DEVOPS - YUM


YUM (Yellowdog Updater Modified)
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/README-yum

YUM is package manager for RPM packages, which allows automatic updates, package and dependency management. Yellowdog was a Linux distribution which was based on Red Hat. It had a package manager, which was called Yellowdog UPdater (YUP). It has been rewritten to support Red Hat based Linux system, and since then it is called YUM (Yellowdog Updater Modified.) YUM under the hood depends on RPM; which is a packaging standard.

YUM doesn't recognize AIX installp dependencies. For example: OpenSSL libraries are provided by AIX in installp format, so if an RPM package depends on a specific OpenSSL version then user should make sure to keep his OpenSSL version updated.

--------------------------------------------------------------------------------

RPM:

It is a free and open source package management system, which is available on AIX.

Without YUM thes RPM commands can be used on AIX
rpm -qa                       shows what rpm packages are installed
rpm -ql <package name>        shows where the files are installed (rpm -qlp .. shows the absolut paths???)
rpm -q --filesbypkg cdrecord  list all the files on installed rpm package
rpm -qf /usr/bin/lynx         query a file to find the source rpm package
rpm -qi <package name>
        list information on an installed rpm package
rpm -qR <package name>        list all dependencies on any rpm package
     
rpm -ivh httpd-2.2.8.aix5.1.rpm install the rpm package

rpm -ivh --force *.rpm
rpm -ivh --force --nodeps <package name>    does not check dependency (same can be done with "rpm -Uvh..." for upgrade)
rpm -e <package name> 
        removes the rpm package

rpm -Va                       shows which files are missing from the RPM database
rpm -Vv <package name>        verifies a package
rpm --rebuilddb               compress and rebuild the RPM database

/usr/sbin/updtvpkg            enables the rpm command to recognize that the libraries have been installed

In some cases you might get an error about failed dependencies when you install RPMs on AIX (for example, error: failed dependencies: libX11.a(shr4.o) is needed by tk-8.3.3-1). Most likely the error occurs because the rpm command does not recognize the shared library. If the error occurs, check to see if the X11 libraries are installed in the directory /usr/lpp/X11/lib. If they are not installed, use the AIX product media to install them. After you have installed the libraries, run the above command (updtvpkg). The command enables the rpm command to recognize that the libraries have been installed.

---------------------------------

Installing yum on AIX

1. install latest rpm.rte: https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/
# installp -qacXYd rpm.rte all

2. install all rpm packages contained in yum_bundle.tar
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/
# tar -xvf yum_bundle.tar
# rpm -Uvh *

Another way to install yum is to download yum.sh from https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/.
Running this script will download and install the latest rpm.rte and yum_bundle.tar.

yum.conf file will be installed under the path /opt/freeware/etc/yum.
Additional yum repository files can be created under the path /opt/freeware/etc/yum/repos.d.

---------------------------------

AIX Toolbox Repositories

IBM provides the most widely used GNU and opensource Linux tools on AIX (like gcc, git, coreutils, perl, python, ruby, php etc.). These can be downloaded from the AIX Toolbox site: https://www.ibm.com/support/pages/node/882892

It is also possible to use AIX Toolbox as a yum repository, so dependencies will be handled automatically by yum. After installing yum, by default 3 IBM repositories are enabled for rpm packages in /opt/freeware/etc/yum/yum.conf.


These 3 repositories are: ppc, noarch and ppc-X.X
ppc:     Contains most of the rpms. These rpms are built on AIX 5.3, 6.1 and these can be installed on any higher versions of AIX
noarch:  Contains architecture independent packages (scripts, text files, which are not binaries), these can be installed on any AIX
ppc-6.1: Contains gcc which can be installed only on aix6.1.
ppc-7.1: Contains gcc which can be installed only on aix7.1.
ppc-7.2: Contains gcc/gcc-go which can be installed only on aix7.2.

The reason behind this is, that some of the rpm packages like gcc can only be installed on a specific version of AIX. For example, gcc built on AIX 6.1 will be allowed to be installed only on AIX 6.1 machines, so with the configuration of these separate repositories "yum install gcc" will work on all AIX servers, irrespective of AIX version.

-------------------------------------------------

/opt/freeware/etc/yum/yum.conf                    <--main yum configuration file

yum clean all                                     <--cleans up cache (to see new config, packages in repo cache has to be cleaned up)
yum search <keyword>                              <--to find packages containing the specified keywordin description from repository
yum list <package>                                <--shows status of a package (if it is installed or available in repositiry)
yum list <package> --showduplicates               <--lists all versions in repository (installed and all available versions)
yum info <package>                                <--info about a package
yum whatprovides <filename>                       <--shows which package contains given file (like: yum whatprovides zlib.so)
yum provides <filename>                           <--to find which package provides the file

yum install <package>                             <--installs a package + dependencies (more packages: yum install package1 package2 …)
yum install <package_name>-<version_info>         <--installs a specific version (like: yum install gcc-6.3.0-1)
yum localinstall </path/to/package>               <--installing a package from local path instead of a repository

yum update <package>                              <--updates a package (with its dependencies if needed)
yum check-update                                  <--check if a newer version of a package is available
yum remove <package>                              <--remove a package

yum history                                       <--lists history of yum actions (same as yum history list all)
yum history info <transaction_ID>                 <--gives details about the specified history transaction id
yum history undo <transaction_ID>                 <--roll backs the given tranaction id

yum repolist                                      <--list repositories
yum --disablerepo="*" --enablerepo="epel" list available       <--lists packages only in a specific repo (use output of "yum repolist" )
yum --disablerepo=* --enablerepo=LIVE* list Centrify*          <--lists installed and available packages from LIVE* repos

createrepo --checksum sha --update /etc/repo      <--update repo after a new package is copied there

---------------------------------

Creating local YUM repository

We need to choose an AIX or Linux server with HTTP access (Apache/NGNIX) that can be used as a repository server. The ideal scene is if it has access to the internet (so it can sync packages from IBM site). If it is not possible then we need to copy there manually the rpm packages. The YUM clients are connecting to the repository server using HTTP connections.  (I guess that is why the curl package is a prerequisite for the yum package.)

Detailed steps are described here:  https://developer.ibm.com/articles/configure-yum-on-aix/ and here: https://www.djouxtech.net/posts/aix-yum-installation/

1. Install yum-utils and createrepo (with dependencies)

2. Download all rpm packages what you need in repo
We can use the default IBM repositories to download rpm packages (if we have internet on the repository server). By default /opt/freeware/etc/yum/yum.conf contains the IBM repositories (yum repolist should show them), and reposync command will sync (download) content of a repository
# reposync -p <target_path> -r AIX_Toolbox -a ppc
# reposync -p <target_path> -r AIX_Toolbox_61 -a ppc
# reposync -p <target_path> -r AIX_Toolbox_71 -a ppc
# reposync -p <target_path> -r AIX_Toolbox_72 -a ppc
# reposync -p <target_path> -r AIX_Toolbox_noarch
(-p path to download, -r: the name of the repository, -a: architecture)

3. create repo
Run createrepo for all the downloaded packages:
# createrepo <target_path>/AIX_Toolbox
# createrepo <target_path>/AIX_Toolbox_61
# createrepo <target_path>/AIX_Toolbox_71
# createrepo <target_path>/AIX_Toolbox_72
# createrepo <target_path>/AIX_Toolbox_noarch

4. on AIX servers update repo config files with correct locations
On client servers, create new repo file in /opt/freeware/etc/yum/repos.d: like localrepos.repo:
# cat /opt/freeware/etc/yum/repos.d/localrepos.repo
[local_AIX_Toolbox]
name=local AIX generic repository
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox/
enabled=1
gpgcheck=0
priority=1

[local_AIX_Toolbox_noarch]
name=local AIX noarch repository
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox_noarch/
enabled=1
gpgcheck=0
priority=1

[locaL_AIX_Toolbox_71]
name=local AIX 7.1 specific repository
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox_71/
enabled=1
gpgcheck=0
priority=1

5. disable IBM repos (if needed)
If localrepos will be used in /opt/freeware/etc/yum/yum.conf file IBM repositories can be disabled (enabled=0)

-------------------------------------------------

YUM repository update:

If we want to add additional packages to a repo, do these steps on the repository server:
1. copy package to correct repository (make sure permissions and user are correct)
3. update repo: createrepo --checksum sha --update /srv/packer/ias-AIX/Toolbox
4. on clients clean cache: yum clean all (so new packages vill be visible for yum commands)

-------------------------------------------------

3 comments:

  1. i have a problem.

    https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#35 - "Unknown SSL protocol error in connection to public.dhe.ibm.com:443 "
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again

    Why?

    ReplyDelete
  2. Same problem. no solution yet. already tried to remove https and replace by http.

    ReplyDelete