Yum, Apt, and Repos

1 Yum
2 Apt
- 2.1 apt-get update vs upgrade
- 2.2 List of Repositories
3 How to find if a package is installed
4 How to query information about a package
5 How to search and download kernel-devel package that is not available in the repositories by using RPM
6 How to install RPM packages that are older than the currently installed one
7 Could not contact any CDS load balancers: rhui2-cds01.us-east-1.aws.ce.redhat.com, rhui2-cds02.us-east-1.aws.ce.redhat.com.

Yum

Yum Cheatsheet: https://access.redhat.com/sites/default/files/attachments/rh_yum_cheatsheet_1214_jcs_print-1.pdf

The configuration file for yum and related utilities is located at /etc/yum.conf. This file contains one mandatory [main] section, which allows you to set Yum options that have global effect, and can also contain one or more [repository] sections, which allow you to set repository-specific options.
So /etc/yum.conf is a basic set of instructions used by yum to run, which includes some repository information because it is literally required to use yum.

$ cat /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=3

#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

Regarding yum.repos.d in particular: It is recommended to define individual repositories in new or existing .repo files in the /etc/yum.repos.d/ directory. The values you define in individual [repository] sections of the /etc/yum.conf file override values set in the [main] section.
In short, /etc/yum.repos.d contains "extra" repository information and only that. This information can potentially override whatever is in yum.conf.

How to find installed packages

$ yum list installed
$ yum list installed <package>

How to remove installed packages

$ yum remove <package>

How to look up the history of an installed package

Use yum history command like so:

$ sudo yum history info dos2unix
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Transaction ID : 8
Begin time     : Fri Nov 17 10:00:39 2023
Begin rpmdb    : 354:1c04100a613a950c609f419b2b0a5f2cf2b1bf7d
End time       :            10:00:43 2023 (4 seconds)
End rpmdb      : 355:900b0a31f0938f4060ff3945e7804b68351f1c40
User           : root <root>
Return-Code    : Success
Command Line   : -y install dos2unix
Transaction performed with:
    Updated       rpm-4.11.3-45.el7.x86_64                  @anaconda/7.9
    Updated       subscription-manager-1.24.42-1.el7.x86_64 @anaconda/7.9
    Installed     yum-3.4.3-168.el7.noarch                  @anaconda/7.9
Packages Altered:
    Install dos2unix-6.0.3-7.el7.x86_64 @rhel-7-server-rpms
history info

$ sudo yum history summary dos2unix                                   
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Login user                 | Time                | Action(s)        | Altered
-------------------------------------------------------------------------------
root <root>                | Last 3 months       | Install          |        1
history summary

How to install updates from Red Hat Security Advisory IDs

$ sudo yum -y update --advisory=RHSA-2023:7058

Ref: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_and_monitoring_security_updates/installing-security-updates_managing-and-monitoring-security-updates

Making (old) Amazon Linux AMIs Use the Latest Repos

If you want your (old) Amazon Linux to use the most recent repo, and to have the latest packages, follow these steps below. Thanks to m a v a n d e, we were able to get an old AL AMI (ami-0509cbef5247d8e4d), and get the latest version of glibc-2.17-292.180.amzn1.x86_64. By default it had 2.17-260.175.amzn1 version installed.

Original Package for glibc:

$ yum --showduplicates list glibc 
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
glibc.x86_64                             2.17-260.175.amzn1                             @amzn- updates/2018.03
Available Packages
glibc.i686                               2.17-196.172.amzn1                             amzn-main            
glibc.x86_64                             2.17-196.172.amzn1                             amzn-main            
glibc.i686                               2.17-222.173.amzn1                             amzn-updates          
glibc.x86_64                             2.17-222.173.amzn1                             amzn- updates         
glibc.i686                               2.17-260.175.amzn1                             amzn-updates         
glibc.x86_64                             2.17-260.175.amzn1

1) Modify /etc/yum.conf and ensure releasever=latest. According to doc [1], by default, the Amazon Linux AMI should have rreleasever=latest set. If not you must change it:

$ sudo vi /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=system-release
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=3
deltarpm=0
timeout=5
retries=3

# by default the yum configuration will point to the latest release
# of Amazon Linux AMI. If you prefer not to automatically move to
# new releases, comment out this line.
#releasever=2018.03
releasever=latest       <<<<<<< Like so

2) Edit the /etc/yum.repos.d/amzn-updates.repo file, and remove the "-$guid" from the [amzn-updates] section, like so:

$ sudo vi /etc/yum.repos.d/amzn-updates.repo

# Originally, it was like:
[amzn-updates]
name=amzn-updates-Base
mirrorlist=http://repo.$awsregion.$awsdomain/$releasever/updates/mirror.list-$guid  

# Change it to:
[amzn-updates]
name=amzn-updates-Base
mirrorlist=http://repo.$awsregion.$awsdomain/$releasever/updates/mirror.list

(In Amazon Linux 2, there is no "-$guid" in the /etc/yum.repos.d/amzn2-extras.repo)

3) Clear yum cache:

$ sudo yum clean all

4) Update:

$ sudo yum update -y

5) Check that the package list has updated:

$ yum --showduplicates list glibc 
Loaded plugins: priorities, update-motd, upgrade-helper amzn-updates/latest/primary_db FAILED                                          
http://packages.us-west-1.amazonaws.com/2018.03/updates/a7867d8d592e/x86_64/repodata/primary.sqlite.bz2?instance_id=i-086bf740f0950be9c&region=us-west-2: [Errno -1] Metadata file does  not match checksum
Trying other mirror.
amzn-updates/latest/primary_db                                                                | 2.9 MB  00:00:00     
Installed Packages
glibc.x86_64                                     2.17-292.180.amzn1                                     @amzn-updates
Available Packages
glibc.i686                                       2.17-196.172.amzn1                                     amzn-main    
glibc.x86_64                                     2.17-196.172.amzn1                                     amzn-main    
glibc.i686                                       2.17-222.173.amzn1                                     amzn-updates 
glibc.x86_64                                     2.17-222.173.amzn1                                     amzn-updates 
glibc.i686                                       2.17-260.175.amzn1                                     amzn-updates 
glibc.x86_64                                     2.17-260.175.amzn1                                     amzn-updates 
glibc.i686                                       2.17-292.178.amzn1                                     amzn-updates 
glibc.x86_64                                     2.17-292.178.amzn1                                     amzn-updates 
glibc.i686                                       2.17-292.180.amzn1                                     amzn-updates 
glibc.x86_64                                     2.17-292.180.amzn1                                     amzn-update

References:
[1] https://aws.amazon.com/amazon-linux-ami/faqs/

Add notes

https://access.redhat.com/solutions/265523 https://www.redhat.com/files/summit/session-assets/2018/S1359-Moving-your-physical-Red-Hat-Enterprise-Linux-servers-to-Azure-or-AWS-Distribution.pdf https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-setting_repository_options https://access.redhat.com/solutions/253273 https://serverfault.com/questions/892354/what-is-the-difference-between-base-url-and-mirrorlist-in-yum

Apt

(Debian and Ubuntu)

https://www.cyberciti.biz/faq/what-does-sudo-apt-get-update-command-do-on-ubuntu-debian/

apt-get update vs upgrade

apt-get update updates the list of available packages and their versions, but it does not install or upgrade any packages. apt-get upgrade actually installs newer versions of the packages you have. After updating the lists, the package manager knows about available updates for the software you have installed.

List of Repositories

For Debian and Ubuntu, the repositories will be in the file /etc/apt/sources.list.

Example:

Debian9 by default:

admin@ip-172-31-27-85:~$ cat /etc/apt/sources.list
deb http://cdn-aws.deb.debian.org/debian stretch main
deb http://security.debian.org/debian-security stretch/updates main
deb http://cdn-aws.deb.debian.org/debian stretch-updates main

Ubuntu is pretty much the same.

How to find if a package is installed

Find out if a package is installed using the rpm command:

$ rpm -qa httpd
httpd-2.4.46-1.amzn2.x86_64

$ rpm -qa | grep httpd
httpd-2.4.46-1.amzn2.x86_64
httpd-filesystem-2.4.46-1.amzn2.noarch
httpd-tools-2.4.46-1.amzn2.x86_64
generic-logos-httpd-18.0.0-4.amzn2.noarch

Find out if a package is installed using the yum command:

$ yum list installed httpd
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
224 packages excluded due to repository priority protections
Installed Packages
httpd.x86_64                     2.4.46-1.amzn2                      @amzn2-core

How to query information about a package

$ rpm -qi httpd
Name        : httpd
Version     : 2.4.46
Release     : 1.amzn2
Architecture: x86_64
Install Date: Tue 23 Feb 2021 03:56:26 PM UTC
Group       : System Environment/Daemons
Size        : 4185459
License     : ASL 2.0
Signature   : RSA/SHA256, Mon 14 Sep 2020 08:55:59 PM UTC, Key ID 11cf1f95c87f5b1a
Source RPM  : httpd-2.4.46-1.amzn2.src.rpm
Build Date  : Mon 24 Aug 2020 06:55:03 PM UTC
Build Host  : build.amazon.com
Relocations : (not relocatable)
Packager    : Amazon Linux
Vendor      : Amazon Linux
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

How to search and download kernel-devel package that is not available in the repositories by using RPM

1) Use http://rpm.pbone.net/ to search for the package. Then click on the package you want based on your OS.

i.e.: http://rpm.pbone.net/resultsb_dist_79_size_11105876_name_kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm.html

2) Right click on the package and copy link.

2) Use wget to download the package:

# wget ftp://ftp.pbone.net/mirror/vault.centos.org/6.8/updates/x86_64/Packages/kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm
--2021-04-29 23:20:30--  ftp://ftp.pbone.net/mirror/vault.centos.org/6.8/updates/x86_64/Packages/kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm
           => “kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm”
Resolving ftp.pbone.net... 93.179.225.212
Connecting to ftp.pbone.net|93.179.225.212|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /mirror/vault.centos.org/6.8/updates/x86_64/Packages ... done.
==> SIZE kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm ... 11105876
==> PASV ... done.    ==> RETR kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm ... done.
Length: 11105876 (11M) (unauthoritative) 

100%[==================================================================================================>] 11,105,876  4.32M/s   in 2.5s    

2021-04-29 23:20:34 (4.32 MB/s) - “kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm” saved [11105876]

4) Check to see if it downloaded:

# ls -al kern*
-rw-r--r--. 1 root root 33393432 Apr 29 23:13 kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm

5) Use rpm to install the package:

# rpm -i kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm

6) Check to see if it was installed:

# rpm -qa | grep kernel
kernel-devel-2.6.32-642.11.1.el6.x86_64

7) To uninstall:

# rpm -e kernel-devel-2.6.32-642.11.1.el6.x86_64
# rpm -qa | grep kernel

How to install RPM packages that are older than the currently installed one

---

If you are trying to manually install an older RPM package than what is already installed, then follow the same steps above but use # rpm -ivh --oldpackage <rpmpackage. Example:

# wget ftp://ftp.pbone.net/mirror/vault.centos.org/7.7.1908/cr/x86_64/Packages/kernel-3.10.0-1127.el7.x86_64.rpm
# rpm -ivh --oldpackage kernel-3.10.0-1127.el7.x86_64.rpm

Could not contact any CDS load balancers: rhui2-cds01.us-east-1.aws.ce.redhat.com, rhui2-cds02.us-east-1.aws.ce.redhat.com.

RHUI2 is the older version of RHUI client and hence we must update the version so that it can connect to the RHUI3 servers.

Red Hat migrated their Red Hat Update Infrastructure (RHUI) from RHUI version 2 to RHUI version 3. https://access.redhat.com/articles/4599971
https://access.redhat.com/articles/5215331 https://access.redhat.com/articles/4720861

In this example, I used RHEL 7.1 (3.10.0-229.el7.x86_64) in us-east-1 using AMI "ami-12663b7a". To resolve this:

1) launch a new EC2 instance with latest version of RHEL 7 (I used latest 7.9 (ami-0051b1b2c5a166c8c)) and login to the new EC2 instance. Once you login to the instance, run the below command to download the latest rhui client package.

$ sudo yum install --downloadonly --downloaddir=/home/ec2-user/ rh-amazon-rhui-client.noarch

$ ls -al /home/ec2-user
total 48
drwx------. 3 ec2-user ec2-user   126 Aug  3 17:47 .
drwxr-xr-x. 3 root     root        22 Aug  3 17:46 ..
-rw-r--r--. 1 ec2-user ec2-user    18 Oct 27  2021 .bash_logout
-rw-r--r--. 1 ec2-user ec2-user   193 Oct 27  2021 .bash_profile
-rw-r--r--. 1 ec2-user ec2-user   231 Oct 27  2021 .bashrc
-rw-r--r--. 1 root     root     34372 May 12 05:41 rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm
drwx------. 2 ec2-user ec2-user    29 Aug  3 17:46 .ssh

2) Copy the downloaded rpm package to all the impacted EC2 instance (RHEL 7 only). Possible options:

Rsync/scp from one host to the other

$ rsync -avpe "ssh -i /home/ec2-user/.ssh/ec2_nva_key.pem" /home/ec2-user/rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm ec2-user@34.229.152.120:/home/ec2-user/

or

$ scp -i <keypair> <rhui client package name> ec2-user@<destination_public-or-private-ip>:/destination_path

Download to your desktop then copy to the impacted instance
Upload to S3, and download from S3

3) In the problematic instance, follow the below steps (To avoid dependencies while installing the packages use rpm utility with below options. )

$ sudo yum remove -y rh-amazon-rhui-client
$ sudo yum localinstall rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm

4) Confirm installation:

$ rpm -qa | grep rhui
rh-amazon-rhui-client-4.0.4-1.el7.noarch

5) Now if you try to run sudo yum update you may get the error curl#35 - "Peer reports incompatible or unsupported protocol version.". To resolve this:

5A) Move current RHEL repository to some other directory.

$ sudo mv /etc/yum.repos.d /etc/yum.repos.d.backup

5B) Create new repository directory.

$ sudo mkdir /etc/yum.repos.d

5C) Please copy the content of "Centos.repo" attached in this correspondence and paste inside repository directory.

$ sudo vi /etc/yum.repos.d/CentOS.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=0

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=0 

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=0

5D) Update curl via Centos's "base" and "updates" repositories.

$ sudo yum update curl

5E) Move CentOS repository to some other directory (Later you may remove this).

$ sudo mv /etc/yum.repos.d /etc/yum.repos.d.centos

5F) Move RHEL repository back to original directory.

$ sudo mv /etc/yum.repos.d.backup /etc/yum.repos.d

6) Yum update should now work:

$ sudo yum update

https://rhui.us-east-1.aws.ce.redhat.com/pulp/content/rhui-client-config/rhel/server/7/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found

If you get this error, the resolution steps is similar to the above. This can happen on RHEL 7.2+. This issue is also due to RHU2, which can be resolved by upgrading to RHUI3/4:

In this example, I used RHEL 7.2 in us-east-1 using AMI "ami-f8586892". To resolve this: