Yum is a package manager on CentOS. You will probably use it pretty often to install some software. In this article I will show you how to configure it, how to speed up packages installation and how to use something more than just
yum install package-name.
Create list of installed packages
One of the first thing that I do on new server is making a list of installed packages. When you have fresh system everything works out of the box. But after some time you installed so many packages etc. and you might wonder - was this package installed at the beginning? Can I safely remove it? Such list comes handy then:)
sudo yum list installed > /etc/yum/initial-packages-list
Enable GPG check before you will install anything
GPG checks are really important. They tell yum to verify signature of downloaded package. It lower the chance of installing suspicious packages from weird sources. Usually they are enabled, but it's worth to check that.
You need to look for following line:
in few files. The most important file is
/etc/yum.conf Make sure that line above is present in
[main] section. If it's set to
0 or line is missing, add it. If there are any other sections than
[main], check them too.
In addition to that you need to check all
.repo files in
/etc/yum.repos.d directory. Most of them will have gpgcheck enabled. If they have
gpgcheck=0 you can either remove the line, or change it to
gpgcheck=1. If you will remove the line, default from
/etc/yum.conf will be used.
Install packages with yum and speed it up with delta RPM
If you want to install additional package you need to execute following command:
sudo yum install PACKAGE_NAME -y
You can install multiple packages at once by separating them with space.
-y modifier will skip prompt with confirmation.
You can speed up packages installation with Delta RPMs. Delta RPM contains the difference between old and new package. It means that you don't have to download entire package, just the difference between the versions. It results in smaller size of downloaded file and generally makes installing packages faster. It doesn't work for all packages, but it's nice to have it installed anyway:
sudo yum install deltarpm -y
That's it, it will be enabled from now on, you don't need to do anything else!
Remove unnecessary packages with yum
There is an unwritten rule - the less packages the better. It's important from security and performance side. If you have less stuff installed you will be able to keep everything updated. You won't have to fix new security issue in package you don't need etc.
There are couple of packages that can be safely removed from servers with CentOS.
To remove the package use command:
sudo yum remove PACKAGE_NAME_HERE -y
-y argument with caution, it will immediately remove package from your system without the need for confirmation from you side:)
Command here will remove unnecessary packages from CentOS. If you plan to use MariaDB instead of MySQL, don't remove
It's also good to use yum info command to check information about given package if you are in doubt that you need to delete it.
Here is the list of packages that I usually delete and system is still working fine (CentOS 7.4)
sudo yum remove btrfs-progs gssproxy hyperv-daemons-license libgudev1 mariadb-libs NetworkManager NetworkManager-libnm NetworkManager-tui NetworkManager-wifi postfix -y
Get information about given package
If you are not sure about given package, you can always get information about it by executing following command:
yum info PACKAGE_NAME_HERE
Update core packages with yum
There are some packages that can't be (easily) removed from CentOS. They are usually safe to update and it's worth to keep the up to date.
In order to update given package you need to execute following command:
sudo yum update PACKAGE_NAME -y
You can also update all packages by executing following command:
sudo yum update -y
But I prefer to update packages in few steps, so I can control everything.
Update all core packages with following command. These are the packages that comes with CentOS and must be installed for proper system functioning. You can safely update them:
sudo yum update bash binutils ca-certificates centos-release chkconfig coreutils cpio cryptsetup-libs cyrus-sasl-lib curl dbus dbus-libs dracut elfutils-libelf expat filesystem gawk glib2 glibc glibc-common gmp gnupg2 grep gzip kmod kmod-libs kpartx krb5-libs libblkid libcap libdb libffi libgcc libgcrypt libmount libuuid libsemanage libstdc++ libssh2 libtasn1 libxml2 lua ncurses nspr nss nss-softokn nss-softokn-freebl nss-sysinit nss-tools nss-util openldap openssl-libs pam pcre pinentry procps-ng python python-libs python-pycurl readline rpm setup shadow-utils shared-mime-info systemd systemd-libs systemd-sysv util-linux tar tzdata xz yum yum-plugin-fastestmirror zlib -y
Update other packages with yum
Apart from core packages there are some tools added to CentOS minimal installation. They can be removed but it's good to keep them installed as they add neat features to OS. Let's update them too:
sudo yum update audit authconfig bind-libs-lite bind-license biosdevname cronie cronie-anacron crontabs device-mapper-persistent-data dhclient dmidecode dnsmasq dracut-network dracut-config-rescue e2fsprogs epel-release ethtool file fipscheck freetype gettext gnutls gobject-introspection grub2 grubby hwdata iproute iprutils iputils initscripts irqbalance kbd kernel kernel-tools kernel-tools-libs kexec-tools libcroco libdrm libgomp libnetfilter_conntrack libpciaccess lsscsi lvm2 make microcode_ctl mozjs17 nettle openssh openssh-clients openssh-server openssl os-prober parted pciutils-libs plymouth plymouth-scripts policycoreutils polkit python-gobject-base python-perf python-pyudev rdma-core rsync rsyslog selinux-policy selinux-policy-targeted sudo tuned vim-minimal virt-what xfsprogs yum-utils -y
Remove not used packages with yum
Yum comes with nice feature - it can removes packages that are not used on the system. You can remove them by executing
sudo yum autoremove -y
Block certain package updates
Sometimes there is an need to block certain packages from being updated or installed. You can block them in two ways.
First is to
--exclude option that you can use on any yum command. For instance:
sudo yum update --exclude="git*"
* means that anything that will be after git will also be excluded. Command above will update all packages, but git won't be updated or installed.
Second option is to add same rule to
/etc/yum.conf file under
[main] section. It will affect all yum commands and you will not have to use
Take a look at the example below:
[main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 exclude=git* ...
One thing that you should remember is that it might also affect other packages. For instance if you try to install/update package that has git as a dependency, you won't be able to do that.
Check if there are any other packages to update?
After I remove unwanted stuff, updates core and other packages and making autoremove I check if there are any other packages marked for update.
You can check it with
yum list updates
If there are any other packages left for update, you should get info about them and update them or remove them from your system.
Power yum with cron
If you have slower connection on your server, sometimes making yum update takes a lot of time. You can speed it up with
yum-cron. It adds a cronjob that periodically checks for packages to update. It can also download them and install them automatically.
First, lets install yum-cron:
sudo yum install yum-cron -y
Before running it I strongly suggest to remove automatic updates. It's OK to check for updates and download them, but you should NEVER install them automatically. They can really screw up your server (been there, done that (unfortunately...)).
If packages are broken or have configuration changes they will break your server anyway, but it's way better to fix it right away, than break it with auto update at 2 AM.
So make sure that auto installing is disabled. Edit
/etc/yum/yum-cron.conf and make sure that
apply-updates option is set to
no. If it is, you can safely start
sudo systemctl start yum-cron.service
You should also add it to system startup, so when you reboot your machine, it will start automatically:
sudo systemctl enable yum-cron.service
Searching for packages
Sometimes you need to install package name, but you are not sure about the name. You can easily search available packages with yum search command:
yum search PACKAGE_NAME
There are some nice packages that are not installed by default on minimal installation, like
netstat command). You can install it on your system, it is pretty handy:)
sudo yum install net-tools -y
You can use our Ansible LAMP on Steroids project to make configuration of your server easier!
If you don't know what Ansible is, check our tutorial first.
Clone our repository and setup your server faster with LAMP on steroids.