When using VirtualBox with a Centos6 image I cannot do yum udpate anymore, I have checked on the internet and it looks that Centos6 is deprecated.
[root#centos69 ~]# yum makecache
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base
[root#centos69 ~]# yum update
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Update Process
Loading mirror speeds from cached hostfile
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base
There could be two possible solutions to solve this issue:
Edit the CentOS-Base.repo file with vim
vim /etc/yum.repos.d/CentOS-Base.repo
Delete or comment every line that starts with 'mirrorlist'.
And add the following line to every [section] of the file like [base], [updates]...
baseurl=https://vault.centos.org/6.10/os/$basearch/
Another solution could be running this command on an image that comes from this repo https://vault.centos.org/
/scripts/autorepair centos6_base_repo_is_no_more
More information about these solutions:
https://support.cpanel.net/hc/en-us/articles/360058490254--CentOS-6-End-of-Life-Notice
https://forums.cpanel.net/threads/yumrepo-error-and-cannot-find-valid-baseurl.682465/
Yes, like red hat 6.x centos 6 did go EOL in november 2020, hope you don't have anything sensitive stuff in that vm.
https://forums.centos.org/viewtopic.php?t=72710
You can change to use the vault at vault.centos.org. First you should disable any repo that no longer work. You can get a list of repos with
yum repolist
then you can disable them with
yum-config-manager --disable {reponame} {reponame}
like
yum-config-manager --disable base update
or just disable all of them
yum-config-manager |grep ^\\[|tr -d ']['|xargs yum-config-manager --disable
Once the broken repos are disabled you need to add the vault repo.
yum-config-manager --add-repo=https://vault.centos.org/6.10/os/x86_64/
After that you can install packages as needed but remember - it's no updates to anything so if security is a concern you need to change os to something newer that is supported.
followed this post and it worked.
https://www.getpagespeed.com/server-setup/how-to-fix-yum-after-centos-6-went-eol
The alternative method in the post:
vi /etc/yum.repos.d/CentOS-Base.repo
and replace the content with this:
[C6.10-base]
name=CentOS-6.10 - Base
baseurl=http://vault.epel.cloud/6.10/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-updates]
name=CentOS-6.10 - Updates
baseurl=http://vault.epel.cloud/6.10/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-extras]
name=CentOS-6.10 - Extras
baseurl=http://vault.epel.cloud/6.10/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-contrib]
name=CentOS-6.10 - Contrib
baseurl=http://vault.epel.cloud/6.10/contrib/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never
[C6.10-centosplus]
name=CentOS-6.10 - CentOSPlus
baseurl=http://vault.epel.cloud/6.10/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never
Related
I'm attempting to edit the yum.repos.d file in order to disable unwanted repos and enable wanted repos without using the vi editor. Each time I use the method I know of it fails to make the changes. Does anyone know what I'm missing?
See Below:
yum-config-manager --disable \therepoid,anotherrepoid
Note: I'm not executing this from the yum.repos.d directory
First you need to run the command as root
Then you should get the list of repos:
yum repolist all
And then you can enable or disable particular repo(s) by repo_id from previous command
yum-config-manager --enable repo_id
For reference you can use RedHat documentation
Having great difficulty tracking down what is causing the below error when attempting to update any package from any repo. I have tested multiple repos by setting all others to disabled. I have cleaned all cache and removed any dnf yum cache files.
# dnf -v update
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, needs-restarting, playground, repoclosure, repodiff, repograph, repomanage, reposync
DNF version: 4.2.7
cachedir: /var/cache/dnf
repo: downloading from remote: AppStream
error: Curl error (28): Timeout was reached for http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=stock [Resolving timed out after 30000 milliseconds] (http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=stock).
CentOS-8 - AppStream 0.0 B/s | 0 B 00:30
Cannot download 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=stock': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=stock [Resolving timed out after 30000 milliseconds].
Failed to download metadata for repo 'AppStream'
Error: Failed to download metadata for repo 'AppStream'
Each time I attempt a dnf update, load average on the server goes thru the roof, up to 40x
curl can access the mirror site.
curl 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=stock'
http://ftp.tc.edu.tw/Linux/CentOS/8.2.2004/AppStream/x86_64/os/
http://mirror.horizon.vn/centos/8.2.2004/AppStream/x86_64/os/
http://ftp.jaist.ac.jp/pub/Linux/CentOS/8.2.2004/AppStream/x86_64/os/
http://centosg9.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://packet01.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://mirror.s8.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://centoso7.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://centosh9.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://centosc8.centos.org/centos/8.2.2004/AppStream/x86_64/os/
http://centosg7.centos.org/centos/8.2.2004/AppStream/x86_64/os/
I have also tried using baserurl in .repo, same error
I have also replaced the baseurl with one of the url's returned by curl, same error
I have tried many suggestions such as yum/dnf error: Failed to download metadata for repo
and similar, none work for me.
Some articles point to bugs in the env vars for $releaseserver etc. I have also tried replacing with actual values. same error.
Internet connection obviously OK due to curl result.
No proxy used.
DNS OK
cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
uname -a
Linux xxxx 4.18.0-147.5.1.el8_1.x86_64 #1 SMP Wed Feb 5 02:00:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Any suggestions would be greatly appreciated.
For some weird reasons, After setting the nameserver in /etc/resolv.conf to 8.8.8.8 and a reboot fixed the problem for me.
Also, I disabled the Dynamic memory for Hyper-V VM. DNF command is expecting a lot of memory.
Please give it a try.
Regards,
Arockiasamy
The only thing that worked for me was to disable and remove the offending repo.
sudo yum --disablerepo=epel\* remove epel-release.noarch
We recently installed ppolicy module and the related things in our OpenLDAP instance for password policy ( http://www.zytrax.com/books/ldap/ch6/ppolicy.html#account-unlock) . However, among them there was no way to set up something that does a password check whenever a new password is set. Then, we were pointed out to this link - http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password , where pwdPolicyChecker seemed like a module that can solve this issue. But we have no idea how to install this C module in our current ubuntu OpenLDAP set up. Also, the instructions provided seemed to be more like how the openldap setup used to be earlier in ubuntu and not like how it is now with slapd.d . Has anyone done an installation of a C module in OpenLDAP in the new ubuntu setup? Any pointers toward that would be very much appreciated.
Thanks!
I've been using the LTB's pwdCheckerModule for years without a glitch.
I just rebuilt it - as a package, for Debian/Stretch - using the tweaked Onyx Point's version; https://github.com/onyxpoint/ppolicy-check-password
I created the corresponding Debian-specific fork - https://github.com/cedric-dufour/ppolicy-check-password/tree/debian-stretch - including the README.DEBIAN file that should answer your question (most relevant part copied below); doing the same for Ubuntu should not be too different.
* Get the Debian source code for the OpenLDAP packages and build dependencies:
apt-get source openldap
apt-get build-deps openldap
* Include the ppolicy-check-password source code into the OpenLDAP source tree
and install additional build dependencies:
cd openldap-<version>
mkdir -p contrib/slapd-modules/ppolicy-check-password
cp /path/to/ppolicy-check-password.git/* contrib/slapd-modules/ppolicy-check-password/.
apt-get install libcrack2-dev
* Patch the Debian (packaging) directory:
patch -p1 < /path/to/ppolicy-check-password.git/debian/debian-directory.patch
* Build the OpenLDAP packages:
dpkg-buildpackage -us -uc -b
* Copy and install the slapd-ppolicy-check-password_<version>.deb package to
the target server:
dpkg -i slapd-ppolicy-check-password_<version>.deb
* Configure the ppolicy-check-password module:
vim /etc/ldap/check_password.conf
* Add the ppolicy-check-password module/check to your PPolicy:
pwdCheckModule: check_password.so
pwdCheckQuality: 2
Today I've been doing some testing with Ambari on a cluster of servers so that I can deploy a BigInsights image. Everything seems to be going well with all the components being configured okay, that is until it does the final install. I see a image similar to this -
Examining the failures in more detail it shows messages like this:
yum -d 0 -e 0 -y install iop-select
Error: Nothing to do
Yum cannot find the iop-select package, which is listed as a required package for one of the services the Ambari wizard is installing. This can happen for a few reasons:
You have a stale yum db.
Solution: Refresh by running:
sudo yum clean all
The repository containing the installation bits for the service you are trying to install is not configured in the repoinfo.xml file.
Solution: Check the stack definition in Ambari to make sure the repository information exists and is correct. For example in IOP 4.0 you would check file:
/var/lib/ambari-server/resources/stacks/BigInsights/4.0/repos/repoinfo.xml
to make sure it has an entry similar to:
<repo>
<baseurl>http://ibm-open-platform.ibm.com/repos/IOP/RHEL6/x86_64/4.0</baseurl>
<repoid>IOP-4.0</repoid>
<reponame>IOP</reponame>
</repo>
If it doesn't exist add the correct entry for the BigInsights/IOP version you are using, save the file, and finally restart ambari server by running the following command:
sudo ambari-server restart
Once ambari-server restarts you can try the installation again.
It would seem that all nodes in the cluster fail to install due to a lack of initialisation of the repos, for example:
# yum search iop
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
================================= N/S Matched: iop ===================================
xorg-x11-fonts-ethiopic.noarch : Ethiopic fonts
Name and summary matches only, use "search all" for everything.
But if we clean the systems then is systems I can then discover the required packages:
# yum clean all
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security,
subscription-manager
Cleaning repos: BI_AMBARI-2.1.0-20150806_1901 IOP-4.1 IOP-UTILS-1.0 hostdb
RHEL-ha RHEL-lb RHEL-optional RHEL-supplementary
: RHEL-updates RHEL-v2vwin rhel-x86_64-server-6
Cleaning up Everything
# yum search iop
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security,
subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
--<cut>--
=============================== N/S Matched: iop =================================
xorg-x11-fonts-ethiopic.noarch : Ethiopic fonts
**iop-select.noarch : Distribution Select**
Name and summary matches only, use "search all" for everything.
After which you should find that all the installs go though without any error.
I've created a local yum repository for RHEL 7 on a separate server. Then I used the "reposync" command to get the packages from RHN.
reposync --download-metadata --gpgcheck -l --repoid=rhui-REGION-rhel-server-rh-common --download_path=/rhel_security_repo/
reposync --download-metadata --gpgcheck -l --repoid=rhui-REGION-rhel-server-optional --download_path=/rhel_security_repo/
reposync --download-metadata --gpgcheck -l --repoid=rhui-REGION-rhel-server-releases --download_path=/rhel_security_repo/
After that, I executed the following command to create my repo:
createrepo --database /rhel_security_repo/
The repository was created successfully with over than 9000 packages as expected. What I am trying to do now is to have other boxes using this local repository. I've created a yum config file in the other boxes where the baseurl points to this server with the local yum repository.
[security-updates-rhel7]
name=Repository for RHEL7 security updates
baseurl=ip-server
enabled=1
gpgcheck=1
All the servers are able to talk to this server with the local yum repo and they can install packages from it.
The problem is I can't update packages when I run yum update --security:
Example:
yum --disablerepo="*" --enablerepo="security-updates-rhel7" --security update mariadb-libs
Loaded plugins: amazon-id, rhui-lb
--> 1:mariadb-libs-5.5.37-1.el7_0.x86_64 from #rhui-REGION-rhel-server-releases removed (updateinfo)
--> 1:mariadb-libs-5.5.40-2.el7_0.x86_64 from security-updates-rhel7 removed (updateinfo)
No packages needed for security; 1 packages available
Resolving Dependencies
However, if I run the command without --security, I can see available updates:
yum --disablerepo="*" --enablerepo="security-updates-rhel7" update mariadb-libs
Loaded plugins: amazon-id, rhui-lb
Resolving Dependencies
--> Running transaction check
---> Package mariadb-libs.x86_64 1:5.5.37-1.el7_0 will be updated
---> Package mariadb-libs.x86_64 1:5.5.40-2.el7_0 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================
Updating:
mariadb-libs x86_64 1:5.5.40-2.el7_0 security-updates-rhel7 753 k
Transaction Summary
==============================================================================================================================
Upgrade 1 Package
Total download size: 753 k
Is this ok [y/d/N]:
It seems I lost the security metadata when I did the reposync.
Any ideas what the problem could be?
Etan has the right idea; those are the two ways we found to get around the issue with RHEL6. You could pull the Redhat metadata straight out of your yum cache and copy it into your local repo, and that works 90% of the time... but 10% it will give you random failures if Redhat happens to be updating a repository while you are syncing it.
Redhat has a guide for how to graft security metadata into your local repo in RHEL5/6, I assume it works similarly in RHEL7. If you have a Redhat Support account, see: https://access.redhat.com/solutions/55654
If you don't, below is my own take on it:
Run your reposync command with --download-metadata and other trimmings, but I would start with one repo at a time and put each one in it's own directory similar to how Redhat does it. ex. mkdir -p /path/to/repo-id && reposync -l -n --download-metadata -r repo-id -p /path/to/repo-id/.
Pull the abcdefghij-updateinfo.xml.gz metadata files from Redhat, which contains security metadata for each repository. Do this by running yum list-sec and then look for it in your local yum cache, under each repository's subdirectory. Probably somewhere in /var/cache/yum/arch/7Server/repo-id.
Run createrepo on just that repository. createrepo -v /path/to/repo-id/
Go into /path/to/repo-id/ and then into the repodata subfolder. Copy in the abcdefghij-updateinfo.xml.gz from your local yum cache into the repodata folder, but rename it to remove the hash at the beginning. Left with a file called updateinfo.xml.gz
Use the modifyrepo command to insert the security metadata into that repo's table of contents (repomd.xml) file.
modifyrepo /path/to/repo-id/updateinfo.xml.gz /path/to/repo-id/