The yum automatic RPM update program comes as a standard feature of
Fedora Core. It has a number of valuable features:
☞ You can configure the URLs of download sites you want to use. This pro- vides the added advantage of choosing the most reliable sites in your part of the globe.
☞ yummakes multiple attempts to download RPMs before failing.
☞ yum automatically figures out not only the RPM packages that need
updating, but also all the supporting RPMs. It then installs them all.
Automatic Updates with yum 107
Note
Updating packages could cause programs written by you to stop functioning, espe- cially if they rely on the older version’s features or syntax.
Configuring yum
All the configuration parameters for yumare stored in the /etc/yum.conffile.
The three basic sections are listed in Table 6.2:
Table 6.2 File Format—yum.conf
Section Description
[main] Contains logging and fault-tolerance parameters, which can usually be left alone
[base] Contains the URL (ftp:// or http://) of a mirror site that contains the Fedora base configuration RPMs
[updates-released] Contains the URL (ftp:// or http://) of a mirror site that contains updated Fedora RPMs
The easiest way to determine the exact URLs to use in the baseurl
parameters of the [base]and [updates-released]sections of the file is to go to
the http://fedora.redhat.com/download/mirrors.htmlWeb site to get a listing of
alternative download sites. Browse the sites to find the correct locations of the files:
☞ The baseurl URL for [base] would be that of the fedora-version/ architecture-type/os subdirectory of your version of Fedora. Make sure
there is a headers subdirectory here, or it won’t work. There will not be
RPMs in this subdirectory.
☞ The baseurl URL for [updates-released] would be that of the updates/fedora-version/architecture-typesubdirectory of your version of
Fedora. Make sure there is a headerssubdirectory here, or it won’t work.
There will be RPMs in this subdirectory.
Here is a sample yum.conffile to update Fedora from one of the mirror
sites: [main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest distroverpkg=fedora-release tolerant=1 exactarch=1
108 Installing RPM Software Chapter 6
[base]
name=Fedora Core $releasever - $basearch - Base
baseurl=http://mirrors.xmission.com/fedora/core/$releasever/$basearch/ os/
[updates-released]
name=Fedora Core $releasever - $basearch - Released Updates
baseurl=http://mirrors.xmission.com/fedora/core/updates/$releasever/ $basearch/
Note
yumaccepts the use of variables in the configuration file. The $releasevervariable
refers to the current version of Fedora Core running on your server, and the
$basearchvariable maps to the base architecture of your server, which is deter-
mined automatically.
Note
It is probably best to select yum update sites that use HTTP instead of FTP. There are a number of reasons for this. FTP firewall rules are more difficult to imple- ment than HTTP, outbound HTTP access to the Internet is often already allowed in offices, and Web servers are less likely to have connection limits imposed on them, unlike FTP servers, which often have limits on the number of user logins.
Note
You can list multiple URLs in a baseurlstatement like this and yumwill try them
all. If you use multiple baseurl statements in each section,yummay act strangely,
frequently only selecting the last one in the list:
baseurl=url://server1/path/to/files/ url://server2/path/to/files/ url://server3/path/to/files/
Creating Your Own yumServer
An obvious advantage of using yumis that you can use it to update a yumserver
at your office with the same directory structure of the mirror download sites on the Fedora Web site.
A small desktop PC with about five to six gigabytes of free disk space per distribution should be sufficient to start with for a dedicated small business
yumserver. Large RPMs are about twenty-five megabytes in size, and they are
updated infrequently, so your network load should be minimal on average with an update once or twice a week per server. The problem is timing. There is a yum script file in the /etc/cron.daily directory that runs as a cron job
Automatic Updates with yum 109
every day at 4:00 a.m. Your yumserver could get overwhelmed with simultane-
ous update requests from all your yum clients. If the load gets too high, you
could move this script to another location and schedule it as a cronjob for dif-
ferent times for each server. You can also consider throttling the NIC card of the yumserver to 10Mbps as another interim means of reducing the problem.
Finally, if these measures don’t work, you can upgrade the server. For most small businesses/departments this should not be a major concern, and you can use MRTG on the server to get trend data for its network load. MRTG moni- toring is covered in Chapter 22, “Monitoring Server Performance.”
When established, you can then configure all your Fedora servers to use this local yum server for all updates, which will significantly reduce your
Internet congestion and the associated bandwidth costs.
yumclients can access the yumserver using either FTP or HTTP requests.
If you need help in setting these up, Chapter 15, “Linux FTP Server Setup,” discusses Linux FTP servers and Chapter 20, “The Apache Web Server,” covers the Apache Web server for HTTP requests.
