“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 9-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and ‘Review Questions.’”

1. Which of the following is not a mandatory component in a .repo file that is used to indicate which repositories should be used?

a. [label]

b. name=

c. baseurl=

d. gpgcheck=

2. Which installation source is used on RHEL if a server is not registered with RHN?

a. The installation medium is used.

b. No installation source is used.

c. The base RHN repository is used, without updates.

d. You have full access to RHN repositories, but the software you are using is not supported.

3. Which of the following should be used in the .repo file to refer to a repository that is in the directory /repo on the local file system?

a. file=/repo

b. baseurl=file://repo

c. baseurl=file:///repo

d. file=http:///repo

4. Which of the following is true about GPG-based repository security?

a. If packages in the repository have been signed, you need to copy the GPG key to the correct location.

b. GPG package signing is mandatory.

c. GPG package signatures prevent packages in a repository from being changed.

d. GPG package signing is recommended on Internet repositories, but not required on local repositories that are for internal use only.

5. Which command enables you to search the package that contains the file semanage?

a. yum search semanage

b. yum search all semanage

c. yum provides semanage

d. yum whatprovides */semanage

6. Which YUM module component allows you to work with different versions side by side?

a. Application profile

b. Application stream

c. Module version

d. RPM group

7. Which of the following commands allows you to install the devel profile of the PHP 7.1 application stream?

a. yum module install php:7.1 devel

b. yum module install php:7.1 --devel

c. yum module install php:7.1/devel

d. yum module install php:7.1@devel

8. Which command should you use to install an RPM file that has been downloaded to your computer?

a. yum install

b. yum localinstall

c. rpm -ivh

d. rpm -Uvh

9. Which command enables you to find the RPM package a specific file belongs to?

a. rpm -ql /my/file

b. rpm -qlf /my/file

c. rpm -qf /my/file

d. rom -qa /my/file

10. Which command enables you to analyze whether there are scripts in an RPM package file that you have just downloaded?

a. rpm -qs packagename.rpm

b. rpm -qps packagename.rpm

c. rpm -qp --scripts packagename.rpm

d. rpm -q --scripts packagename.rpm

Foundation Topics

Managing Software Packages with yum

The default utility used to manage software packages on Red Hat Enterprise Linux is yum, which stands for Yellowdog Updater, Modified. Yum is designed to work with repositories, which are online depots of available software packages. In this section, you learn how to create and manage repositories and how to manage software packages based on the contents of the repositories.

Understanding the Role of Repositories

Software on Red Hat Enterprise Linux is provided in the RPM (Red Hat Package Manager) format. This is a specific format used to archive the package and provide package metadata as well.

When you are working with software in RHEL, repositories play a key role. Working with repositories makes it easy to keep your server current: The maintainer of the repository publishes updated packages in the repository, and the result is that whenever you use the yum command (discussed later in this chapter) to install software, the most recent version of the software is automatically used.

Another major benefit of working with YUM is the way that package dependencies are dealt with. On Linux (as on most other modern operating systems), software packages have dependencies. This means that to install one package, other packages have to be present as well. Without using repositories, that would mean that these packages have to be installed manually.

The YUM repository system takes care of resolving these dependencies automatically. If a package is going to be installed, it contains information about the required dependencies. The yum command then looks in the repositories configured on this system to fetch the dependencies automatically. If all goes well, the installer just sees a short list of the dependencies that will be installed as a dependency to install the package. If you are using RHEL with the repositories that are provided through Red Hat Network (RHN), there is no reason why this procedure should not work, and the attempts to install software will usually succeed.

While installing RHEL 8, it asks you to register with the Red Hat Customer Portal, which provides different repositories. After registering, you can install software packages that are verified by Red Hat automatically. If you choose to install RHEL without registration, it cannot get in touch with the Red Hat repositories, and you end up with no repositories at all. In that case, you have to be able to specify yourself which repository you want to use. If you are using CentOS, you get access to the CentOS repositories and no registration is required.

Note that repositories are specific to an operating system. Therefore, if you are using RHEL, you should use RHEL repositories only. Do not try, for instance, to add CentOS repositories to a RHEL server. If you want to provide additional software from the Fedora project to a RHEL server (which for support reasons is not recommended), you can consider adding the EPEL (Extra Packages for Enterprise Linux) repositories. See https://fedoraproject.org/wiki/EPEL for more information.

Registering Red Hat Enterprise Linux for Support

Red Hat Enterprise Linux is a supported Linux operating system that requires you to register. To register RHEL, you need a valid entitlement. This entitlement is associated to your account on the Red Had Customer Portal. You can obtain an entitlement by purchasing a subscription for RHEL or by joining the Red Hat Developer program, which gives access to the no-cost Red Hat Enterprise Developer subscription. You can sign up for the Red Hat Developer subscription at https://developers.redhat.com.

