repos.d/Centos-$VERSION.repo | wc -l` -ne 0 -a `grep aliyun.com /etc/yum.repos.d/epel-$VERSION.repo | wc -l` -ne 0 ] && success "$Data" || failure "$Data" # 06 Data="06) 与阿里云时间同步服务器进行时间同步..." echo -n $Data /usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null && hwclock --systohc &> /dev/null echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com && hwclock --systohc" >> /var/spool/cron/root if [ $VERSION = 6 ];then service crond restart &> /dev/null else systemctl restart crond &> /dev/null fi [ `grep ntpdate /var/spool/cron/root |wc -l` -ne 0 ] && success "$Data" || failure "$Data" # 07 Data="07) 调整用户级别的文件描述符数量..." echo -n $Data /bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak echo "* - nofile 65535">> /etc/security/limits.conf [ `grep nofile /etc/security/limits.conf | grep -v ^# | awk -F 'nofile' '{print $2}'` -ge 60000 ] && success "$Data" || failure "$Data" # 08 Data="08) 调整用户级别的进程数量..." echo -n $Data if [ $VERSION = 6 ];then /bin/cp /etc/security/limits.d/90-nproc.conf /etc/security/limits.d/90-nproc.conf.bak echo -e '* soft nproc 65535\nroot soft nproc unlimited' > /etc/security/limits.d/90-nproc.conf [ `grep '*' /etc/security/limits.d/90-nproc.conf | grep -v ^# | awk -F ' ' '{print $4}'` -ge 60000 ] && success "$Data" || failure "$Data" else /bin/cp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak echo -e '* soft nproc 65535\nroot soft nproc unlimited' > /etc/security/limits.d/20-nproc.conf [ `grep '*' /etc/security/limits.d/20-nproc.conf | grep -v ^# | awk -F ' ' '{print $4}'` -ge 60000 ] && success "$Data" || failure "$Data" fi # 09 Data="09) 修改字符集..." echo -n $Data if [ $VERSION = 6 ];then /bin/cp /etc/sysconfig/i18n /etc/sysconfig/i18n.bak echo 'LANG="en_US.UTF-8"' > /etc/sysconfig/i18n source /etc/sysconfig/i18n [ `echo $LANG | grep 'en_US.UTF-8' | wc -l` -ne 0 ] && success "$Data" || failure "$Data" else /bin/cp /etc/locale.conf /etc/locale.conf.bak echo 'LANG="en_US.UTF-8"' > /etc/locale.conf source /etc/locale.conf [ `echo $LANG | grep 'en_US.UTF-8' | wc -l` -ne 0 ] && success "$Data" || failure "$Data" fi # 10 Data="10) 精简开机自启服务..." echo -n $Data if [ $VERSION = 6 ];then for cgt in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $cgt off &> /dev/null;done for cgt in {crond,sshd,network,rsyslog};do chkconfig --level 3 $cgt on &>/dev/null;done [ `chkconfig --list|grep 3:on|wc -l` -eq 4 ] && success "$Data" || failure "$Data" else systemctl list-unit-files|grep service| grep enable | awk '{print $1}'|xargs -i systemctl disable {} &> /dev/null for cgt in {crond,sshd,network,rsyslog,NetworkManager};do systemctl enable $cgt &>/dev/null;done [ `systemctl list-unit-files | grep enabled | wc -l` -lt 20 ] && success "$Data" || failure "$Data" fi # 11 Data="11) 内核参数优化..." echo -n $Data [ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F-%H%M%S) || /bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak cat >> /etc/sysctl.conf <<EOF net.ipv4.ip_forward = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 ###调整系统级别的文件描述符的数量 fs.file-max = 6553500 ###调整系统级别的允许线程的数量 kernel.pid_max=1000000 ###内存资源使用相关设定 vm.vfs_cache_pressure = 100000 vm.max_map_count = 262144 vm.swappiness = 0 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 8192 4194304 net.ipv4.tcp_wmem = 4096 8192 4194304 ##应对DDOS攻击,TCP连接建立设置 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_max_syn_backlog = 262144 ##应对timewait过高,TCP连接断开设置 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.ip_local_port_range = 1024 65000 ###TCP keepalived 连接保鲜设置 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 5 ###其他TCP相关调节 net.core.somaxconn = 8192 net.core.netdev_max_backlog = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 EOF sysctl -p &> /dev/null [ `grep "net.ipv4.ip_forward = 1" /etc/sysctl.conf|wc -l` -ne 0 ] && success "$Data" || failure "$Data" # 12 Data="12) 禁止空密码连接..." echo -n $Data /bin/cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak #sed -i 's/\#Port 22/Port 13888/' /etc/ssh/sshd_config #sed -i 's/\#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config sed -i 's/\#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config sed -i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config [ `grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | wc -l` -ne 0 -a `grep "UseDNS no" /etc/ssh/sshd_config|wc -l` -ne 0 ] && success "$Data" || failure "$Data" # 13 Data="13) 优化history记录..." echo -n $Data cat << EOF >> /etc/profile export HISTSIZE=10000 USER_IP=\`who -u am i | awk '{print \$NF}'|sed -e 's/[()]//g'\` if [ -z \$USER_IP ] then USER_IP="NO_client_IP" fi export HISTTIMEFORMAT="<%Y.%m.%d %H:%M:%S-\$USER_IP-\$USER> : " EOF source /etc/profile [ `grep "HISTTIMEFORMAT" /etc/profile | wc -l` -ne 0 ] && success "$Data" || failure "$Data"

最新回复(0)