Open Source Software Technical Articles

Want the Best of the Wazi Blogs Delivered Directly to your Inbox?

Subscribe to Wazi by Email

Your email:

Connect with Us!

Current Articles | RSS Feed RSS Feed

Yum tips for taking charge of package management in CentOS


An important aspect of administering a CentOS server is to understand its package management system and its various online repositories. Together they ensure you are always running a secure and updated server.

CentOS uses the Yellow Dog Updater, Modified (yum) package manager to install and update software packages in RPM format from online software repositories. With yum, in addition to downloading and installing new packages, you can also check for available updates and fetch information about available packages.

The /etc/yum.conf file comes preconfigured with options that affect how you download and use RPM packages. Here's a snippet from the file:


The cachedir variable points to the location where the RPM packages are downloaded.

The keepcache=0 option instructs yum to delete the packages after they've been installed. If you change the value of the keepcache variable to 1, CentOS will keep the packages even after installation. Storing downloaded packages comes in handy when you are setting up a local update server. You download updates from the Internet on the update server, from where they can be picked up by other CentOS machines on your network.

The debuglevel variable can take values from 0 to 10. The default level 2 produces just enough information to indicate whether an operation was a success or a failure. Debug messages are logged to the specified log file.

When you invoke the yum command to install a software package, it checks the list of configured repositories under the /etc/yum.conf file and in files under the /etc/yum.repos.d directory. Although you can add information about repositories in yum's main configuration file, a good practice is to list them under /etc/yum.repos.d in separate files named file.repo, such as CentOS-Base.repo, in order to help manage repos that may be pulling in software from lots of different sources.

The CentOS repositories

CentOS has several official repositories. Using these default repos ensures that your CentOS installation is binary-compatible with Red Hat Enterprise Linux (RHEL), with which CentOS shares a common code base. The following are the official CentOS repositories, configured under the /etc/yum.repos.d/CentOS-Base.repo file:

  • [base] – This repository is enabled by default and contains the RPM packages that are also supplied on the installation medium. The contents of this repository don't change after a release.
  • [updates] – This repository, which is also enabled by default, holds all the security, bug fix, and other updates for the packages in the [base] repositories. All the other repositories contain their own updates.
  • [extras] – This repository is also enabled by default and contains packages that add functionality to the distro. The packages in this repo are written by CentOS developers and have undergone reasonable testing. Also, packages in this repo never conflict with packages in the [base] repo.
  • [contrib] – This repository is not enabled by default and contains additional software packages contributed by the CentOS community. While the packages in this repo should not conflict with packages in the [base] repo, these packages haven't been tested by CentOS developers.
  • [centosplus] – This repository is also not enabled by default and contains software contributed by both CentOS users and developers. However, the packages in this repo may upgrade packages from the [base] repo and thus break binary compatibility with upstream versions. Make sure you have a valid reason before enabling this repo.

To enable a repo, edit the CentOS-Base.repo file and scroll to the repository you want to enable. Toggle the repo by changing enabled=0 to enabled=1.

If you wish to use the CentOSPlus repository, the CentOS developers advise that you use it only to pick particular packages. You can browse the contents of the repo online, and when you find a package you need, such as a newer kernel, you can intruct yum to update only that particular package and ignore the rest. To do so, add the following line to the CentOS-Base.repo file under the [centosplus] entry:


At the same time you also have to tell yum not to fetch the kernel from the base repos by adding the following line under the [base] and [update] repo sections:

exclude=kernel kernel-devel kernel-PAE*

Third-party repositories

If you are using CentOS on the desktop, chances are you'll need a package that's not in one of the official CentOS repositories, such as the Flash plugin or Google's Chrome web browser. In that case you'll need to enable a third-party repository.

You can use lots of third-party repos to flesh out your installation with all kinds of apps. However, these repos contain packages that aren't approved by the CentOS project. You should add only those repos that you need. Adding unnecessary repositories can slow down the performance of yum and may introduce inconsistency in your system.

