Linuxest 2018-06-11
一、使用场景
在生产环境中,我们不可能所有的服务器都能连接外网更新RPM包,比较理想的环境是:有一台Linux服务器可以连接外网,剩余的服务器通过这台YUM服务器更新。以前比较传统的做法是先把包下载到内网中的YUM服务器上,然后通过createrepo命令生成本地仓库,其余服务器通过HTTP访问这个链接,这种做法比较费时费事。有没有一种比较好的方式,让我们直接通过这台服务器代理连接到公网的163、阿里 YUM仓库呢,这就是本次介绍的Nexus代理。无论你的客户机是CentOS6还是CentOS7又或者是Ubuntu,不论你是想用YUM还是PIP又或者是NPM包管理器,Nexus都能满足你的需求。
二、安装Nexus
这里我使用CentOS7作为YUM Repository代理服务器
# 确认已安装JRE8
# java -version
openjdk version "1.8.0_161"
OpenJDK Runtime Environment (build 1.8.0_161-b14)
OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)
# 创建nexus用户,并设置该用户File Handle Limits
# useradd nexus
# echo "nexus - nofile 65536" >> /etc/security/limits.conf
# 下载并解压nexus到/opt目录,并设置nexus用户权限
# wget https://download.sonatype.com/nexus/3/latest-unix.tar.gz
# tar -xzvf latest-unix.tar.gz -C /opt
# mv /opt/nexus* /opt/nexus
# chown -R nexus:nexus /opt/nexus /opt/sonatype-work/
# 设置服务启动用户
# echo 'run_as_user="nexus"' > /opt/nexus/bin/nexus.rc
# 这里使用systemd管理服务
# cat <<EOF >/etc/systemd/system/nexus.service
[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
# systemctl daemon-reload
# systemctl enable nexus.service
# systemctl start nexus.service
# 最后,查看log了解服务运行状态
# tail -f /opt/sonatype-work/nexus3/log/nexus.log
三、配置Nexus
使用浏览器打开http://IP:8081/,用户名密码是admin:admin123
点击配置->Repositories->选择类型(yum proxy)
自定义一个名字,例如:yum-proxy
输入URL: http://mirrors.163.com/centos/
保存
四、客户机配置yum repo文件
# cat nexus.repo
[nexus]
name=Nexus Repository
baseurl=http://IP:8081/repository/yum-proxy/$releasever/os/$basearch/
enabled=1
gpgcheck=0
五、附上163服务器CentOS7 repo文件内容
[base]
name=CentOS-$releasever - Base - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - 163.com
baseurl=http://mirrors.163.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
至此,客户端就可以连接自己的repo服务器下载rpm了,如果所须要的包是第一次下载,那么proxy会连接指定的外网YUM仓库下载,但如果是proxy已经存在的,那么直接从proxy代理服务器上拉下来,速度会比外网下载快很很多!