公司内部yum源仓库搭建

Linux安全运维 (796) 2022-09-05 15:02:38

安装需要的软件

[root@Yum-Repositories ~]# yum install wget vim nginx createrepo reposync yum-utils -y

配置NGINX服务器

1、修改nginx配置文件

[root@Yum-Repositories ~]# vim /etc/nginx/nginx.conf
…
server {
        #listen       80 default_server;
        #listen       [::]:80 default_server;
        listen       80;
        server_name  192.168.0.228;
        #root         /usr/share/nginx/html;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
 
        location / {
                root /mds/yum;
        }
….

2、启动nginx并设置开机自动启动:

[root@Yum-Repositories ~]# systemctl start nginx
[root@Yum-Repositories ~]# systemctl enable nginx

创建yum源目录

1、创建需要存放rpm包的目录

[root@Yum-Repositories mds]# pwd
/mds
[root@Yum-Repositories mds]# mkdir yum
[root@Yum-Repositories yum]# mkdir centos6
[root@Yum-Repositories yum]# mkdir centos7

配置本地yum服务器的上层yum源

1、备份原有的repo文件

[root@Yum-Repositories yum.repos.d]# pwd
/etc/yum.repos.d
[root@Yum-Repositories yum.repos.d]# mkdir tmp
[root@Yum-Repositories yum.repos.d]# mv ./*.repo tmp/

2、下载阿里云yum源的repo文件和docker的官方repo文件

[root@Yum-Repositories yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-6.repo
[root@Yum-Repositories yum.repos.d]# wget https://download.docker.com/linux/centos/docker-ce.repo
[root@Yum-Repositories yum.repos.d]# mv docker-ce.repo docker-ce.repo.bak

3、根据阿里云repo文件创建CentOS6的yum源文件

文件内容如下:

[root@Yum-Repositories yum.repos.d]# cat Centos-6.repo.bak 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-6-Base-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/6/os/x86_64/
http://mirrors.aliyuncs.com/centos/6/os/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates 
[updates]
name=CentOS-6-Updates-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/6/updates/x86_64/
http://mirrors.aliyuncs.com/centos/6/updates/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-6-Extras-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/6/extras/x86_64/
http://mirrors.aliyuncs.com/centos/6/extras/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-6-Plus-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/6/centosplus/x86_64/
http://mirrors.aliyuncs.com/centos/6/centosplus/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-6-Contrib-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/6/contrib/x86_64/
http://mirrors.aliyuncs.com/centos/6/contrib/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

4、创建CentOS7的yum源文件

[root@Yum-Repositories yum.repos.d]# cat Centos-7.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-7-Base-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
http://mirrors.aliyuncs.com/centos/7/os/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-7-Updates-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/updates/x86_64/
http://mirrors.aliyuncs.com/centos/7/updates/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-7-Extras-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/extras/x86_64/
http://mirrors.aliyuncs.com/centos/7/extras/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-7-Plus-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/centosplus/x86_64/
http://mirrors.aliyuncs.com/centos/7/centosplus/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-7-Contrib-mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/contrib/x86_64/
http://mirrors.aliyuncs.com/centos/7/contrib/x86_64/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

5、创建CentOS7上Docker的yum源文件

[root@Yum-Repositories yum.repos.d]# cat docker-ce.repo.bak
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/7/x86_64/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-x86_64/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://download.docker.com/linux/centos/7/x86_64/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-x86_64/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://download.docker.com/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/7/x86_64/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/7/debug-x86_64/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

6、创建CentOS7上MySQL的yum源文件

[root@Yum-Repositories yum.repos.d]# cat mysql-community.repo
[mysql-connectors-community]
name=MySQL Connectors Community
baseurl=http://repo.mysql.com/yum/mysql-connectors-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql-tools-community]
name=MySQL Tools Community
baseurl=http://repo.mysql.com/yum/mysql-tools-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
# Enable to use MySQL 5.5
[mysql55-community]
name=MySQL 5.5 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
# Enable to use MySQL 5.6
[mysql56-community]
name=MySQL 5.6 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

[root@Yum-Reporsitory yum.repos.d]# cat mysql-community-source.repo
[mysql-connectors-community-source]
name=MySQL Connectors Community - Source
baseurl=http://repo.mysql.com/yum/mysql-connectors-community/el/7/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql-tools-community-source]
name=MySQL Tools Community - Source
baseurl=http://repo.mysql.com/yum/mysql-tools-community/el/7/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql55-community-source]
name=MySQL 5.5 Community Server - Source
baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/7/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql56-community-source]
name=MySQL 5.6 Community Server - Source
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
[mysql57-community-source]
name=MySQL 5.7 Community Server - Source
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/SRPMS
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

同步yum源到本地yum服务器

1、同步CentOS6的yum源

[root@Yum-Repositories yum.repos.d]# mv Centos-6.repo.bak Centos-6.repo
[root@Yum-Repositories mds]# reposync -p /mds/yum/centos6
[root@Yum-Repositories yum.repos.d]# mv Centos-6.repo Centos-6.repo.bak

2、同步CentOS7的yum源

[root@Yum-Repositories yum.repos.d]# mv Centos-7.repo.bak Centos-7.repo
[root@Yum-Repositories mds]# reposync -p /mds/yum/centos7
[root@Yum-Repositories yum.repos.d]# mv Centos-7.repo Centos-7.repo.bak

3、同步CentOS7上Docker的yum源

[root@Yum-Repositories yum.repos.d]# mv docker-ce.repo.bak docker-ce.repo
[root@Yum-Repositories mds]# reposync -p /mds/yum/centos7
[root@Yum-Repositories yum.repos.d]# mv docker-ce.repo docker-ce.repo.bak

4、同步CentOS7上MySQL的yum源

[root@Yum-Repositories yum.repos.d]# mv mysql-community.repo.bak mysql-community.repo
[root@Yum-Repositories mds]# reposync -p /mds/yum/centos7
[root@Yum-Repositories yum.repos.d]# mv mysql-community.repo mysql-community.repo.bak

[root@Yum-Repositories yum.repos.d]# mv mysql-community-source.repo.bak mysql-community-source.repo
[root@Yum-Repositories mds]# reposync -p /mds/yum/centos7
[root@Yum-Repositories yum.repos.d]# mv mysql-community-source.repo mysql-community-source.repo.bak

创建rpm包依赖库

CentOS6
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos6/base/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos6/extras/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos6/updates/Packages/

CentOS7 
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/base/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/extras/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/updates/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/docker-ce-stable/Packages/
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/mysql56-community
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/mysql-connectors-community
[root@Yum-Repositories ~]# createrepo -p /mds/yum/centos7/mysql-tools-community

设置Docker的gpgkey文件

[root@Yum-Repositories yum]# pwd
/mds/yum
[root@Yum-Repositories yum]# wget https://download.docker.com/linux/centos/gpg
[root@Yum-Repositories yum]# mv gpg RPM-GPG-KEY-Docker
[root@Yum-Repositories yum]# chmod 755 RPM-GPG-KEY-Docker

设置MySQL的gpgkey文件

[root@Yum-Repositories ~]# wget https://repo.mysql.com/mysql-community-release-el7.rpm
[root@Yum-Repositories ~]# rpm -ivh https://repo.mysql.com/mysql-community-release-el7.rpm
会自动生成mysql的两个repo文件(前文中的mysql-community.repo和mysql-community-source.repo),以及RPM-GPG-KEY-mysql文件
[root@Yum-Repositories yum]# mv /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql56 /mds/yum/
[root@Yum-Repositories yum]# chmod 755 RPM-GPG-KEY-mysql56

设置目录权限

[root@Yum-Repositories yum]# pwd
/mds/yum
[root@Yum-Repositories yum]# chmod -R 755 ./* 

创建yum源自动更新

1、创建自动更新脚本

[root@Yum-Reporsitory ~]# cat auto_update_yum_centos6.sh
#!/bin/bash
#设置日志文件名,以当前日期为后缀
DATE=`date "+%Y-%m-%d"`
log6=/root/yumsync6.log$DATE
echo > $log6
#将/etc/yum.repos.d/目录下的所有repo文件加上.bak的后缀,防止之前执行失败而导致有xxx.repo.bak被改为xxx.repo而没有改回xxx.repo.bak
for file in /etc/yum.repos.d/*.repo
do
mv $file $file.bak >> /dev/null 2>> /dev/null
done
#将centos6的repo文件的.bak后缀去除,使之开始生效
mv /etc/yum.repos.d/Centos-6.repo.bak /etc/yum.repos.d/Centos-6.repo
yum clean all
yum makecache
#同步centos6的包到本地
reposync -p /mds/yum/centos6 >> $log6 2>> $log6
#为本地rpm包简历yum的索引
createrepo -p /mds/yum/centos6/base/Packages/ >> $log6 2>> $log6
createrepo -p /mds/yum/centos6/extras/Packages/ >> $log6 2>> $log6
createrepo -p /mds/yum/centos6/updates/Packages/ >> $log6 2>> $log6
createrepo -p /mds/yum/centos6/centosplus/Packages/ >> $log6 2>> $log6
#重新将centos6的repo文件加上后缀.bak,使之不影响其他repo的更新
mv /etc/yum.repos.d/Centos-6.repo /etc/yum.repos.d/Centos-6.repo.bak
#防止新同步的包权限为默认的600,而导致客户端安装包时报错forbidden
chmod -R 755 /mds/yum/centos6
[root@Yum-Reporsitory ~]# cat auto_update_yum_centos7.sh
#!/bin/bash
#设置日志文件名,以当前日期为后缀
DATE=`date "+%Y-%m-%d"`
log7=/root/yumsync7.log$DATE
echo > $log7
#将/etc/yum.repos.d/目录下的所有repo文件加上.bak的后缀,防止之前执行失败而导致有xxx.repo.bak被改为xxx.repo而没有改回xxx.repo.bak
for file in /etc/yum.repos.d/*.repo
do
mv $file $file.bak >> /dev/null 2>> /dev/null
done
#update centos7
#将centos6的repo文件的.bak后缀去除,使之开始生效
mv /etc/yum.repos.d/Centos-7.repo.bak /etc/yum.repos.d/Centos-7.repo
yum clean all
yum makecache
#同步centos7的包到本地
reposync -p /mds/yum/centos7 >> $log7 2>> $log7
#为本地rpm包简历yum的索引
createrepo -p /mds/yum/centos7/base/Packages/ >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/extras/Packages/ >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/updates/Packages/ >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/centosplus/Packages/ >> $log7 2>> $log7
#重新将centos7的repo文件加上后缀.bak,使之不影响其他repo的更新
mv /etc/yum.repos.d/Centos-7.repo /etc/yum.repos.d/Centos-7.repo.bak
#update docker
mv /etc/yum.repos.d/docker-ce.repo.bak /etc/yum.repos.d/docker-ce.repo
yum clean all
yum makecache
reposync -p /mds/yum/centos7 >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/docker-ce-stable/Packages/ >> $log7 2>> $log7
mv /etc/yum.repos.d/docker-ce.repo /etc/yum.repos.d/docker-ce.repo.bak
#update mysql56
mv /etc/yum.repos.d/mysql-community.repo.bak /etc/yum.repos.d/mysql-community.repo
yum clean all
yum makecache
reposync -p /mds/yum/centos7 >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/mysql56-community/ >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/mysql-connectors-community/ >> $log7 2>> $log7
createrepo -p /mds/yum/centos7/mysql-tools-community/ >> $log7 2>> $log7
mv /etc/yum.repos.d/mysql-community.repo /etc/yum.repos.d/mysql-community.repo.bak
#防止新同步的包权限为默认的600,而导致客户端安装包时报错forbidden
chmod -R 755 /mds/yum/centos7

2、设置计划任务,每周日夜里执行一次

[root@Yum-Repositories ~]# crontab -e
0 0 * * 7 /root/auto_update_yum_centos6.sh > /dev/null 2> /dev/null
0 1 * * 7 /root/auto_update_yum_centos7.sh > /dev/null 2> /dev/null

创建客户端yum源repo文件

1、CentOS6环境

[root@Yum-Repositories ~]# cat ncentos6.repo
[base]
name=centos6-base
baseurl=http://192.168.0.228/centos6/base/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[extras]
name=centos6-extras
baseurl=http://192.168.0.228/centos6/extras/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[updates]
name=centos6-updates
baseurl=http://192.168.0.228/centos6/updates/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[centosplus]
name=centos6-centosplus
baseurl=http://192.168.0.228/centos6/centosplus/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

2、CentOS7环境

[root@Yum-Repositories ~]# cat ncentos7.repo
[base]
name=centos7-base
baseurl=http://192.168.0.228/centos7/base/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[extras]
name=centos7-extras
baseurl=http://192.168.0.228/centos7/extras/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[updates]
name=centos7-updates
baseurl=http://192.168.0.228/centos7/updates/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[centosplus]
name=centos7-centosplus
baseurl=http://192.168.0.228/centos7/centosplus/Packages/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[docker]
name=centos7-docker
baseurl=http://192.168.0.228/centos7/docker-ce-stable/Packages/
gpgcheck=1
gpgkey=http://192.168.0.228/RPM-GPG-KEY-Docker
[mysql56-community]
name=centos7-mysql56-community
baseurl=http://192.168.0.228/centos7/mysql56-community/
gpgcheck=1
gpgkey=http://192.168.0.228/RPM-GPG-KEY-mysql56
[mysql-tools-community]
name=centos7-mysql-tools-community
baseurl=http://192.168.0.228/centos7/mysql-tools-community/
gpgcheck=1
gpgkey=http://192.168.0.228/RPM-GPG-KEY-mysql56
[mysql-connectors-community]
name=centos7-mysql-connectors-community
baseurl=http://192.168.0.228/centos7/mysql-connectors-community/
gpgcheck=1
gpgkey=http://192.168.0.228/RPM-GPG-KEY-mysql56
THE END

发表评论

下一篇

已是最新文章