Note
When setting up an HTTP-based yum server, you need to enable the viewing of
directory structures so that it will be easy for someone to use his or her Web browser to navigate down the directories and double-check the location of the yum
files.
Before You Start
As of Fedora Core version 3, the yum utility checks the downloaded RPMs
against checksum files to help protect against file corruption and malicious forgeries. This is set using the gpgcheck variable in the /etc/yum.conf file.
When the value is set to 1, then checks are done, when set to 0, they are disabled:
#
# File: /etc/yum.conf #
gpgcheck=1
This is a valuable feature to have but you need to load the checksum files in order for yumto work properly. Please refer to the section titled “Signature
Keys” later in the chapter before proceeding. Keeping Your System Current with yum
You can make the installed RPM packages on your system up to date with the latest patches using the yum updatecommand. When used without listing any
110 Installing RPM Software Chapter 6
packages afterward, yum will attempt to update them all. The yum update package-namecommand updates only a particular RPM package.
It is always advisable to use yumafter installing Linux to make sure the
latest versions of software are installed for the sake of improved security and functionality. Here is an example of output with yumupdating your system:
[root@bigboy tmp]# yum update
Gathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base
Server: Fedora Core 2 - i386 - Released Updates Finding updated packages
Downloading needed headers Resolving dependencies Dependencies resolved I will do the following:
[install: kernel 2.4.22-1.2166.nptl.i686] [update: samba-client 3.0.2-7.FC1.i386] [update: binutils 2.14.90.0.6-4.i386] ... ... ... Is this ok [y/N]: y Getting samba-client-3.0.2-7.FC1.i386.rpm samba-client-3.0.2-7.FC1. 100% |=========================| 128 kB 05:01 ... ... ...
Running test transaction:
Test transaction complete, Success! glibc-common 100 % done 1/127 glibc 100 % done 2/127 Stopping sshd:[ OK ] Starting sshd:[ OK ] bash 100 % done 3/127 mozilla-nspr 100 % done 4/127 sed 100 % done 5/127 ... ... ...
Completing update for pango - 65/127
Completing update for samba-client - 66/127 Completing update for binutils - 67/127 ...
... ...
Completing update for XFree86-font-utils - 127/127 Kernel Updated/Installed, checking for bootloader Grub found - making this kernel the default Installed: kernel 2.4.22-1.2166.nptl.i686
Updated: pango 1.2.5-4.i386 samba-client 3.0.2-7.FC1.i386 binutils 2.14.90.0.6-4.i386 XFree86-Mesa-libGLU 4.3.0-55.i386 initscripts [root@bigboy tmp]#
Automatic Updates with yum 111
Note
If you don’t want to be prompted to install the files, use the yumwith the -yswitch.
Example of a yumPackage Installation
Here is a sample installation of an individual package using yum. In this case
the RPM installed is the net-snmp-utils package: [root@bigboy tmp]# yum -y install net-snmp-utils
Repository updates-released already added, not adding again Repository base already added, not adding again
Setting up Install Process Setting up Repo: base
repomd.xml 100% |=========================| 1.1 kB 00:00 Setting up Repo: updates-released
repomd.xml 100% |=========================| 951 B 00:00 Reading repository metadata in from local files
base : ############################################ 2622/2622 primary.xml.gz 100% |=========================| 88 kB 00:00 MD Read : ################################################## 229/229 updates-re: ################################################## 229/229 Resolving Dependencies
--> Populating transaction set with selected packages. Please wait. ---> Package net-snmp-utils.i386 0:5.1.2-11 set to be installed --> Running transaction check
Dependencies Resolved Transaction Listing:
Install: net-snmp-utils.i386 0:5.1.2-11 Downloading Packages:
net-snmp-utils-5.1.2-11.i 100% |===================| 6.2 MB 00:48 Running Transaction Test
Finished Transaction Test Transaction Test Succeeded Running Transaction
Installing: net-snmp-utils 100 % done 1/1 Installed: net-snmp-utils.i386 0:5.1.2-11 Complete!
[root@bigboy tmp]#
Remember the following facts about yum:
☞ You can place a list of packages you never want automatically updated in the [main] section. The list must be separated by spaces. Kernel RPMs
may be one of the first sets to go on this list, as in this example:
[main]
exclude=kernel
112 Installing RPM Software Chapter 6
☞ yumdoes its updates using TCP port 80 for http:// update URLs and uses
passive FTP for ftp:// update URLs in /etc/yum.conf. This will have
importance for your firewall rules.
☞ More details on configuring yum can be obtained by running the man yum.confcommand.
☞ yum runs automatically each day. The cron file is located in /etc/cron.daily/.
☞ Don’t limit yourself to the default yum.conf URLs because they can
become overloaded with requests and make yumperform poorly.