在一些企业出于安全的原因,内部网络不允许上公网。这样就导致了内部网络的Linux服务器无法使用公网的yum源。今天记录一下在内部网络部署yum源。
Linux环境
[root@harbor nginx]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@harbor nginx]# uname -a
Linux harbor 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
关闭防火墙和selinux
[root@harbor ~]# systemctl stop firewalld
[root@harbor ~]# systemctl disable firewalld
[root@harbor ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
使用rpm安装createrepo制作yum仓库
挂载centos 7光盘到任意目录下
[root@harbor ~]# mount /dev/cdrom /mnt/cdrom/
[root@harbor ~]# cd /mnt/cdrom/Packages/
安装依赖文件
[root@harbor Packages]# yum install -y libxml2-python-2.9.1-6.el7.4.x86_64.rpm
[root@harbor Packages]# yum install -y deltarpm-3.6-3.el7.x86_64.rpm
[root@harbor Packages]# yum install -y python-deltarpm-3.6-3.el7.x86_64.rpm
安装createrepo软件
[root@harbor Packages]# yum install -y createrepo-0.9.9-28.el7.noarch.rpm
创建相应目录
[root@harbor mnt]# mkdir -p yum.repo/centos/7/{os,updates}/x86_64/{Packages,repodata}
[root@harbor mnt]# mkdir -p yum.repo/tools
拷贝相应的文件到对应的目录下
[root@harbor mnt]# cp -R /mnt/cdrom/repodata /mnt/yum.repo/centos/7/os/x86_64/
[root@harbor mnt]# cp -R /mnt/cdrom/repodata /mnt/yum.repo/centos/7/updates/x86_64/
[root@harbor mnt]# cp -R /mnt/cdrom/repodata /mnt/yum.repo/tools/
[root@harbor mnt]# cp -R /mnt/cdrom/RPM-GPG-KEY-CentOS-7 yum.repo/
[root@harbor mnt]# cp -R /mnt/cdrom/Packages/* centos/7/os/x86_64/Packages/
部署nginx服务
我这里采用docker方式去部署nginx,这样既方便又简单。
二进制部署docker
- 下载docker二进制包。
本案例采用二进制方式安装Docker,Docker版本采用19.03.12。
二进制包下载地址https://download.docker.com/linux/static/stable/x86_64/docker-19.03.12.tgz - 解压并拷贝二进制文件到对应的目录下
[root@harbor ~]# tar -zxvf docker-19.03.12.tgz
[root@harbor ~]# cp -a docker/* /usr/bin/
- 创建docker的systemd unit文件
在/usr/lib/systemd/system的目录下,创建文件docker.service,内容如下:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
- 设置docker开机自启并启动
[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker
下载docker-compose
下载地址https://github.com/docker/compose/releases/tag/1.27.2
[root@harbor ~]# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose
编辑docker-compose.yml文件
在/home目录下创建nginx目录。新建docker-compose.yml文件,内容如下
version: '3.1'
services:
nginx:
restart: always
image: nginx:latest
container_name: nginx
ports:
- 8080:80
volumes:
- /home/nginx/nginx.conf:/etc/nginx/nginx.conf
- /home/nginx/conf.d:/etc/nginx/conf.d
- /mnt/yum.repo:/usr/share/nginx/html
在/home/nginx目录下,新nginx.conf配置文件,内容如下;
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
在/home/nginx/目录下,创建conf.d目录,并新建default.conf文件,内容如下
server {
listen 80;
server_name localhost;
#charset koi8-r;
access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
通过docker-compose拉起nginx
[root@harbor ~]# cd /home/nginx/
[root@harbor nginx]# docker-compose up -d
Creating nginx ... done
[root@harbor nginx]#
[root@harbor nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
82a6369d1675 nginx:latest "/docker-entrypoint.…" 16 seconds ago Up 14 seconds 0.0.0.0:8080->80/tcp nginx
通过访问本机的8080就能访问到nginx容器的80端口
客户端访问yum源服务器
在/etc/yum.repos.d目录下,新建一个bk文件夹,把原来的.repo文件,全部存放到bk文件夹中
[root@harbor ~]# cd /etc/yum.repos.d/
[root@harbor yum.repos.d]mkdir bk
[root@harbor yum.repos.d]mv * bk
在/etc/yum.repos.d创建新的CentOS-Base.repo文件,内容如下
[iso]
name=CentOS-7-x86_64-Everything-iso
baseurl=http://10.91.74.201:8080/centos/$releasever/os/$basearch
gpgcheck=1
enabled=1
gpgkey=http://10.91.74.201:8080/RPM-GPG-KEY-CentOS-7
执行yum clean all清除原有yum缓存。
[root@harbor nginx]# yum clean all
已加载插件:fastestmirror
正在清理软件源: iso
Cleaning up list of fastest mirrors
[root@harbor nginx]# yum makecache
已加载插件:fastestmirror
Determining fastest mirrors
iso | 2.9 kB 00:00:00
(1/3): iso/7/x86_64/filelists_db | 3.3 MB 00:00:00
(2/3): iso/7/x86_64/primary_db | 3.2 MB 00:00:00
(3/3): iso/7/x86_64/other_db | 1.3 MB 00:00:00
元数据缓存已建立
[root@harbor nginx]#
这样就可以通过yum源去安装各种软件了,如果在部署过程中遇到什么问题,可以在下方留言。