*NIX

Aug. 16, 2009, 5:22 a.m.
posted by whitehat

Automatic Updates with yum



Automatic Updates with yum

The yum automatic RPM update program comes as a standard feature of Fedora Core. It has a number of valuable features:

  • You can configure the URLs of download sites you want to use. This provides the added advantage of choosing the most reliable sites in your part of the globe.

  • yum makes multiple attempts to download RPMs before failing.

  • yum automatically figures out not only the RPM packages that need updating, but also all the supporting RPMs. It then installs them all.

Note

Updating packages could cause programs written by you to stop functioning, especially if they rely on the older version's features or syntax.


Configuring yum

All the configuration parameters for yum are stored in the /etc/yum.conf file. The three basic sections are listed in Figure:

File Formatyum.conf

Section

Description

[main]

Contains logging and fault-tolerance parameters, which can usually be left alone

[base]

Contains the URL (ftp:// or http://) of a mirror site that contains the Fedora base configuration RPMs

[updates-released]

Contains the URL (ftp:// or http://) of a mirror site that contains updated Fedora RPMs


The easiest way to determine the exact URLs to use in the baseurl parameters of the [base] and [updates-released] sections of the file is to go to the http://fedora.redhat.com/download/mirrors.html Web site to get a listing of alternative download sites. Browse the sites to find the correct locations of the files:

  • The baseurl URL for [base] would be that of the fedora-version/architecture-type/os subdirectory of your version of Fedora. Make sure there is a headers subdirectory here, or it won't work. There will not be RPMs in this subdirectory.

  • The baseurl URL for [updates-released] would be that of the updates/fedora-version/architecture-type subdirectory of your version of Fedora. Make sure there is a headers subdirectory here, or it won't work. There will be RPMs in this subdirectory.

Here is a sample yum.conf file to update Fedora from one of the mirror sites:

[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=fedora-release
tolerant=1
exactarch=1
[base]
name=Fedora Core $releasever - $basearch - Base
baseurl=http://mirrors.xmission.com/fedora/core/$releasever/$basearch/
os/

[updates-released]
name=Fedora Core $releasever - $basearch - Released Updates
baseurl=http://mirrors.xmission.com/fedora/core/updates/$releasever/
$basearch/

Note

yum accepts the use of variables in the configuration file. The $releasever variable refers to the current version of Fedora Core running on your server, and the $basearch variable maps to the base architecture of your server, which is determined automatically.


Note

It is probably best to select yum update sites that use HTTP instead of FTP. There are a number of reasons for this. FTP firewall rules are more difficult to implement than HTTP, outbound HTTP access to the Internet is often already allowed in offices, and Web servers are less likely to have connection limits imposed on them, unlike FTP servers, which often have limits on the number of user logins.


Note

You can list multiple URLs in a baseurl statement like this and yum will try them all. If you use multiple baseurl statements in each section, yum may act strangely, frequently only selecting the last one in the list:

          baseurl=url://server1/path/to/files/
                   url://server2/path/to/files/
                   url://server3/path/to/files/


Creating Your Own yum Server

An obvious advantage of using yum is that you can use it to update a yum server at your office with the same directory structure of the mirror download sites on the Fedora Web site.

A small desktop PC with about five to six gigabytes of free disk space per distribution should be sufficient to start with for a dedicated small business yum server. Large RPMs are about twenty-five megabytes in size, and they are updated infrequently, so your network load should be minimal on average with an update once or twice a week per server. The problem is timing. There is a yum script file in the /etc/cron.daily directory that runs as a cron job every day at 4:00 a.m. Your yum server could get overwhelmed with simultaneous update requests from all your yum clients. If the load gets too high, you could move this script to another location and schedule it as a cron job for different times for each server. You can also consider throttling the NIC card of the yum server to 10Mbps as another interim means of reducing the problem. Finally, if these measures don't work, you can upgrade the server. For most small businesses/departments this should not be a major concern, and you can use MRTG on the server to get trend data for its network load. MRTG monitoring is covered in Chapter 22, "Monitoring Server Performance."

When established, you can then configure all your Fedora servers to use this local yum server for all updates, which will significantly reduce your Internet congestion and the associated bandwidth costs.

yum clients can access the yum server using either FTP or HTTP requests. If you need help in setting these up, Chapter 15, "Linux FTP Server Setup," discusses Linux FTP servers and Chapter 20, "The Apache Web Server," covers the Apache Web server for HTTP requests.

Note

When setting up an HTTP-based yum server, you need to enable the viewing of directory structures so that it will be easy for someone to use his or her Web browser to navigate down the directories and double-check the location of the yum files.


Before You Start

As of Fedora Core version 3, the yum utility checks the downloaded RPMs against checksum files to help protect against file corruption and malicious forgeries. This is set using the gpgcheck variable in the /etc/yum.conf file. When the value is set to 1, then checks are done, when set to 0, they are disabled:

     #
     # File: /etc/yum.conf
     #
     gpgcheck=1

This is a valuable feature to have but you need to load the checksum files in order for yum to work properly. Please refer to the section titled "Signature Keys" later in the chapter before proceeding.

Keeping Your System Current with yum

You can make the installed RPM packages on your system up to date with the latest patches using the yum update command. When used without listing any packages afterward, yum will attempt to update them all. The yum update package-name command updates only a particular RPM package.

It is always advisable to use yum after installing Linux to make sure the latest versions of software are installed for the sake of improved security and functionality. Here is an example of output with yum updating your system:

     [root@bigboy tmp]# yum update
     Gathering header information file(s) from server(s)
     Server: Fedora Core 2 - i386 - Base
     Server: Fedora Core 2 - i386 - Released Updates
     Finding updated packages
     Downloading needed headers
     Resolving dependencies
     Dependencies resolved
     I will do the following:
     [install: kernel 2.4.22-1.2166.nptl.i686]
     [update: samba-client 3.0.2-7.FC1.i386]
     [update: binutils 2.14.90.0.6-4.i386]
     ...
     ...
     ...
     Is this ok [y/N]: y
     Getting samba-client-3.0.2-7.FC1.i386.rpm
     samba-client-3.0.2-7.FC1. 100% |=========================| 128 kB
     05:01
     ...
     ...
     ...
     Running test transaction:
     Test transaction complete, Success!
     glibc-common 100 % done 1/127
     glibc 100 % done 2/127
     Stopping sshd:[ OK ]
     Starting sshd:[ OK ]
     bash 100 % done 3/127
     mozilla-nspr 100 % done 4/127
     sed 100 % done 5/127
     ...
     ...
     ...
     Completing update for pango - 65/127
     Completing update for samba-client - 66/127
     Completing update for binutils - 67/127
     ...
     ...
     ...
     Completing update for XFree86-font-utils - 127/127
     Kernel Updated/Installed, checking for bootloader
     Grub found - making this kernel the default
     Installed: kernel 2.4.22-1.2166.nptl.i686
     Updated: pango 1.2.5-4.i386 samba-client 3.0.2-7.FC1.i386 binutils
     2.14.90.0.6-4.i386 XFree86-Mesa-libGLU 4.3.0-55.i386 initscripts
     [root@bigboy tmp]#

Note

If you don't want to be prompted to install the files, use the yum with the -y switch.


Example of a yum Package Installation

Here is a sample installation of an individual package using yum. In this case the RPM installed is the net-snmp-utils package:

     [root@bigboy tmp]# yum -y install net-snmp-utils
     Repository updates-released already added, not adding again
     Repository base already added, not adding again
     Setting up Install Process
     Setting up Repo:  base
     repomd.xml          100% |=========================| 1.1 kB    00:00
     Setting up Repo:  updates-released
     repomd.xml          100% |=========================| 951  B    00:00
     Reading repository metadata in from local files
     base      : ############################################ 2622/2622
     primary.xml.gz      100% |=========================| 88  kB    00:00
     MD Read   : ################################################## 229/229
     updates-re: ################################################## 229/229
     Resolving Dependencies
     --> Populating transaction set with selected packages. Please wait.
     ---> Package net-snmp-utils.i386 0:5.1.2-11 set to be installed
     --> Running transaction check

     Dependencies Resolved
     Transaction Listing:
       Install: net-snmp-utils.i386 0:5.1.2-11
     Downloading Packages:
     net-snmp-utils-5.1.2-11.i 100% |===================| 6.2 MB    00:48
     Running Transaction Test
     Finished Transaction Test
     Transaction Test Succeeded
     Running Transaction
     Installing: net-snmp-utils 100 % done 1/1

     Installed: net-snmp-utils.i386 0:5.1.2-11
     Complete!
     [root@bigboy tmp]#

Remember the following facts about yum :

  • You can place a list of packages you never want automatically updated in the [main] section. The list must be separated by spaces. Kernel RPMs may be one of the first sets to go on this list, as in this example:

    [main]
exclude=kernel

  • yum does its updates using TCP port 80 for http:// update URLs and uses passive FTP for ftp:// update URLs in /etc/yum.conf. This will have importance for your firewall rules.

  • More details on configuring yum can be obtained by running the man yum.conf command.

  • yum runs automatically each day. The cron file is located in /etc/cron.daily/.

  • Don't limit yourself to the default yum.conf URLs because they can become overloaded with requests and make yum perform poorly.

     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows