CentOS7 同步远程镜像 搭建本地yum服务器
同步CentOS镜像站点的数据到本地服务器,使用nginx实现http服务向局域网内的其他机器提供yum服务,解决内网yum安装软件的问题。

一、前提条件:
1、本机连接互联网,能正常访问CentOS镜像站点,本例使用中科大的源:mirrors.ustc.edu.cn。

2、CentOS镜像站点需要支持 rsync 协议。

二、搭建过程:
1、本机安装所需工具:

yum -y install rsync createrepo
2、创建目录(位置随意):

(1)、centos仓库目录,centosplus可以不同步,一般用不到:

mkdir -p /storage/repos/centos/7/{os,updates,extras,centosplus}/x86_64
mkdir -p /storage/repos/centos/6/{os,updates,extras,centosplus}/x86_64
(2)epel仓库目录:

mkdir -p /storage/repos/epel/7/x86_64
mkdir -p /storage/repos/epel/6/x86_64

#如果需要EPEL软件的源码,请同时创建以下目录
mkdir -p /storage/repos/epel/7/SRPMS/
mkdir -p /storage/repos/epel/6/SRPMS/
3、同步远程镜像(该过程需要很长时间,与你的外网带宽有关):

rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/os/x86_64/ /storage/repos/centos/7/os/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/updates/x86_64/ /storage/repos/centos/7/updates/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/extras/x86_64/ /storage/repos/centos/7/extras/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/7/centosplus/x86_64/ /storage/repos/centos/7/centosplus/x86_64/

rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/os/x86_64/ /storage/repos/centos/6/os/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/updates/x86_64/ /storage/repos/centos/6/updates/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/extras/x86_64/ /storage/repos/centos/6/extras/x86_64/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/6/centosplus/x86_64/ /storage/repos/centos/6/centosplus/x86_64/
#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-7 /storage/repos/centos/
rsync -avz --delete --exclude='repodata' rsync://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 /storage/repos/centos/
4、生成本地仓库元数据及索引

createrepo /storage/repos/centos/7/os/x86_64/
createrepo /storage/repos/centos/7/updates/x86_64/
createrepo /storage/repos/centos/7/extras/x86_64/
createrepo /storage/repos/centos/7/centosplus/x86_64/

createrepo /storage/repos/centos/6/os/x86_64/
createrepo /storage/repos/centos/6/updates/x86_64/
createrepo /storage/repos/centos/6/extras/x86_64/
createrepo /storage/repos/centos/6/centosplus/x86_64/

5、同步脚本,如果你的服务器一直连接外网可以配置在定时任务里,定期与远程镜像保持同步:
[root@yum ~]# cat /etc/cron.daily/update-repos_7.sh
#!/bin/bash
#export RSYNC_PROXY="10.60.34.191:3128"
export RSYNC_PROXY="10.61.98.19:3128"
VER='7'
ARCH='x86_64'
CENTOS_REPOS=(os updates extras centosplus)

#同步centos镜像
for REPO in ${CENTOS_REPOS[@]}
do
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/${VER}/${REPO}/${ARCH}/ /storage/repos/centos/${VER}/${REPO}/${ARCH}/

createrepo --update /storage/repos/centos/${VER}/${REPO}/${ARCH}/
done

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-${VER} /storage/repos/centos/

#同步epel镜像
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/x86_64/ /storage/repos/epel/${VER}/x86_64/

createrepo --update /storage/repos/epel/${VER}/x86_64/

#如果需要epel软件的源码,同步epel软件源码仓库
#rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/SRPMS/ /storage/repos/epel/${VER}/SRPMS/

#createrepo /storage/repos/epel/${VER}/SRPMS/

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-${VER} /storage/repos/epel/
# chmod 755 /etc/cron.daily/update-repos_6.sh


[root@yum ~]# cat /etc/cron.daily/update-repos_6.sh
#!/bin/bash
#export RSYNC_PROXY="10.60.34.191:3128"
export RSYNC_PROXY="10.61.98.19:3128"
VER='6'
ARCH='x86_64'
CENTOS_REPOS=(os updates extras centosplus)

