- RHEL / CentOS / Fedora / Rocky Linux
- Redhat Package Management - Rpm to Yum to Dnf
- Kickstart - Automated Installations
Redhat is one of the original Linux distributions.
Unfortunately they discontinued their free Redhat distribution replacing it with a commercially licensed Redhat Enterprise Linux (RHEL) and a less stable desktop-focused Fedora Linux in the mid 2000s.
Community volunteers reacted by creating CentOS from RHEL source rpms to maintain a clone of stable redhat enterprise linux for servers. Redhat supported this for years but eventually killed it in the leading to another clone Rocky Linux.
Redhat then decided to even stop providing their source rpms to make it harder to maintain any open source redhat server class distribution. Fedora is less stable and changes more frequently.
Nobody who runs serious servers wants to beta test Redhat for free.
This has led to the other major original distribution Debian (and its derivative Ubuntu) becoming the standard Linux distributions and sadly relegating Redhat based distos to legacy status.
Do not use Redhat based distros for new work today unless you have no other choice.
rpm installs local rpm package files and maintains a local database of installed packages.
yum pulls rpms from internet repositories and installs them locally while resolving the dependencies and pulling the
other required packages. Redhat used to be a nightmare in the early 2000s before Redhat adopted this package manager from
Yellow Dog Linux (Yum stood for Yellow dog Update Manager). Yum is written in Python, which is a maintenance nightmare
since the 2000s. Trying to upgrade the system Python would break the world leading to awkward workarounds or virtualenvs.
dnf - a drop in yum replacement written in C/C++, often symlinked to yum with mostly the same arguments for the basics
but differing outputs and options have happened over time.
You can generally use yum and dnf commands interchangeably for the most part.
yum of course works on both older and newer systems so we'll keep using this for now.
Find which package would install the htpasswd command:
yum provides '*/bin/htpasswd'yum provides \*/bin/javaoutput:
java-1.8.0-openjdk-headless
java-11-openjdk-headless
Set yum proxy in /etc/yum.conf.
wget - set proxy in /etc/wgetrc.
Proxy configuration for all repos in /etc/yum.conf:
proxy=http://server:3128
proxy_username=hari
proxy_password=myPass
disable proxying for specific internal repos
proxy=_none_
or for a single user/session yum can pick up:
export http_proxy="http://user:pass@server:3128"
shell yum install -y yum-utils
repoquery -f */fileinspired by http://wiki.centos.org/TipsAndTricks/YumAndRPM
To see an rpm's files and header:
less "$file.rpm"Look for rpm groups in /usr/share/doc/rpm-4.4.2.3/GROUPS
Repos files in /etc/yum/repos.d/ have to end in .repo.
Determine when package was installed or when the os itself was installed by looking at first rpm installation date:
rpm -qa --lastkeychecker # from epel, lists the originating repos of all installed rpms from their gpg signature, or packages specified on the cli
Show all repos + enabled/disabled status + no of packages in repo:
yum repolist allShow just enabled or disabled:
yum repolist # [enabled|disabled]Find all non CentOS packages:
rpm -qa --qf '%{NAME} %{VENDOR}\n' | grep -v CentOSReset file permissions on the files for a given package, in case you've messed things up:
rpm --setperms "$package"rpm --setugids "$package"Look at the changelog for a package to see if it's had patches applied:
rpm -q --changelog "$package" | lessSee doc files for a package:
rpm -qd "$package"See the doc files for the package that installed a file:
rpm -qfd /path/to/fileFind out what packages you have from a vendor by querying from the rpm fields works for most fields shown by rpm -qi:
rpm -qa release='*rf*'rpm -qa vendor="Dag*"rpm -qa packager="Dag*"Extract just one file for from an rpm:
First list the files in the package to find out what you want:
rpm -qlp "$package"This is the better way of seeing the filename that you must pass to cpio next for an exact match to extract just that one file:
rpm2cpio "$package" | cpio -tThen extract just the file you want:
rpm2cpio "$package" | cpio -ivd filenameHere you can see it only extracted cpan2rpm when given ./usr as this was seen by cpio -t
rpm2cpio cpan2rpm-2.026-12.0.el5.noarch.rpm | cpio -ivd ./usr/bin/cpan2rpmresults in ./usr/bin being created with cpan2rpm in it, then just copy elsewhere
List RPM Install Dates:
rpm -qa --lastyum-config-manager --disable <repoid>or
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=trueList all available rpms from a particular repo:
yum --disablerepo "*" --enablerepo "internal" list availableList package, both installed and available:
yum list "$package"Download rpm and all the dependencies that aren't currently installed for putting in to your own stable repo
yumdownloader --resolve "$package"Use yum to install a local package, automatically checking/satisfying dependencies:
yum --nogpgcheck localinstall packagename.arch.rpmSelect priority, name from repos order by priority desc:
cat /etc/yum.repos.d/*.repo |
sed -n -e '/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }' |
sort -k3nmy slightly better but much more complicated version
cat /etc/yum.repos.d/*.repo |
sed -n -e '/^\[/h; /priority *=/{ H; g; s/ *\n/ / ; s/ity=/ity = /; p }' |
xargs -l1 printf "%-15s %s %s %s\n" |
sort -k4nAnything not listed will default to priority 99.
This rather complicated line will output the complete thing, but it's turning in to a shell script by this point:
cat /etc/yum.repos.d/*.repo |
grep -e "^\[" \
-e "priority *=" |
tr '\n' ' ' |
ed 's/ \[/\n[/g;' |
while read -r line; do
grep -q "priority" <<< "$line" || line+=" priority=99"
echo "$line"
done |
sed 's/ity=/ity = /' |
xargs -l1 printf "%-25s %s %s %s\n" |
sort -k4nyum search freeradiusyum list freeradius*yum info freeradius*yum whatprovides etc/httpdyum grouplist hiddenyum groupinstallyum update --exclude="$package"Use to protect base repo packages from being updated from other repos:
Packages:
yum-protectbasein RHEL5yum-plugin-protectbasein RHEL6
Config:
/etc/yum.repos.d/base.repo:protect=1under stanza/etc/yum/pluginconf.d/rhnplugin.conf:protect = yesunder stanza
Build rpms
rpmbuild --rebuild foo.src.rpmrpmbuild -D "packager Hari Sekhon <[email protected]>" foo.speccd
mkdir -p redhat/{SRPMS,RPMS,SPECS,BUILD,SOURCES}
echo "%_topdir /home/hari/redhat" >> .rpmmacros
echo "%packager Hari Sekhon <[email protected]>" >> .rpmmacros
then rpmbuildWhen packaging for custom version of perl, put this in ~/.rpmmacros:
%packager Hari Sekhon
%__perl /usr/local/bin/perlcpan2rpm --no-sign --packager "Hari Sekhon <[email protected]>" MIME::LiteDownload all RPMs from an external repo, install yum-utils for reposync, createrepo and have a web server serve out this directory:
yum install yum-utils createreporeposync -r <repo_name>createrepo .Collections of packages for an application stream version.
yum module listyum module list installedWhich module provides this rpm:
yum module provides $rpmyum module info moduleList rpms installed my module:
yum module info --profile module:streamDisplay status of module:
yum module list "$module"Enable without installing rpms:
yum module enable "$module:$stream"Install specific stream version:
yum module install "$module:$stream/$profile"Disable + remove all rpms from module stream:
yum module remove module &&
yum module disable moduleGives developers newer Python/Perl/MySQL bundles.
https://developers.redhat.com/products/red-hat-software-collections/overview
Repository management
All Redhat derived systems can be automatically installed using a Kickstart configuration file which can be bundled into an installation medium such as a DVD iso or served by a web server on the local network.
This is called by adding the following kernel arguments in the installation grub bootloader:
inst.ks=http://192.168.1.2:8080/kickstart.cfg(if booting hangs, try adding some of these kernel arguments: nolapic, pci=routeirq, pci=noacpi, noapic)
If you just want to start a quick webserver from your local directory, you can do this which starts a local webserver on port 8080:
warning this will share out your entire $PWD local directory contents without authentication so copy to an empty
/tmp directory and share that so nothing else is exposed:
mkdir -p -v /tmp/serve-kickstart &&
cd /tmp/serve-kickstart &&
wget -nc https://raw.githubusercontent.com/HariSekhon/Templates/master/anaconda-ks.cfg &&
python -m SimpleHTTPServer ||
python -m http.serverWhen installing a system by hand, the anaconda installer generates a template automatically with the settings you used
at /root/anaconda-ks.cfg. You can use this as a starting point,
Or you can use this template with some additional tips:
HariSekhon/Templates - anaconda-ks.cfg
or the real kickstart config used in the Packer repo below.
Packer builds fully automated Virtual Machine golden templates from which to clone virtual machines by booting the Redhat Anaconda installer medium with a Kickstart config.
Real-world Kickstart config used by Packer build:
HariSekhon/Packer-templates - installers/anaconda-ks.cfg