How to install yum on a Virtual Server

1. But I DO have yum already, and I AM on CentOS

Many Linux distributions use a variant of yum. All CentOS releases are shipped with yum and a certain set of matching configuration files. In part this permits your system to work with the CentOS world-wide mirror and updates system. Some downstream forks break these yum configurations, and make their system incompatible.

For the reasons we will see later in this article, CentOS support regulars will decline to make a bad situation (a broken yum), worse.

2. I don't have yum on my CentOS installation

If yum is not installed and working, it is not CentOS. If you have a installation 'based on' or 'derived from' CentOS, but yum is missing, you don't have a real CentOS installation. It is not really possible for non-developers to install CentOS without installing yum.

Several VPS (Virtual Server) providers and some downstream forks of CentOS and its management tools (think: OpenVZ, cPanel, Plesk, webmin, Direct Admin, BlueQuartz, Asterisk, Trixbox, Elastix) seem to install only parts of CentOS on their virtual servers. Some then also remove yum from the installation, or alter the settings of the yum configurations. The usual alterations are to 'exclude' certain locally modified packages from yum package management. The command: {{{ grep -ir exclud /etc/yum.* }}} usually discloses the excluded matter. Some 'manage' the box outside of the package management system. See also the [http://wiki.centos.org/AdditionalResources/OtherVoices Other Voices] page for a list of more fork tines, derived in whole or in part from CentOS.

Why they do it is unclear. Maybe they try to make it harder for you to overwrite their kernel. Perhaps they do it from ignorance or sloth. The CentOS view of this is that such an approach is ill-considered. yum has mechanisms to protect specific packages from change. Perhaps, they cannot figure out how to read: man yum for the 'exclude' option; or perhaps they want to avoid support calls and are willing to sell a system which cannot be updated with facility. The second way, when the machine gets compromised though some newly emerged exploit which they prevented patching away, they can charge you for a full reinstall or restore from backups.

Before you try anything: Please STOP, and ask your VPS provider why they removed yum and how you are supposed to keep your system up to date without yum. This article makes some assumptions, such that simply blindly following advice below might break your system if there is more than just the kernel package which has to be protected!

3. You are saying I was lied to and mislead?

Yes. A true CentOS installation has a CentOS kernel, the CentOS centos-release package, the CentOS yum package and no modification or additions to the contents of the /etc/yum.repos.d/ directory [other than possibly a local mirror, or staged and not-enabled adjunct repositories]. All dependencies will be satisfied and, except for configuration files (see: man rpm), a

$ sudo rpm -Va

command will run silently except for expected configuration file changes. (See: man rpm for help in reading such a listing, where there is a decoder for the left hand column details.)

A true CentOS system also may be freely updated at any time. We note this requirement because security fixes also issue asynchronously. One indication that there may be a problem is that the rack hosting vendor offers CentOS 4.X (where X is a digit), rather than CentOS 4, and so forth; the CentOS team (and indeed the upstream distribution stabilizer) do not permit 'holding back' at a non-current, prior 'point' version, and still representing the product as the 'genuine' article.

A quick test to see if yum is providing expected answers is this:

$ sudo yum grouplist \*

which will return a full list of available package groups on CentOS 4 and CentOS 5.

Members of the #centos IRC channel on irc.freenode.net will often ask you to perform that test, or a couple of other related tests with:

$  lsb_release -a ; uname -a ; rpm -V yum centos-release ; ls /etc/yum.repos.d/ ; yum repolist all

which produces multi-line output. That complete set of output (it should only be a few lines -- under ten, unless things are seriously wrong) should be placed in the CentOS pastebin and the channel advised of the specific URL at which the content appears. Alternatively, a quick determination may sometimes be attempted with the one line result producing:

$ uname -a

which can properly be pasted in full in the #centos IRC channel. In either case, this information is sought in order to help quickly diagnose this state of affairs.

When it is clear that there is a non-CentOS installation in play, the regular and 'in the know' members of the IRC channel will not continue to offer further advice. They do not wish either to suggest a course which may potentially break your system further, or to 'spoonfeed' people who will not learn better system administration; the regulars cannot and do not know all the ways rack hosting providers may have altered the functions which a true CentOS environment provides at any point in time.

If you were lied to, we ask that you seek to have them mend their ways. You could ask your provider to:

• Stop misrepresenting what they offer as CentOS.

