局域网某些安全域内的主机无法访问互联网,我们可以搭建一台局域网私有镜像库,但是如此即占用磁盘,还需要大量精力去维护。不如搭建中转服务器(192.168.15.110),这台中转服务器可以使用nginx、rinetd、firewalld等实现。只需要对该中转服务器放开访问互联网策略即可。我这里使用rinetd做的端口转发,并且做了源地址访问限制。
# cat /etc/rinetd.conf
allow 192.168.16.*
allow 192.168.17.*
allow 192.168.18.*
0.0.0.0 443 mirrors.tuna.tsinghua.edu.cn 443然后在如上16.*、17.*、18.*网段的服务器上,执行下面的脚本进行镜像库配置即可。目前,下面的脚本支持:centos6、7、8,Ubuntu trusty|xenial|bionic|focal等版本。脚本执行格式如下:
./config_mirror.sh redhat6
命令参数:redhat6、redhat7、ubuntu。centos8和centos7参数复用。ubuntu的各版本会自动检测,当检测不到时,提示用户输入:"DISTRIB_CODENAME(trusty|xenial|bionic|focal):"
#!/bin/bash
function pre_conf() {
mkdir -p /etc/yum.repos.d/old-repo
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old-repo
cp -a /etc/yum.repos.d/old-repo/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
echo "192.168.11.251 mirrors.tuna.tsinghua.edu.cn" >> /etc/hosts
}
function redhat_7() {
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo
}
function redhat_6() {
VERSION=$(cat /etc/redhat-release |tr -cd "[0-9.]");
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://mirror.centos.org|baseurl=http://mirrors.tuna.tsinghua.edu.cn|g' \
-e 's/centos/centos-vault/g' \
-e "s/\$releasever/$VERSION/g" \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo
}
function ubuntu() {
echo "192.168.11.251 mirrors.tuna.tsinghua.edu.cn" >> /etc/hosts
mv /etc/apt/sources.list{,.bak}
touch /etc/apt/sources.list
DISTRIB_CODENAME=$(cat /etc/lsb-release |grep '_CODENAME'|awk -F'=' '{print $2}')
if [ ! $DISTRIB_CODENAME ];then
read -p "DISTRIB_CODENAME(trusty|xenial|bionic|focal):" DISTRIB_CODENAME
fi
echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME main restricted universe multiverse" >>/etc/apt/sources.list
echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-updates main restricted universe multiverse" >>/etc/apt/sources.list
echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-backports main restricted universe multiverse" >>/etc/apt/sources.list
echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-security main restricted universe multiverse" >>/etc/apt/sources.list
}
case $1 in
redhat7)
echo "Config Redhat7 Mirrors"
pre_conf
redhat_7
if [ $? -eq 0 ]; then
yum clean all && yum makecache
fi
;;
redhat6)
echo "Config Redhat6 Mirrors"
pre_conf
redhat_6
if [ $? -eq 0 ]; then
yum clean all && yum makecache
fi
;;
ubuntu)
echo "Config Ubuntu Mirrors"
ubuntu
if [ $? -eq 0 ]; then
apt update
fi
;;
*)
echo $"Usage: $0 {redhat6|redhat7|ubuntu}"
esac
Update 2021-03-17 增加ntp服务器和epel Mirror镜像配置。
# 只适合Redhat7及以上
function conf_ntp() {
sed -e 's|^server|#server|g' \
-i.bak \
/etc/chrony.conf
echo "server 192.168.15.110 iburst" >> /etc/chrony.conf
systemctl restart chronyd
sleep 10s
systemctl status chronyd |grep adjustment
}
# 只适合Redhat6及以上
function conf_epel6() {
yum -y install epel-release
sleep 1s
sed -e 's|^#baseurl=http://download.fedoraproject.org/pub|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
-e 's/metalink/#metalink/g' \
-i.bak \
/etc/yum.repos.d/epel.repo
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/old-repo/
}
# 只适合RedHat5
function conf_epel5() {
if [ -z /etc/yum.repos.d/epel.repo ];then
touch /etc/yum.repos.d/epel.repo
fi
cat >> /etc/yum.repos.d/epel.repo <<EOF
[epel]
name=Extra Packages for Enterprise Linux 5 or 6 - $basearch
baseurl=https://archives.fedoraproject.org/pub/archive/epel/\$releasever/\$basearch
enabled=1
gpgcheck=1
EOF
wget https://archives.fedoraproject.org/pub/archive/epel/RPM-GPG-KEY-EPEL-5 -P /etc/pki/rpm-gpg
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-5
echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-5" >> /etc/yum.repos.d/epel.repo
#cat /etc/yum.repos.d/CentOS-Base.repo|grep RPM-GPG-KEY-CentOS|awk '{gsub(/^ *| *$/,"");print}'|uniq >> /etc/yum.repos.d/epel.repo
}