#同步centos镜像
for REPO in ${CENTOS_REPOS[@]}
do
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/${VER}/${REPO}/${ARCH}/ /storage/repos/centos/${VER}/${REPO}/${ARCH}/

createrepo --update /storage/repos/centos/${VER}/${REPO}/${ARCH}/
done

#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-${VER} /storage/repos/centos/

#同步epel镜像
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/x86_64/ /storage/repos/epel/${VER}/x86_64/

createrepo --update /storage/repos/epel/${VER}/x86_64/

#如果需要epel软件的源码,同步epel软件源码仓库
#rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/${VER}/SRPMS/ /storage/repos/epel/${VER}/SRPMS/

#createrepo /storage/repos/epel/${VER}/SRPMS/


#同步gpgkey
rsync -avz --delete --exclude='repodata' rsync://rsync.mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-${VER} /storage/repos/epel/
# chmod 755 /etc/cron.daily/update-repos_6.sh
6、关闭selinux:

# 1、永久关闭
vi /etc/selinux/config
#将其中的 SELINUX=enforcing 配置项 修改为: SELINUX=disabled

# 2、临时关闭
setenforce 0
7、nginx的安装及配置(cenos官方源中没有包含nginx, 通过epel源安装nginx):

(1)、安装epel源:

yum install epel-release
(2)、安装nginx:

yum install -y nginx
(3)、启动nginx:

systemctl start nginx.service
(4)、开机自动启动nginx服务:

systemctl enable nginx.service
(5)、防火墙允许nginx服务:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
[root@yum ~]# cat /opt/openresty/nginx/conf/nginx.conf|grep -v "#"|grep -v "^$"
user www;
worker_processes 4;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main ;
error_log logs/error.log info;
sendfile on;
keepalive_timeout 120s 120s;
keepalive_requests 10000;
server {
listen 80;
server_name ifconfig.kjtyun.com;
location /cmdb_update/ {
alias /opt/openresty/nginx/html/;
autoindex on;
}
location /yum/ {
alias /opt/openresty/nginx/html/;
autoindex on;
}
location / {
default_type text/html;
add_header Content-Type 'text/html; charset=utf-8';
return 200 "$remote_addr";
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name yum.kjtyun.com;
root /storage/repos/ ;
location = / {
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
(8)、重启nginx服务或让nginx重新加载配置:

systemctl restart nginx.service
#或
systemctl reload nginx.service
现在应该可能通过 http://{ipaddress} 能查看到内容了,如果报403之类的错误,请查找nginx相关错误的解决办法。

三、yum客户端(机)配置:
1、修改 /etc/yum.repos.d/CentOS-Base.repo 文件中各仓库的baseurl 和 gpgkey 配置项,模板中的{ipaddress}替换为你的实际IP地址。

[hadoop@node1 yum.repos.d]$ cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://yum.kjtyun.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://yum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever



[hadoop@node1 yum.repos.d]$ cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
baseurl=http://yum.kjtyun.com/epel/$releasever/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
baseurl=http://yum.kjtyun.com/epel/$releasever/$basearch/debug
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever

#[epel-source]
#name=Extra Packages for Enterprise Linux 7 - $basearch - Source
##baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
#failovermethod=priority
#enabled=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
#gpgkey=http://yum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever
#gpgcheck=1

3、清除yum缓存:
yum clean all
4、删除yum缓存目录:

rm -rf /var/cache/yum/*
5、创建yum缓存:

yum makecache

 

 

# cat /etc/yum.repos.d/CentOS-Base.repo
## centos7

[base7]

name=CentOS-7-os-cmiot.local

baseurl=http://mirror.centos.org/centos/7/os/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

#centosplus

[centosplus7]

name=CentOS-7-centosplus-cmiot.local

baseurl=http://mirror.centos.org/centos/7/centosplus/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7


#released updates

[updates7]

name=CentOS-7-updates-cmiot.local

baseurl=http://mirror.centos.org/centos/7/updates/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful

[extras7]

name=CentOS-7-extras-cmiot.local

baseurl=http://mirror.centos.org/centos/7/extras/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