• Deliver to you what they promised or return your money.

4. Installing yum

Okay, okay -- I get it -- it is not CentOS. But, I still want yum, or to try to remove and repair a crippled set of yum configurations.

First, take full backups and make sure they may be read. This may not work.

Then, you need the following package to get a working yum - all of which can be downloaded from any CentOS mirror:

• centos-release

You should already have this package installed. You can check that with

rpm -q centos-release
centos-release-4-4.3.i386

If it is already on your system, please check that the yum configuration hasn't been pulled and is available on your system:

ls -l /etc/yum.repos.d/

This directory should contain only the files: CentOS-Base.repo and CentOS-Media.repo. If those aren't there, you should make a directory: 'attic' there, and 'mv' a backup of the current content into that attic, to prepare for the reinstall of the centos-release package:

rpm -Uvh --replacepkgs centos-release.*.rpm

If centos-release isn't installed on your machine, you can drop the --replacepkgs from the command above. Make a backup directory ./attic/ and move any other files present into it, so that you can back out of this proccess later, if you decide you are in 'over your head'.

Then you need the following packages:

CentOS 4

(available from where you also got the centos-release package):

• yum
• sqlite
• python-sqlite
• python-elementtree
• python-urlgrabber
• yum-metadata-parser

CentOS 5

(available from where you also got the centos-release package):

• m2crypto
• python-elementtree
• python-sqlite
• python-urlgrabber
• rpm-python
• yum
• yum-metadata-parser

CentOS 6

(available from where you also got the centos-release package):

• gpgme
• pygpgme
• python-iniparse
• python-pycurl
• python-urlgrabber
• rpm
• rpm-libs
• rpm-python
• yum
• yum-metadata-parser
• yum-plugin-fastestmirror

This is a preliminary list for CentOS 6 (as of 19 Jul 2012) based on info received via some affected persons. Some other packages might be missing, as well as some of the packages listed above might already exist on your system.

Download those into a separate directory and install them with

rpm -Uvh *.rpm

from that directory. As before, take a backup of /etc/yum.conf so that you might back out any changes.

5. Making sure your kernel doesn't get overwritten

Now consider the desire to ensure your (running) kernel does not get overwritten by a kernel update from CentOS, such as in the case of a specially built kernel on a VPS.

Open /etc/yum.conf with your favorite editor and add the following line to the end of the [main] section:

exclude=kernel*

This will prevent yum from installing packages beginning with kernel and so your VPS kernel is safe from being overwritten by yum.

6. Recovering to pristine CentOS yum repositories only

Some system administrators find that they have self-inflicted changes of yum configuration files, such as by adding, enabling, or editing the yum configurations to permit use of non-CentOS repositories. This section describes a recovery approach.

The 'pristine' versions of the files needed are contained in the centos-release package. One solution is to use a manually retrieved copy of that package, and to restore only those files in the /etc/yum.repos.d/ directory. Obviously the /etc/yum.conf and other files may have need altered as well, and a similar recovery approach applies.

We assume in this example a CentOS 4 release and retrieve that proper centos-release rpm into /tmp/unpack with wget:

$ # ... as an end user
$ cd /tmp
$ mkdir unpack
$ wget http://mirror.centos.org/centos-4/4.6/os/i386/CentOS/RPMS/centos-release-4-4.4.i386.rpm
$ mkdir -p /tmp/unpack/var/lock/rpm/
$ #  this is a very unusual case (an 'out of tree' RPM --root), where it is
$ #   NOT improper to use --nodeps
$ sudo rpm -Uvh --root /tmp/unpack/ --nodeps centos-release*rpm
$ # ... become root
$ su -
# cd /etc/yum.repos.d/
# mkdir attic
# mv *.repo attic/
# cp /tmp/unpack/etc/yum.repos.d/* .

and you will have a pristine CentOS yum repository setup once again. As we are done with the 'out of tree' unpacking of the relacement configurations, we can do: rm -rf /tmp/unpack to clean up after the process.

7. Other helpful links

Sometimes people come to the IRC channel seeking help for a box that was represented by a hosting firm as being a CentOS install, but is not running yum properly, or not picking up updates that have been released to the mirror network after the usual propagation delays. This page offers a quickstart to seeing the detail that the regulars in the channel recognize as common CentOS forgeries.