After obtaining a valid subscription for Red Hat Enterprise Linux, you can use the Red Hat Subscription Management (RHSM) tools to manage your entitlement. Managing an entitlement involves four basic tasks:

• Register: While registering a subscription, you connect it to your current Red Hat account. As a result, the subscription-manager tool can inventory the system. If a system is no longer used, it can also be unregistered.

• Subscribe: Subscribing a system gives it access to updates for Red Hat products that your subscription is entitled to. Also, by subscribing, you’ll get access to the support level that is associated with your account.

• Enable repositories: After subscribing a system, you’ll get access to a default set of repositories. Some repositories by default are disabled but can be enabled after subscribing your system.

• Review and track: You can review and track current subscriptions that are in use.

Managing Subscriptions

You can manage subscriptions either from the GNOME graphical interface or from the command line. The subscription-manager tool is used for managing subscriptions from the command line. You can use it in the following ways:

• Register a system: Type subscription-manager register to register. It will prompt for the name of your Red Hat user account as well as your password, and after entering these, your RHEL server will be registered.

• List available subscriptions: Each account has access to specific subscriptions. Type subscription-manager list --available to see what your account is entitled to.

• Automatically attach a subscription: Registering a server is not enough to get access to the repositories. Use subscription-manager attach --auto to automatically attach your subscription to the repositories that are available.

• Get an overview: To see which subscriptions you’re currently using, type subscription-manager --consumed.

• Unregister: If you’re going to deprovision a system, use subscription-manager unregister. If you have access to a limited number of registered systems only, unregistering is important to ensure that you don’t run out of available licenses.

After registering and attaching a subscription, entitlement certificates are written to the /etc/pki directory. In /etc/pki/product, certificates are stored that indicate which Red Hat products are installed on this system. In /etc/pki/consumer, certificates are stored that identify the Red Hat account to which the system is registered, and the /etc/pki/entitlement directory contains information about the subscriptions that are attached to this system.

Specifying Which Repository to Use

On most occasions, after the installation of your server has finished, it is configured with a list of repositories that should be used. You sometimes have to tell your server which repositories should be used:

• You want to distribute nondefault software packages through repositories.

• You are installing Red Hat Enterprise Linux without registering it on RHN.

Telling your server which repository to use is not difficult, but it is important that you know how to do it (for the RHCSA exam, too).

To tell your server which repository to use, you need to create a file with a name that ends in .repo in the directory /etc/yum.repos.d. In that file you need the following contents:

• [label] The .repo file can contain different repositories, each section starting with a label that identifies the specific repository.

• name= Use this to specify the name of the repository you want to use.

• baseurl= Contains the URL that points to the specific repository location.

In the repository files that are provided by default, you may find several repositories in one file, as is the case in Example 9-1. This is useful to group repositories that belong together in one file, and is often done in repository files that are provided as a default. If you are creating repository files yourself, you are free to create separate files for each repository.

Example 9-1 shows a repository file that is based on the default repositories that are installed on CentOS 8.

[root@server1 yum.repos.d]# cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and
  the
# update status of each mirror to pick mirrors that are updated to
  and
# geographically close to the client. You should use this for CentOS
  updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can
  try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=
  $basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=
  $basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=
  $basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=
  $basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/
  $basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8

In the repository configuration file from Example 9-1, you can see that some options are used. Table 9-2 summarizes these options.

When creating a repository file, the baseurl parameter is the most important because it tells your server where to find the files that are to be installed. The baseurl takes as its argument the URL where files need to be installed from. This will often be an HTTP or FTP URL, but it can be a file-based URL as well.

When using a URL, two components are used. First, the URL identifies the protocol to be used and is in the format protocol://, such as http://, ftp://, or file://. Following the URL is the exact location on that URL. That can be the name of a web server or an FTP server, including the subdirectory where the files are found. If the URL is file based, the location on the file system starts with a / as well.

Therefore, for a file system-based URL, there will be three slashes in the baseurl, such as baseurl:///repo, which refers to the directory /repo on the local file system.

Understanding Repository Security

Using repositories allows you to transparently install software packages from the Internet. This is convenient, but it also involves a security risk. When installing RPM packages, you do that with root permissions, and if in the RPM package script code is executed (which is common), that is executed as root as well. For that reason, you want to make sure that you can trust the software packages you are trying to install. This is why repositories in general use keys for package signing. This is also why on Red Hat Enterprise Linux it is a good idea to use repositories provided though RHN only.

To secure packages in a repository, these packages are often signed with a GPG key. This makes it possible to check whether packages have been changed since the owner of the repository provided them. The GPG key used to sign the software packages is typically made available through the repository as well. The users of the repository can download that key and store it locally so that the package signature check can be performed automatically each time a package is downloaded from the repository.

If repository security is compromised and an intruder manages to hack the repository server and put some fake packages on it, the GPG key signature will not match, and the yum command will complain while installing new packages. This is why it is highly recommended to use GPG keys when using Internet repositories.

If you are using a repository where GPG package signing has been used, on first contact with that repository, the rpm command will propose to download the key that was used for package signing (see Example 9-2). This is a transparent procedure that requires no further action. The GPG keys that were used for package signing are installed to the /etc/pki/rpm-gpg directory by default.

[root@server1 ~]# yum install kernel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror1.spango.com
 * extras: mirror.netrouting.net
 * updates: mirrors.supportex.net
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:4.10.0-229.1.2.el8 will be installed
--> Processing Dependency: linux-firmware >= 20190911 for package:
  kernel-4.10.0-229.1.2.el7.x86_64
--> Running transaction check
---> Package linux-firmware.noarch 0:20140213-0.3.git4164c23.el8
  will be updated
---> Package linux-firmware.noarch 0:20140911-0.1.git365e80c.el8
  will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================
=======================================================================
 Package                         Arch                  Version
Repository                Size
=======================================================================
Installing:
  kernel                       x86_64
3.10.0-229.1.2.el8                         updates
31M
Updating for dependencies:
  linux-firmware              noarch
20190911-0.1.git365e80c.el8              base
17 M

Transaction Summary

=======================================================================
Install 1 Package
Upgrade              ( 1 Dependent package)

Total size: 48 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/8/base/packages/linux-firmware-20140911-
  0.1.git365e80c.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key
  ID f4a80eb5: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8
Importing GPG key 0xF4A80EB5:
 Userid : "CentOS-8 Key (CentOS 7 Official Signing Key)
  <[email protected]>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package : centos-release-8-0.1406.el7.centos.2.3.x86_64 (@anaconda)
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-8
Is this ok [y/N]:y

Creating Your Own Repository

Creating your own repository is not a requirement for the RHCSA exam, but knowing how to do so is useful if you want to test setting up and working with repositories. Also, while doing the exercises in this book, it is important to know how to set up your own repositories, as you should not use the repositories that are available online.

Setting up your own repository allows you to put your own RPM packages in a directory and publish that directory as a repository. It is also useful to know how to do this if you have installed RHEL and not connected it to RHN, which means that you would not have any repositories at all.

The procedure itself is not hard to summarize. You need to make sure all RPM packages are available in the directory that you want to use as a repository, and after doing that, you need to use the createrepo command to generate the metadata that enables you to use that directory as a repository. Exercise 9-1 describes how to create your own repository.

[root@server3 yum.repos.d]# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
AppStream                                 194 MB/s | 5.3 MB     00:00
BaseOS                                     86 MB/s | 2.2 MB     00:00
Last metadata expiration check: 0:00:01 ago on Sat 25 May 2019
  09:20:19 AM EDT.
repo id                        repo name                        status
AppStream                      AppStream                        4,672
BaseOS                         BaseOS                           1,658

Using yum

At this point, you should have operational repositories, so it is time to start using them. To use repositories, you need the yum command. This command enables you to perform several tasks on the repositories. Table 9-3 provides an overview of common yum tasks.

Using yum to Find Software Packages

To install packages with yum, you first need to know the exact name of the package. The yum search command can help you with that. When you use yum search, it first gets in touch with the online repositories (which might take a minute), after which it downloads the most recent repository metadata to the local machine. Then, yum search looks in the package name and description for the string you have been looking for. In Example 9-4, you can see what the result looks like after using yum search user.

[root@server3 ~]# yum search user
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:02:23 ago on Sat 25 May 2019
  09:20:19 AM EDT.
====================  Name & Summary Matched: user ====================
trouser s-lib.x86_64   : TrouSer S libtspi library
trouser s-lib.i686     : TrouSer S libtspi library
trouser s-lib.x86_64   : TrouSer S libtspi library
gnome-user-docs.noarch : GNOME User Documentation
gnome-user-docs.noarch : GNOME User Documentation
xdg-user-dirs.x86_64   : Handles user special directories
xdg-user-dirs.x86_64   : Handles user special directories
util-linux-user.x86_64 : libuser based util-linux utilities
...

Because the yum search command looks in the package name and summary only, it often does not show what you need. You often need to look for packages containing a specific file. To do this, the yum whatprovides command or yum provides command will help you. (There is no functional difference between these two commands.) To make it clear that you are looking for packages containing a specific file, you need to specify the filename as */filename, or use the full path name to the file you want to use. So if you need to look for the package containing the file semanage, for example, use yum whatprovides */semanage. It will show the name of the package as a result. Try it, and compare the result to the result of the command yum search semanage; you’ll notice that it is quite different.

Getting More Information About Packages

Before installing a package, it is a good idea to get some more information about the package. Because the yum command was developed to be intuitive, it is almost possible to guess how that works. Just use yum info, followed by the name of the package. In Example 9-5, you see what this looks like for the nmap package (which, by the way, is a very useful tool). It is a network sniffer that allows you to find ports that are open on other hosts. Just use nmap 192.168.4.100 to give it a try, but be aware that some network administrators really do not like nmap and might consider this a hostile attack.

[root@server3 ~]# yum info nmap
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:05:01 ago on Sat 25 May 2019
  09:20:19 AM EDT.
Available Packages
Name          : nmap
Epoch         : 2
Version       : 7.70
Release       : 4.el8
Arch          : x86_64
Size          : 5.8 M
Source        : nmap-7.70-4.el8.src.rpm
Repo          : AppStream
Summary       : Network exploration tool and security scanner
URL           : http://nmap.org/
License       : Nmap
Description   : Nmap is a utility for network exploration or security
                  auditing.  It supports
              : ping scanning (determine which hosts are up), many
                  port scanning techniques
              : (determine what services the hosts are offering), and
                  TCP/IP fingerprinting
              : (remote host operating system identification). Nmap
                  also offers flexible target
              : and port specification, decoy scanning, determination
                  of TCP sequence
              : predictability characteristics, reverse-identd
                  scanning, and more. In addition
              : to the classic command-line nmap executable, the Nmap
                  suite includes a flexible
              : data transfer, redirection, and debugging tool (netcat
                  utility ncat), a utility
              : for comparing scan results (ndiff), and a packet
                  generation and response
              : analysis tool (nping).

Installing and Removing Software Packages

If after looking at the yum info output you are happy with the package, the next step is to install it. As anything else you are doing with yum, it is not hard to guess how to do that: use yum install nmap. When used in this way, the yum command asks for confirmation. If when you type the yum install command you are sure about what you are doing, you might as well use the -y option, which passes a “yes” to the confirmation prompt that yum normally issues. Example 9-6 shows what the result looks like.

[root@server3 ~]# yum install nmap
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:06:16 ago on Sat 25 May 2019
  09:20:19 AM EDT.
Dependencies resolved.
=======================================================================
 Package     Arch          Version           Repository       Size
=======================================================================
Installing:
 nmap        x86_64        2:7.70-4.el8      AppStream        5.8 M

Transaction Summary
=======================================================================
Install  1 Package

Total size: 5.8 M
Installed size: 24 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing         :                                          1/1
  Installing        : nmap-2:7.70-4.el8.x86_64                 1/1
  Running scriptlet : nmap-2:7.70-4.el8.x86_64                 1/1
  Verifying         : nmap-2:7.70-4.el8.x86_64                 1/1
Installed products updated.

Installed:
  nmap-2 :7.70-4.el8.x86_64
Complete!

In Example 9-6, you can see that yum starts by analyzing what is going to be installed. Once that is clear, it gives an overview of the package that is going to be installed, including its dependencies. Then, the package itself is installed to the system.

To remove software packages from a machine, use the yum remove command. This command also does a dependency analysis, which means that it will remove not only the selected package but also all packages that depend on it. This may sometimes lead to a long list of software packages that are going to be removed. To avoid unpleasant surprises, you should never use yum remove with the -y option.

Showing Lists of Packages

When working with yum, you may also use the yum list command to show lists of packages. Used without arguments, yum list shows a list of all software packages that are available, including the repository they were installed from. You see the repository names as listed in Table 9-2 and the @anaconda repository as well. If a repository name is shown, the package is available in that specific repository. If @anaconda is listed, the package has already been installed on this system. Example 9-7 shows the partial output of the yum list command.

[root@server3 ~]# yum list | less
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:09:31 ago on Sat 25 May 2019
  09:20:19 AM EDT.
Installed Packages
GConf2.x86_64                          3.2.6-22.el8        @AppStream
ModemManager.x86_64                    1.8.0-1.el8         @anaconda
ModemManager-glib.x86_64               1.8.0-1.el8         @anaconda
NetworkManager.x86_64                  1:1.14.0-14.el8     @anaconda
NetworkManager-adsl.x86_64             1:1.14.0-14.el8     @anaconda
NetworkManager-bluetooth.x86_64        1:1.14.0-14.el8     @anaconda
NetworkManager-config-server.noarch    1:1.14.0-14.el8     @anaconda
NetworkManager-libnm.x86_64            1:1.14.0-14.el8     @anaconda
NetworkManager-team.x86_64             1:1.14.0-14.el8     @anaconda
NetworkManager-tui.x86_64              1:1.14.0-14.el8
...

If you want to see which packages are installed on your server, you can use the yum list installed command. The yum list command can also prove useful when used with the name of a specific package as its argument. For instance, type yum list kernel to show which version of the kernel is actually installed and which version is available as the most recent version in the repositories. Example 9-8 shows the result of this command.

[root@server3 ~]# yum list kernel
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:11:57 ago on Sat 25 May 2019
  09:20:19 AM EDT.
Installed Packages
kernel.x86_64                  4.18.0-80.el8                 @anacond

Updating Packages

One of the major benefits of working with yum repositories is that repositories make it easy to update packages. The individual who maintains a repository is responsible for copying updated packages to the repositories. The index in the repository always contains the current version of a package in the repository. On the local machine also, a database is available with the current versions of the packages that are used. When using the yum update command, current versions of packages that are installed are compared to the version of these packages in the repositories. As shown in Example 9-9, yum next shows an overview of updatable packages. From this overview, type y to install the updates.

Notice that while updating packages the old version of the package is replaced with a newer version of the package. There is one exception, which is for the kernel package. Even if you are using the yum update kernel command, the kernel package is not updated, but the newer kernel is installed beside the old kernel, so that while booting you can select the kernel that you want to use. This is useful if the new kernel won’t work because of hardware compatibility issues. In that case, you can interrupt the GRUB 2 boot process (see Chapter 17, “Managing and Understanding the Boot Procedure,” for more details) to start the older kernel.

[root@server1 ~]# yum update kernel
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
  2.4 kB/s | 4.5 kB     00:01
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
  2.5 kB/s | 4.0 kB     00:01
created by dnf config-manager from file:///repo
  0.0  B/s |   0  B     00:00
Failed to synchronize cache for repo 'repo', ignoring this repo.
Dependencies resolved.
======================================================================
 Package       Arch    Version            Repository         Size
======================================================================
Installing:
 kernel        x86_64  4.18.0-80.1.2.el8_0 rhel-8-for-x86_
                                             64-baseos-rpms   406 k
Installing dependencies:
 kernel-modules x86_64  4.18.0-80.1.2.el8_0 rhel-8-for-x86_
                                             64-baseos-rpms   20 M
 kernel-core    x86_64 4.18.0-80.1.2.el8_0  rhel-8-for-x86_
                                             64-baseos-rpms   24 M

Transaction Summary
======================================================================
Install  3 Packages

Total download size: 44 M
Installed size: 76 M
Is this ok [y/N]:y

Working with yum Package Groups

While managing specific services on a Linux machine, you often need several different packages. If, for instance, you want to make your machine a virtualization host, you need the KVM packages, but also all supporting packages such as qemu, libvirt, and the client packages. Or while configuring your server as a web server, you need to install additional packages like PHP as well in many cases.

To make it easier to manage specific functionality, instead of specific packages, you can work with package groups as well. A package group is defined in the repository, and yum offers the group management commands to work with these groups. For an overview of all current groups, use yum groups list. This shows output as in Example 9-10.

[root@server1 ~]# yum groups list
Updating Subscription Management repositories.
created by dnf config-manager from file:///repo
  0.0  B/s |   0   B     00:00
Failed to synchronize cache for repo 'repo', ignoring this repo.
Last metadata expiration check: 0:01:08 ago on Sat 25 May 2019
  09:34:12 AM EDT.
Available Environment Groups:
   Server
   Minimal Install
   Workstation
   Virtualization Host
   Custom Operating System
Installed Environment Groups:
   Server with GUI
Installed Groups:
   Container Management
   Headless Management
Available Groups:
   RPM Development Tools
   Smart Card Support
   .NET Core Development
   Network Servers
   Development Tools
   System Tools
   Graphical Administration Tools
   Scientific Support
   Security Tools
   Legacy UNIX Compatibility

Notice that some yum groups are not listed by default. To show those as well, type yum groups list hidden. You see that the list of groups that is displayed is considerably longer. The difference is that yum groups list shows environment groups, which contain basic functionality. Within an environment group, different subgroups can be used; these are displayed only when using yum groups list hidden.

To get information about packages available in a group, you use yum groups info. Because group names normally contain spaces, do not forget to put the entire group name between quotes. So, type yum groups info "Basic Web Server" to see what is in the Basic Web Server group. As you can see in Example 9-11, this command shows mandatory items and optional items in the group. The items can be groups and individual packages.

[root@server1 ~]# yum groups info "Basic Web Server"
Updating Subscription Management repositories.
created by dnf config-manager from file:///repo
  0.0  B/s |   0   B     00:00
Last metadata expiration check: 0:02:55 ago on Sat 25 May 2019
  09:34:12 AM EDT.

Group: Basic Web Server
 Description: These tools allow you to run a Web server on the
  system.
 Mandatory Packages:
   httpd
 Default Packages:
   httpd-manual
   mod_fcgid
   mod_ssl
 Optional Packages:
   libmemcached
   memcached
   mod_auth_gssapi
   mod_security
   mod_security-mlogc
   mod_security_crs

Using yum History

While working with YUM, all actions are registered. You can use the yum history command to get an overview of all actions that have been issued. From the history file, it is possible to undo specific actions; use yum history undo followed by the number of the specific action you want to undo.

In Example 9-12, you see the result of the yum history command, where every action has its own ID.

[root@server1 ~]# yum history
Updating Subscription Management repositories.
ID | Command line             | Date and time    | Action(s)| Altered
----------------------------------------------------------------------
 3 | install dnf-utils        | 2019-05-25 09:07 | Install  |    1
 2 | install stratis-cli stra | 2019-05-24 07:13 | Install  |    9
 1 |                          | 2019-05-19 06:20 | Install  | 1336 EE

As you can see, action number 2 altered nine packages and was used to install packages. To undo this action completely, type yum history undo 2. In Exercise 9-2, you apply some of the most useful yum commands for common package management tasks, as discussed previously.

Managing Package Module Streams

In RHEL 8, Red Hat has introduced Package Module Streams. In previous versions of RHEL, it was difficult to work with different versions of packages. For instance, RHEL 7 has always provided Python 2.x as the default Python version, even though Python 3.x was already available. Using a different version of user-space packages like Python was very difficult, as different repositories had to be added to offer Python 3 instead, which on its turn would again create problems for users who would rather use an older version of Python. In RHEL 8 different versions of the same package can be offered using Package Module Streams. Also, Package Module Streams make it possible to update critical applications more frequently than the base operating system is updated.

To separate core operating system packages from user-space packages, RHEL 8 provides two main repositories, referenced earlier: BaseOS and Application Stream. In BaseOS you’ll find core operating system packages as RPM packages. The life cycle of these packages is comparable to the life cycle of previous RHEL versions.

Understanding Modules

In the Application Stream repository, content with varying life cycles is provided. This content is provided as the traditional RPM packages, but also as modules. A module describes a set of RPM packages that belong together. Typically, modules are organized around a specific version of an application, and in a module you’ll find module packages, together with all of the dependencies for that specific version.

Each module can have one or more application streams. A stream contains one specific version, and updates are provided for a specific stream. When working with modules that have different streams, only one stream can be enabled at the same time.

Modules can also have one or more profiles. A profile is a list of packages that are installed together for a particular use case. You may find, for instance, a minimal profile, a default profile, a server profile. and many more. While working with modules, you may select which profile you want to use. Table 9-4 provides an overview of key terminology when working with modules.

Managing Modules

The yum command in RHEL 8 supports working with modules using the yum module command. To find out which modules are available, you may want to start with the yum module list command. You can see its sample output in Example 9-13.

[root@server3 ~]# yum module list
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:21:12 ago on Sat 25 May 2019
  09:36:47 AM EDT.
AppStream
Name                 Stream       Profiles      Summary
389-ds               1.4                        389 Directory Server
                                                  (base)
ant                  1.10 [d]     common [d]    Java build tool
container-tools      1.0          common [d]    Common tools and
                                                  dependencies for
                                                  container runtimes
container-tools      rhel8 [d][e] common [d]    Common tools and
                                                  dependencies for
                                                  container runtimes
freeradius           3.0 [d]      server [d]    High-performance and
                                                  highly configurable
                                                  free RADIUS server
gimp                 2.8 [d]      common [d], devel gimp module
go-toolset           rhel8 [d]    common [d]     Go
httpd                2.4 [d]      common [d], devel Apache HTTP Server
                                  , minimal
idm                  DL1          common [d], adtru The Red Hat
                                    Enterprise Linux Identity
                                    Managest, client, dns, ment
                                    system module server
idm                  client [d]   common [d]    RHEL IdM long term
  support client module
inkscape             0.92.3 [d]   common [d]    Vector-based drawing
                                                  program using SVG
javapackages-runtime 201801 [d]   common [d]    Basic runtime
                                                  utilities   to
                                                  support Java
                                                  applications
...
pki-core             10.6                       PKI Core
pki-deps             10.6                       PKI Dependencies

postgresql           10 [d]       client, server [d] PostgreSQL server
                                                       and client module
postgresql           9.6          client, server [d] PostgreSQL server
                                                       and client module
python27             2.7 [d]      common [d]         Python programming
                                                       language, version
                                                       2.7
python36             3.6 [d][e]   common [d], build Python programming
                                                       language, version
                                                       3.6
redis                5 [d]        common [d]        Redis persistent
                                                       key-value database
rhn-tools            1.0 [d]      common [d]        Red Hat Satellite
                                                       5 tools for RHEL
ruby                 2.5 [d]      common [d]        An interpreter of
                                                       object-oriented
                                                       scripting language
rust-toolset         rhel8 [d]    common [d]        Rust
satellite-5-client   1.0 [d][e]   common [d], gui   Red Hat Satellite
                                                       5 client packages
scala                2.10 [d]     common [d]        A hybrid
                                                       functional/object-
                                                       oriented language
                                                       for the JVM
squid                4 [d]        common [d]        Squid - Optimising
                                                       Web Delivery
subversion           1.10 [d]     common [d],       Apache Subversion
                                    server
swig                 3.0 [d]      common [d],       Connects C/C++/
                                    complete           Objective C to
                                                       some high-level
                                                       programming
                                                       languages
varnish              6 [d]        common [d]        Varnish HTTP cache
virt                 rhel [d][e]  common [d]        Virtualization
                                                       module

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

In the list of modules, you can see whether or not the module is installed and whether or not a specific stream is enabled. To list specific streams for a module, use the yum module list modulename command. For instance, use yum module list perl to get details about streams that are available for the Perl module, as shown in Example 9-14.

[root@server3 ~]# yum module list perl
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:26:17 ago on Sat 25 May 2019
  09:36:47 AM EDT.
AppStream
Name       Stream          Profiles                 Summary
perl       5.24            common [d], minimal      Practical
Extraction and Report Language
perl       5.26 [d]        common [d], minimal      Practical
Extraction and Report Language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

After finding out which module streams are available, the next step is to get information about specific profiles. You can use yum module info to obtain this information. For instance, use yum module info perl to get more information about the Perl module. This will provide information for profiles that are available in all the module streams. To find profile information for a specific stream, you can provide the stream version as an argument. For instance, use yum module info perl:5.26 (see Example 9-15).

[root@server3 ~]# yum module info perl:5.26
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management.
  You can use subscription-manager to register.
Last metadata expiration check: 0:29:59 ago on Sat 25 May 2019
  09:36:47 AM EDT.
Name              : perl
Stream            : 5.26 [d][a]
Version           : 820181219174508
Context           : 9edba152
Profiles          : common [d], minimal
Default profiles  : common
Repo              : AppStream
Summary           : Practical Extraction and Report Language
Description       : Perl is a high-level programming language with
                      roots in C, sed, awk and shell scripting. Perl
                      is good at handling processes and files, and is
                      especially good at handling text. Perl's
                      hallmarks are practicality and efficiency.
                      While it is used to do a lot of different
                      things, Perl's most common applications
                      are system administration utilities and web
                      programming.
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled, [a]ctive]

After finding module information, the next step is to enable a module stream and install modules. Every module has a default module stream, providing access to a specific version. If that version is what you need, you don’t have to enable anything. If you want to work with a different version, you should start by enabling the corresponding module stream. For example, type yum module enable perl:5.24 to enable that specific version.

Enabling a module stream before starting to work with a specific module is not mandatory. If you just use yum module install to install packages from a module, packages from the default module stream will be installed. You can also switch between application stream versions. If, for instance, you are now on php:7.1 and you want to change to php:7.2, you just have to type yum module install php:7.2. This will disable the old stream and enable the new stream. After doing this, to ensure that all dependent packages that are not in the module itself are updated as well, you should type yum distro-sync to finalize the procedure.

In Exercise 9-3 you can practice working with Yum modules in RHEL 8.

Managing Software Packages with rpm

Once upon a time, repositories did not exist, and the rpm command was used to install package files after they had been downloaded. That worked, but there was one major issue: the dependency hell. Because RPM packages have always focused on specific functionality, to install specific software, a collection of RPM packages was normally required. Therefore, a “missing dependency” message was often issued while users were trying to install RPM packages, which meant that to install the selected package, other packages needed to be installed first. Sometimes a whole chain of dependencies needed to be installed to finally get the desired functionality. That did not make working with RPM packages a joyful experience.

On modern RHEL systems, repositories are used, and packages are installed using yum. The yum command considers all package dependencies and tries to look them up in the currently available repositories. On a RHEL system configured to get updates from RHN, or on a CentOS system where consistent repositories are used, the result is that package installation nowadays is without problems and the rpm command no longer is needed for software installation.

Even after downloading an RPM package file, you do not need to use the rpm -Uvh packagename command anymore to install it (even if it still works). A much better alternative is yum install packagename, which installs the package and also considers the repositories to resolve dependencies automatically. (In earlier versions of RHEL, the yum localinstall command was used to do this; in RHEL 8, yum localinstall is deprecated.) That does not mean the rpm command has become totally useless. You can still use it to query RPM packages.

Understanding RPM Filenames

When working with RPM packages directly, it makes sense to understand how the RPM filename is composed. A typical RPM filename looks like autofs-5.0.7- 40.el7.x86_64.rpm. This name consists of several parts:

• autofs: The name of the actual package.

• 5.0.7: The version of the package. This normally corresponds to the name of the package as it was released by the package creator.

• -40: The subversion of the package.

• el7: The Red Hat version this package was created for.

• x86_64: The platform (32 bits or 64 bits) this package was created for.

Querying the RPM Database

The rpm command enables you to get much information about packages. Using RPM queries can be a really useful way to find out how software can be configured and used. To start, you can use the rpm -qa command. Like yum list installed, this shows a list of all software that is installed on the machine. Use grep on this command to find out specific package names. To perform queries on RPM packages, you just need the name and not the version information.

After finding the package about which you want to have more information, you can start with some generic queries to find out what is in the package. In the following examples, I assume that you are using RPM queries on the nmap RPM package. To start, type rpm -qi nmap to get a description of the package. This will perform a query of a package that is already installed on your system, and it will query the package database to get more details about it.

The next step is to use rpm -ql nmap, which shows a list of all files that are in the package. On some packages, the result can be a really long list of filenames that is not particularly useful. To get more specific information, use rpm -qd nmap, which shows all documentation available for the package, or rpm -qc nmap, which shows all configuration files in the package.

Using RPM queries can really help in finding out more useful information about packages. The only thing that you need to know is the RPM package name that a specific file belongs to. To find this, use rpm -qf, followed by the specific filename you are looking for. Use, for instance, rpm -qf /bin/ls to find the name of the RPM package the ls command comes from. In upcoming Exercise 9-4, you’ll see how useful it can be to use RPM queries in this way.

Querying RPM Package Files

RPM queries by default are used on the RPM database, and what you are querying are installed RPM packages. It sometimes makes sense to query an RPM package file before actually installing it. To do this, you need to add the -p option to the query, because without the -p option, you will be querying the database, not the package file. Also, when querying a package file, you need to refer to the complete filename, including the version number and all other information that you do not have to use when querying the RPM database. As an example, the rpm -qp --scripts httpd-2.4.6-19.el7.centos.x86_64.rpm command queries the specific RPM file to see whether it contains scripts.

A query option that needs special attention is --scripts, which queries an RPM package or package file to see which scripts it contains (if any). This option is especially important when combined with the -p option, to find out whether a package file that you are going to install includes any scripts.

When you install RPM packages, you do so as root. Before installing an RPM package from an unknown source, you need to make sure that it does not include any rogue scripts. If you do not, you risk installing malware on your computer without even knowing it.

Table 9-5 describes the most important RPM querying options.

Using repoquery

While rpm -qp provides useful tools to query packages before installation, there is a slight problem with this command: It works only on RPM package files, and it cannot query files directly from the repositories. If you want to query packages from the repositories before they have been installed, you need repoquery. This binary is not installed by default, so make sure to install the yum-utils RPM package to use it.

The repoquery command is pretty similar to the rpm -q command and uses many similar options. There is just one significant option missing: --script. A simple solution is to make sure that you are using trusted repositories only, to prevent installing software that contains dangerous script code.

If you need to thoroughly analyze what an RPM package is doing when it is installed, you can download it to your machine, which allows you to use the rpm -qp --scripts command on the package. To download a package from the repository to the local directory, you can use the yumdownloader command, which comes from the yum-utils package.

Now that you have learned all about RPM querying options, you can practice these newly acquired skills in Exercise 9-4 to get more information about software that is installed on your RHEL system.

Summary

In this chapter, you learned how to work with software on Red Hat Enterprise Linux. You learned how to use yum to manage software packages coming from repositories. You also learned how to use the rpm command to perform queries on the packages on your system. Make sure that you master these essential skills well; they are key to getting things done on Red Hat Enterprise Linux.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have several choices for exam preparation: the end-of-chapter labs; the memory tables in Appendix B; Chapter 26, “Final Preparation”; and the practice exams.

Review All Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 9-6 lists a reference of these key topics and the page number on which each is found.

Complete Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the companion website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key,” includes completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

YUM

repository

dependency

package

Red Hat Network (RHN)

package groups

dependency hell

RPM

module

application stream

application profile

Review Questions

The questions that follow are meant to help you test your knowledge of concepts and terminology and the breadth of your knowledge. You can find the answers to these questions in Appendix A.

1. You have a directory containing a collection of RPM packages and want to make that directory a repository. Which command enables you to do that?

2. What needs to be in the repository file to point to a repository on http://server.example.com/repo?

3. You have just configured a new repository to be used on your RHEL computer. Which command enables you to verify that the repository is indeed available?

4. Which command enables you to search the RPM package containing the file useradd?

5. Which two commands do you need to use to show the name of the yum group that contains security tools and shows what is in that group?

6. Which command do you use to ensure that all PHP-related packages are going to be installed using the older version 5.1, without actually installing anything yet?

7. You want to make sure that an RPM package that you have downloaded does not contain any dangerous script code. Which command enables you to do so?

8. Which command reveals all documentation in an RPM package?

9. Which command shows the RPM package a file comes from?

10. Which command enables you to query software from the repository?

End-of-Chapter Labs

In these end-of-chapter labs, you use some of the essential RHEL package management skills. All assignments can be done on one server.

Lab 9.1

1. Copy some RPM files from the installation disk to the /myrepo directory. Make this directory a repository and make sure that your server is using this repository.

2. List the repositories currently in use on your server.

3. Search for the package that contains the cache-only DNS name server. Do not install it yet.

4. Perform an extensive query of the package so that you know before you install it which files it contains, which dependencies it has, and where to find the documentation and configuration.

5. Check whether the RPM package contains any scripts. You may download it, but you may not install it yet; you want to know which scripts are in a package before actually installing it, right?

6. Install the package you have found in step 3.

7. Undo the installation.

Lab 9.2

1. Find out which application streams are available for the Perl module.

2. Install Perl from the latest application stream version, using the most minimal installation option.

3. Downgrade, such that the previous version of the Perl application will be used from now on.

4. Ensure that all dependent packages on your system are downgraded as well.