## centos6

[base6]

name=CentOS-6-os-cmiot.local

baseurl=http://mirror.centos.org/centos/6/os/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#centosplus

[centosplus6]

name=CentOS-6-centosplus-cmiot.local

baseurl=http://mirror.centos.org/centos/6/centosplus/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6


#released updates

[updates6]

name=CentOS-6-updates-cmiot.local

baseurl=http://mirror.centos.org/centos/6/updates/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful

[extras6]

name=CentOS-6-extras-cmiot.local

baseurl=http://mirror.centos.org/centos/6/extras/x86_64/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

## epel
[epel6]

name=CentOS-6-epel-cmiot.local

baseurl=https://dl.fedoraproject.org/pub/epel/6/x86_64/

gpgcheck=0

[epel7]

name=CentOS-7-epel-cmiot.local

baseurl=https://dl.fedoraproject.org/pub/epel/7/x86_64/

gpgcheck=0

 

reposync -n --repoid=extras7 --repoid=updates7 --repoid=base7 --repoid=centosplus7 -p /data/website/centos/7

reposync -n --repoid=epel7 -p /data/website/epel/

reposync -n --repoid=extras6 --repoid=updates6 --repoid=base6 --repoid=centosplus6 -p /data/website/centos/6

reposync -n --repoid=epel6 -p /data/website/epel/

 

createrepo -po /data/website/centos/6/base6/ /data/website/centos/6/base6/

createrepo -po /data/website/centos/6/updates6/ /data/website/centos/6/updates6/

createrepo -po /data/website/centos/6/extras6/ /data/website/centos/6/extras6/

createrepo -po /data/website/centos/6/centosplus6/ /data/website/centos/6/centosplus6/

createrepo -po /data/website/epel/epel6/ /data/website/epel/epel6/

 

createrepo -po /data/website/centos/7/base7/ /data/website/centos/7/base7/

createrepo -po /data/website/centos/7/updates7 /data/website/centos/7/updates7

createrepo -po /data/website/centos/7/extras7 /data/website/centos/7/extras7

createrepo -po /data/website/epel/epel7 /data/website/epel/epel7

createrepo -po /data/website/centos/7/centosplus7/ /data/website/centos/7/centosplus7/

 

# cat globaleyum.kjtyun.com.conf
server {
listen 80;
server_name globaleyum.kjtyun.com;
access_log /data/logs/nginx/globaleyum.kjtyun.com.log access;
root /data/website/ ;
location = / {
autoindex on;
}

error_page 500 502 503 504 /50x.html;

location = /50x.html {
root html;
}
}

 

[root@node1 yum.repos.d]# cat globalegrow.repo
#CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/base$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/updates$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/extras$releasever
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://globaleyum.kjtyun.com/centos/$releasever/centosplus$releasever
gpgcheck=1
enabled=0
gpgkey=http://globaleyum.kjtyun.com/centos/RPM-GPG-KEY-CentOS-$releasever

 


[epel]
name=Extra Packages for Enterprise Linux $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/${releasever}/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-${releasever}&arch=$basearch
baseurl=http://globaleyum.kjtyun.com/epel/epel$releasever
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=http://globaleyum.kjtyun.com/epel/RPM-GPG-KEY-EPEL-$releasever


[globalegrow]
name=globalegrow
baseurl=http://globaleyum.kjtyun.com/globalegrow/centos$releasever
enabled=1
gpgcheck=0

 

 

# cat /etc/ntp.conf
# 指定时间漂移记录文件,作用:如果ntpd停止并重新启动,它将从该文件初始化频率,并避免可能的长时间间隔重新学习校正。
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
#restrict 172.31.32.0 mask 255.255.240.0 nomodify notrap
restrict 127.0.0.1
restrict -6 ::1

restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
restrict 172.16.0.0 mask 255.240.0.0 nomodify notrap
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap
## prefer:优先使用
## minpoll && maxpoll:
server 0.pool.ntp.org prefer iburst minpoll 4 maxpoll 6
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
server 127.127.1.0 iburst
fudge 127.127.1.0 stratum 10

statistics loopstats peerstats clockstats

filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

logfile /var/log/ntp.log
broadcastdelay 0.008