The three most popular third-party repos are Extra Packages for Enterprise Linux (EPEL), RepoForge, and ATrpms. The EPEL repo hosts Fedora packages that have been rebuilt for RHEL. The RepoForge repo contains packages for servers, desktops, and software development. On ATrpms you'll find the latest bleeding-edge drivers for peripherals such as graphics and wireless cards.

To ease the installation of a third-party repo, most repo developers produce a special package that contains the GPG key of the repository as well as configuration information for the package manager to enable it to pull software from the repo. The following command fetches and installs such a special RepoForge installation package, making the required configuration changes to install the RepoForge repository for 64-bit packages in CentOS 6:

# rpm -ivh

Using Yum
If you are new to Yum, here are some tricks that you should master to use the tool effectively.

To install a package, use yum install package-name. If you have the package on your disk, yum --nogpgcheck localinstall package-name will install the package and automatically check and install dependencies from the repos.

Use yum list package-name to search the repos for a particular package. If you don't know the name of the package, you can search for a string in the name, description, and summary of all the packages with yum search keyword. You can also use yum provide filename to search packages that provide a package or a library.

If you have configured third-party repos, you can use yum list extras to see a list of packages that were installed from repos outside of the main CentOS repository.

Use yum check-update to check for available updates. While you can update a particular package with yum update package-name, yum update will install all available updates. You can even update a particular group of packages. For example, yum groupupdate Virtualization will update all packages in the Virtualization group. Use yum grouplist to list all predefined groups.

Run yum clean packages regularly to ensure the packages are cleared out from under the /var/cache/yum directory. If yum throws a tantrum while you're installing packages, you can refresh the metadata information about the packages with yum clean metadata, or clear the whole cache with yum clean all.

Yum plugins

You can extend yum's usefulness via plugins, which are Python scripts that extend yum's feature set. You can find yum plugins under /usr/lib/yum-plugins, and their configuration files are housed under /etc/yum/pluginconf.d/.

Run yum search yum-plugin to search for the available plugins. Before you can use any plugins, they must be enabled in yum's configuration file /etc/yum.conf. Edit the file and make sure the plugins variable is set to "1".

Plugins are already enabled in CentOS 6, which ships with plugins such as the fastestmirror, priorities, refresh-packagekit, and security plugins enabled by default. What do these plugins do?

If you have more than one mirror listed in a repo configuration, the fastestmirror plugin will connect and time the connection with each mirror, then sort them by fastest to slowest for yum.

If you decide to add a third-party repository, there is a chance that package conflicts may compromise the stability of your CentOS installation. To avoid such a situation you should prioritize the repos with the priorities plugin. Then, if a package is available in multiple repos, it will be installed from the repo with the highest priority. More importantly, packages from repos with a lower priority will never be used to upgrade packages that were installed from a repo with a higher priority. To assign priorities, add a line to the end of a repository configuration, such as priority=2. The priority number can range from 1 to 99, the latter of which is the default priority for repos. The repo with the lowest numerical priority number will have the highest priority. Generally speaking, the default CentOS repos should be 1, while third-party repos should have a lower priority unless you're looking to replace official Fedora packages with those from a third party.

If you manage a bunch of CentOS machines, you can set up a local update server that fetches updates from the Internet. You can then configure yum in the other machines, preferably with the priorities plugin, to fetch updates from the update server on the network rather than the Internet.

You can use the security plugin to search for and query security updates. For example, running yum --security check-update will show only updates that should be installed for security reasons. You can install all such security updates with yum --security update. The man page of the plugin (man yum-security) lists more interesting uses.

In addition, the blacklist and whiteout plugins are installed but disabled – they were tied to the now deprecated PreUpgrade app to upgrade from one CentOS release to another.

As you can see, yum is a powerful and versatile package manager. You can use its plugins system to speed up upgrades and mix and match software from official CentOS and third-party repos without compromising the stability of your installation. Whether you are managing CentOS desktops or servers, you should take time out to learn yum tricks like these.

This work is licensed under a Creative Commons Attribution 3.0 Unported License
Creative Commons License.


Posted @ Wednesday, November 20, 2013 3:23 AM by Ann
Thank you a lot. Are you sure that "yum --security" is work for CentOS ?
Posted @ Monday, December 23, 2013 7:53 AM by Stas
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics