yum源制作

  CentOS7 同步遠程鏡像 搭建本地yum服務器
同步CentOS鏡像站點的數據到本地服務器，使用nginx實現http服務向局域網內的其他機器提供yum服務，解決內網yum安裝軟件的問題。

一、前提條件：
1、本機連接互聯網，能正常訪問CentOS鏡像站點，本例使用中科大的源：mirrors.ustc.edu.cn。

2、CentOS鏡像站點需要支持 rsync 協議。

二、搭建過程：
1、本機安裝所需工具：

yum -y install rsync createrepo
2、創建目錄（位置隨意）：

（1）、centos倉庫目錄，centosplus可以不同步，一般用不到：

mkdir -p /storage/repos/centos/7/{os,updates,extras,centosplus}/x86_64
mkdir -p /storage/repos/centos/6/{os,updates,extras,centosplus}/x86_64
（2）epel倉庫目錄：

mkdir -p /storage/repos/epel/7/x86_64
mkdir -p /storage/repos/epel/6/x86_64

#如果需要EPEL軟件的源碼，請同時創建以下目錄
mkdir -p /storage/repos/epel/7/SRPMS/
mkdir -p /storage/repos/epel/6/SRPMS/
3、同步遠程鏡像（該過程需要很長時間，與你的外網帶寬有關）：

rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/os/x86_64/ /storage/repos/centos/7/os/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/updates/x86_64/ /storage/repos/centos/7/updates/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/extras/x86_64/ /storage/repos/centos/7/extras/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/centosplus/x86_64/ /storage/repos/centos/7/centosplus/x86_64/

rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64/ /storage/repos/centos/6/os/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/updates/x86_64/ /storage/repos/centos/6/updates/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/extras/x86_64/ /storage/repos/centos/6/extras/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/centosplus/x86_64/ /storage/repos/centos/6/centosplus/x86_64/
#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-7 /storage/repos/centos/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 /storage/repos/centos/
4、生成本地倉庫元數據及索引

createrepo /storage/repos/centos/7/os/x86_64/
createrepo /storage/repos/centos/7/updates/x86_64/
createrepo /storage/repos/centos/7/extras/x86_64/
createrepo /storage/repos/centos/7/centosplus/x86_64/

createrepo /storage/repos/centos/6/os/x86_64/
createrepo /storage/repos/centos/6/updates/x86_64/
createrepo /storage/repos/centos/6/extras/x86_64/
createrepo /storage/repos/centos/6/centosplus/x86_64/

5、同步腳本，如果你的服務器一直連接外網可以配置在定時任務里，定期與遠程鏡像保持同步：
[root@yum ~]# cat /etc/cron.daily/update-repos_7.sh
#!/bin/bash
#export RSYNC_PROXY="10.60.34.191:3128"
export RSYNC_PROXY="10.61.98.19:3128"
VER='7'
ARCH='x86_64'
CENTOS_REPOS=(os updates extras centosplus)

#同步centos鏡像
for REPO in ${CENTOS_REPOS[@]}
do
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/${VER}/${REPO}/${ARCH}/ /storage/repos/centos/${VER}/${REPO}/${ARCH}/

createrepo --update /storage/repos/centos/${VER}/${REPO}/${ARCH}/
done

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-${VER} /storage/repos/centos/

#同步epel鏡像
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/x86_64/ /storage/repos/epel/${VER}/x86_64/

createrepo --update /storage/repos/epel/${VER}/x86_64/

#如果需要epel軟件的源碼，同步epel軟件源碼倉庫
#rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/SRPMS/ /storage/repos/epel/${VER}/SRPMS/

#createrepo /storage/repos/epel/${VER}/SRPMS/

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-${VER} /storage/repos/epel/
# chmod 755 /etc/cron.daily/update-repos_6.sh


[root@yum ~]# cat /etc/cron.daily/update-repos_6.sh
#!/bin/bash
#export RSYNC_PROXY="10.60.34.191:3128"
export RSYNC_PROXY="10.61.98.19:3128"
VER='6'
ARCH='x86_64'
CENTOS_REPOS=(os updates extras centosplus)

#同步centos鏡像
for REPO in ${CENTOS_REPOS[@]}
do
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/${VER}/${REPO}/${ARCH}/ /storage/repos/centos/${VER}/${REPO}/${ARCH}/

createrepo --update /storage/repos/centos/${VER}/${REPO}/${ARCH}/
done

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-${VER} /storage/repos/centos/

#同步epel鏡像
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/x86_64/ /storage/repos/epel/${VER}/x86_64/

createrepo --update /storage/repos/epel/${VER}/x86_64/

#如果需要epel軟件的源碼，同步epel軟件源碼倉庫
#rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/SRPMS/ /storage/repos/epel/${VER}/SRPMS/

#createrepo /storage/repos/epel/${VER}/SRPMS/


#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-${VER} /storage/repos/epel/
# chmod 755 /etc/cron.daily/update-repos_6.sh
6、關閉selinux:

# 1、永久關閉
vi /etc/selinux/config
#將其中的 SELINUX=enforcing 配置項 修改為： SELINUX=disabled

# 2、臨時關閉
setenforce 0
7、nginx的安裝及配置（cenos官方源中沒有包含nginx， 通過epel源安裝nginx）:

（1）、安裝epel源:

yum install epel-release
（2）、安裝nginx：

yum install -y nginx
（3）、啟動nginx：

systemctl start nginx.service
（4）、開機自動啟動nginx服務：

systemctl enable nginx.service
（5）、防火牆允許nginx服務：

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
[root@yum ~]# cat /opt/openresty/nginx/conf/nginx.conf|grep -v "#"|grep -v "^$"
user www;
worker_processes 4;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main ;
error_log logs/error.log info;
sendfile on;
keepalive_timeout 120s 120s;
keepalive_requests 10000;
server {
listen 80;
server_name ifconfig.kjtyun.com;
location /cmdb_update/ {
alias /opt/openresty/nginx/html/;
autoindex on;
}
location /yum/ {
alias /opt/openresty/nginx/html/;
autoindex on;
}
location / {
default_type text/html;
add_header Content-Type 'text/html; charset=utf-8';
return 200 "$remote_addr";
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name yum.kjtyun.com;
root /storage/repos/ ;
location = / {
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
（8）、重啟nginx服務或讓nginx重新加載配置：

systemctl restart nginx.service
#或
systemctl reload nginx.service
現在應該可能通過 http://{ipaddress} 能查看到內容了，如果報403之類的錯誤，請查找nginx相關錯誤的解決辦法。

三、yum客戶端（機）配置：
1、修改 /etc/yum.repos.d/CentOS-Base.repo 文件中各倉庫的baseurl 和 gpgkey 配置項，模板中的{ipaddress}替換為你的實際IP地址。

[hadoop@node1 yum.repos.d]$ cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever



[hadoop@node1 yum.repos.d]$ cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
baseurl=http://yum.kjtyun.com/epel/$releasever/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
baseurl=http://yum.kjtyun.com/epel/$releasever/$basearch/debug
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever

#[epel-source]
#name=Extra Packages for Enterprise Linux 7 - $basearch - Source
##baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
#failovermethod=priority
#enabled=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
#gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever
#gpgcheck=1

3、清除yum緩存：
yum clean all
4、刪除yum緩存目錄：

rm -rf /var/cache/yum/*
5、創建yum緩存：

yum makecache

 

 

# cat /etc/yum.repos.d/CentOS-Base.repo
## centos7

[base7]

name=CentOS-7-os-cmiot.local

baseurl=http://mirror.centos.org/centos/7/os/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

#centosplus

[centosplus7]

name=CentOS-7-centosplus-cmiot.local

baseurl=http://mirror.centos.org/centos/7/centosplus/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

#released updates

[updates7]

name=CentOS-7-updates-cmiot.local

baseurl=http://mirror.centos.org/centos/7/updates/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful

[extras7]

name=CentOS-7-extras-cmiot.local

baseurl=http://mirror.centos.org/centos/7/extras/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

## centos6

[base6]

name=CentOS-6-os-cmiot.local

baseurl=http://mirror.centos.org/centos/6/os/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#centosplus

[centosplus6]

name=CentOS-6-centosplus-cmiot.local

baseurl=http://mirror.centos.org/centos/6/centosplus/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#released updates

[updates6]

name=CentOS-6-updates-cmiot.local

baseurl=http://mirror.centos.org/centos/6/updates/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful

[extras6]

name=CentOS-6-extras-cmiot.local

baseurl=http://mirror.centos.org/centos/6/extras/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

## epel
[epel6]

name=CentOS-6-epel-cmiot.local

baseurl=https://dl.fedoraproject.org/pub/epel/6/x86_64/

gpgcheck=0

[epel7]

name=CentOS-7-epel-cmiot.local

baseurl=https://dl.fedoraproject.org/pub/epel/7/x86_64/

gpgcheck=0

 

reposync -n --repoid=extras7 --repoid=updates7 --repoid=base7 --repoid=centosplus7 -p /data/website/centos/7

reposync -n --repoid=epel7 -p /data/website/epel/

reposync -n --repoid=extras6 --repoid=updates6 --repoid=base6 --repoid=centosplus6 -p /data/website/centos/6

reposync -n --repoid=epel6 -p /data/website/epel/

 

createrepo -po /data/website/centos/6/base6/ /data/website/centos/6/base6/

createrepo -po /data/website/centos/6/updates6/ /data/website/centos/6/updates6/

createrepo -po /data/website/centos/6/extras6/ /data/website/centos/6/extras6/

createrepo -po /data/website/centos/6/centosplus6/ /data/website/centos/6/centosplus6/

createrepo -po /data/website/epel/epel6/ /data/website/epel/epel6/

 

createrepo -po /data/website/centos/7/base7/ /data/website/centos/7/base7/

createrepo -po /data/website/centos/7/updates7 /data/website/centos/7/updates7

createrepo -po /data/website/centos/7/extras7 /data/website/centos/7/extras7

createrepo -po /data/website/epel/epel7 /data/website/epel/epel7

createrepo -po /data/website/centos/7/centosplus7/ /data/website/centos/7/centosplus7/

 

# cat globaleyum.kjtyun.com.conf
server {
listen 80;
server_name globaleyum.kjtyun.com;
access_log /data/logs/nginx/globaleyum.kjtyun.com.log access;
root /data/website/ ;
location = / {
autoindex on;
}

error_page 500 502 503 504 /50x.html;

location = /50x.html {
root html;
}
}

 

[root@node1 yum.repos.d]# cat globalegrow.repo
#CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/base$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/updates$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/extras$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/centosplus$releasever
gpgcheck=1
enabled=0
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

 

[epel]
name=Extra Packages for Enterprise Linux $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/${releasever}/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-${releasever}&arch=$basearch
baseurl=http://globaleyum.kjtyun.com/epel/epel$releasever
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever

[globalegrow]
name=globalegrow
baseurl=http://globaleyum.kjtyun.com/globalegrow/centos$releasever
enabled=1
gpgcheck=0

 

 

# cat /etc/ntp.conf
# 指定時間漂移記錄文件，作用：如果ntpd停止並重新啟動，它將從該文件初始化頻率，並避免可能的長時間間隔重新學習校正。
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
#restrict 172.31.32.0 mask 255.255.240.0 nomodify notrap
restrict 127.0.0.1
restrict -6 ::1

restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
restrict 172.16.0.0 mask 255.240.0.0 nomodify notrap
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap
## prefer：優先使用
## minpoll && maxpoll：
server 0.pool.ntp.org prefer iburst minpoll 4 maxpoll 6
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
server 127.127.1.0 iburst
fudge 127.127.1.0 stratum 10

statistics loopstats peerstats clockstats

filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

logfile /var/log/ntp.log
broadcastdelay 0.008