CentOS: Using yum with a Proxy Server

By default, yum accesses network repositories with HTTP. All yum HTTP operations use HTTP/1.1, and are compatible with web proxy servers that support this standard. You may also access FTP repositories, and configure yum to use an FTP proxy server. The squid package provides a proxy service for both HTTP/1.1 and FTP connections.

Configuring Proxy Server Access

To enable all yum operations to use a proxy server, specify the proxy server details in /etc/yum.conf. The proxy setting must specify the proxy server as a complete URL, including the TCP port number. If your proxy server requires a username and password, specify these by adding proxy_username and proxy_password settings.

The settings below enable yum to use the proxy server mycache.mydomain.com, connecting to port 3128, with the username yum-user and the password qwerty.

# The proxy server - proxy server:port number
proxy=http://mycache.mydomain.com:3128
# The account details for yum connections
proxy_username=yum-user
proxy_password=qwerty

10. Using yum with a Proxy Server

By default, yum accesses network repositories with HTTP. All yum HTTP operations use HTTP/1.1, and are compatible with web proxy servers that support this standard. You may also access FTP repositories, and configure yum to use an FTP proxy server. The squid package provides a proxy service for both HTTP/1.1 and FTP connections.

[Tip] Modifying yum for Network Compatibility
Refer to the man page for yum.conf for information on HTTP settings that may be modified for compatibility with nonstandard web proxy servers. Alternatively, configure yum to use an FTP proxy server, and access repositories that support FTP. The Fedora repositories support both HTTP and FTP.

10.1. Configuring Proxy Server Access

To enable all yum operations to use a proxy server, specify the proxy server details in /etc/yum.conf. The proxy setting must specify the proxy server as a complete URL, including the TCP port number. If your proxy server requires a username and password, specify these by adding proxy_username and proxy_password settings.

The settings below enable yum to use the proxy server mycache.mydomain.com, connecting to port 3128, with the username yum-user and the password qwerty.

# The proxy server - proxy server:port number
proxy=http://mycache.mydomain.com:3128
# The account details for yum connections
proxy_username=yum-user
proxy_password=qwerty

Example 3. Configuration File Settings for Using A Proxy Server

[Note] Global Settings
If you define a proxy server in /etc/yum.conf, all users connect to the proxy server with those details when using yum.

10.2. Configuring Proxy Server Access for a Single User

To enable proxy access for a specific user, add the lines in the example box below to the user’s shell profile. For the default bash shell, the profile is the file ~/.bash_profile. The settings below enable yum to use the proxy server mycache.mydomain.com, connecting to port 3128.

# The Web proxy server used by this account
http_proxy="http://mycache.mydomain.com:3128"
export http_proxy

Example 4. Profile Settings for Using a Proxy Server

If the proxy server requires a username and password, add these to the URL. To include the username yum-user and the password qwerty, add these settings:

# The Web proxy server, with the username and password for this account
http_proxy="http://yum-user:qwerty@mycache.mydomain.com:3128"
export http_proxy

Example 5. Profile Settings for a Secured Proxy Server

[Note] The http_proxy Environment Variable
The http_proxy environment variable is also used by curl and other utilities. Although yum itself may use http_proxy in either upper-case or lower-case, curl requires the name of the variable to be in lower-case.

Manually Installing Software

Use repositories and the standard yum commands to locate and install new software, unless the software package is not available from any repository. In these cases, use the localinstall function to install the software from the package file.

[Important] Public Key is Required
Ensure that the public key for the package source has been imported before you install a package without a repository. Refer to Section 7.2, “Manually Authorizing Package Sources”.

Enter this command to install the package tsclient-0.132-4.i386.rpm:

su -c 'yum localinstall tsclient-0.132-4.i386.rpm'

At the prompt, enter the root password.

[Note] Previously Installed Software is Updated
If the package provides a later version of software that is already installed on your system, yum updates the installed software.

If the package requires software that is not installed on your system, yum attempts to meet the dependencies with packages from the configured repositories. You may need to manually download and install additional packages in order to satisfy all of the dependencies.

[Caution] Maintaining Manually Installed Software
If you install software that is not provided by a repository, yum update cannot automatically upgrade it as new versions become available. To ensure that you have the latest packages, subscribe to e-mail or RSS services that notify you when new versions are released.

Maintaining yum

The yum system does not require any routine maintenance. To ensure that yum operations are carried out at optimal speed, disable or remove repository definitions which you no longer require. You may also clear the files from the yum caches in order to recover disk space.
8.1. Disabling or Removing Package Sources

Set enable=0 in a definition file to prevent yum from using that repository. The yum utility ignores any definition file with this setting.

To completely remove access to a repository:

Delete the relevant file from /etc/yum.repos.d/.

Delete the cache directory from /var/cache/yum/.

8.2. Clearing the yum Caches

By default, yum retains the packages and package data files that it downloads, so that they may be reused in future operations without being downloaded again. To purge the package data files, use this command:

su -c ‘yum clean headers’

Run this command to remove all of the packages held in the caches:

su -c ‘yum clean packages’

For CentOS-4 users, to clean the metadata files use this command:

su -c ‘yum clean metadata’

When using these commands, at the prompt, enter the password for the root account.

Purging cached files causes those files to downloaded again the next time that they are required. This increases the amount of time required to complete the operation.
8.3. Using yum Plugins
(This section only applicable to CentOS-4)

Yum functionality in version 2.4.x on CentOS 4 can now be extended through the use of yum plugins.

Enabling yum plugins: In order to use any plugins with yum, you must first edit the file /etc/yum.conf and add the following line:

plugins=1

Once plugins are enabled in yum.conf, you may install yum plugins and use them.

Some yum plugins are available as seperate rpm packages. Currently in CentOS-4 those are protectbase and fastestmirror. These plugins are highly recommended for CentOS-4 users who are using the default update method.

fastestmirror

The fastest mirror plugin is designed for use in repository configurations where you have more than 1 mirror in a repo configuration. It makes a connection to each mirror, timing the connection and then sorts the mirrors by fastest to slowest for use by yum.

If you are using the default CentOS configuration, and if you are not behind a proxy server, fastestmirror is highly recommended.

To install fastestmirror use this command:

su -c ‘yum install yum-plugin-fastestmirror’

After fastestmirror is installed, make sure that it is enabled. Edit the file /etc/yum/pluginconf.d/fastestmirror.conf and ensure that it contains the following:

[main]
verbose = 0
socket_timeout = 3
enabled = 1
hostfilepath = /var/cache/yum/timedhosts.txt
maxhostfileage = 1

protectbase

The purpose of the protectbase plugin is to protect certian repositories from updates from other repositories. Repositories that are to be protected will not be updated by newer files from non protected repositories. This plugin is recommended for anyone who routinely enables 3rd party repositories, as these non-CentOS repositories may update certian system files, potentially causing your CentOS installation to become unstable.

To install the protectbase plugin, ensure that the CentOS extras repository is enabled (it is enabled by default) and issue this command:

su -c ‘yum install yum-plugin-protectbase’

After the plugin is installed, make sure that it is enabled. Edit the file /etc/yum/pluginconf.d/protectbase.conf and ensure that it contains the following:

[main]
enabled = 1

Next you need to edit all .repo files in /etc/yum.repos.d/ and add either:

protect = 1

or

protect = 0

for each repository. Here is an example of protecting only the [base] and [update] repositories in the CentOS-Base.repo file:

[base]
name=CentOS-$releasever – Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=1

#released updates
[update]
name=CentOS-$releasever – Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=1

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever – Addons
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
#baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0

#additional packages that may be useful
[extras]
name=CentOS-$releasever – Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever – Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0

#contrib – packages by Centos Users
[contrib]
name=CentOS-$releasever – Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0

[Note] Adding protect= to all repositories

You MUST add protect=0 to all repos in all .repo files in /etc/yum.repos.d/ or any repos that you have in /etc/yum.conf if you want them unprotected, otherwise they belong to the protect=1 group. As a general rule add either protect=0 or protect=1 to each and every repo.

When doing updates after editing your files, only repositories that have protect=1 group can update other protect=1 repositories. In our example, yum will only update the [base] or [update] directories with RPMs from [base] or [update]. If there were updated RPMs in the [addons] directory for packages in [base], they would not be updated.

With both the protectbase and fastestmirror yum plugins installed, you should get the fastest updates with maximum protection from accidental damage from 3rd party repositories.

yum-utils plugins
The CentOS-4 package yum-utils also contains some yum plugins that are not enabled by default. Those plugins are located in the directory /usr/share/doc/yum-utils-0.5/plugins after the package yum-utils is installed.

Please review those plugins and if you would like to install them for use, copy the plugin_name.conf file to /etc/yum/pluginconf.d/ and the plugin_name.py file to /usr/lib/yum-plugins/ to enable that specific plugin.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s