CentOS 6を何故今更
セキュリティにも色々と問題が見つかっている、当然サポートもされていない、そんなCentOS 6を今更メンテしなければならない貴方に送る。
そう、私の周りにもあるのだよ。CentOS 6が。CentOS 6.10ならまだ良い。CentOS 6.2とか、誰もメンテをしていない、あるいはメンテを禁止されている環境まである。いやもっと正確に言えば、CentOS 4まである。流石に使ってないけど。
ということで、インフラのメンテナンスしていると、普通に存在している訳ですよ。Windows XPがまだ動いているのと同じです。そこにrsyncコマンドを入れたいという要望が出てきたりするわけです。
ちょっと知っていれば、vault.centos.org使えば良いじゃない、となるわけですが、それで終わらなかったのでこの記事が存在するのです。
(誰得だよ ボソッ)
まずはやってみる
# yum install rsync
Loaded plugins: fastestmirror
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base
まあ、リポジトリはすでに存在しないのですよ。
CentOS-Base.repo を修正
/etc/yum.repos.d/CentOS-Base.repoを修正して、vault.centos.orgというところの過去のリポジトリを参照するようにします。
/etc/yum.repos.d/CentOS-Base.repo.orig
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
こういうのを、こんな感じにしちゃいます。
/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-6.10 - Base
baseurl=http://vault.centos.org/6.10/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
もちろん関係ありそうな全セクションを同様に修正です。なんかバージョンベタ書きですけど、まあ好きにやってください。
で、試してみる(フラグ)
リポジトリを切り替えたので、yumの持っているキャッシュをクリアしないとケースによりバグります。
# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates zabbix zabbix-non-supported
Cleaning up Everything
Cleaning up list of fastest mirrors
そして徐ろに…
# yum install rsync
Loaded plugins: fastestmirror
Determining fastest mirrors
http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] problem making ssl connection
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
ん~。ダメですね。(知ってた)
「problem making ssl connection」とある通り、SSLが古くて通信できん、と。
SSLまわりの更新
まあ、curlとかwgetとかでファイルを取ってこないとダメなんですが、これらもSSLのバージョンが古くて役に立たないケースが…。ということで、別環境で入手して転送します。
別環境
# wget https://vault.centos.org/6.10/os/x86_64/Packages/wget-1.12-10.el6.x86_64.rpm
バージョン決め打ちですけど、もうこれ以上この環境で新しいパッケージなんて出てこないので、これでヨシ。これを持ってきて、
# rpm -Uvh wget-1.12-10.el6.x86_64.rpm
インストール。これで最近のhttpsサイトに接続できるはず。でも念のため --no-check-certificate とか付けます。
次に、SSLがらみのいくつかのパッケージを更新します。
# wget --no-check-certificate https://vault.centos.org/6.10/updates/x86_64/Packages/ca-certificates-2020.2.41-65.1.el6_10.noarch.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/p11-kit-0.18.5-2.el6_5.2.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/p11-kit-trust-0.18.5-2.el6_5.2.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-3.36.0-8.el6.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-util-3.36.0-1.el6.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-softokn-3.14.3-23.3.el6_8.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nspr-4.19.0-1.el6.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-sysinit-3.36.0-8.el6.x86_64.rpm
# wget --no-check-certificate https://vault.centos.org/6.10/os/x86_64/Packages/nss-tools-3.36.0-8.el6.x86_64.rpm
# rpm -Uvh ca-certificates-2020.2.41-65.1.el6_10.noarch.rpm p11-kit-0.18.5-2.el6_5.2.x86_64.rpm p11-kit-trust-0.18.5-2.el6_5.2.x86_64.rpm nss-3.36.0-8.el6.x86_64.rpm nss-util-3.36.0-1.el6.x86_64.rpm nss-softokn-3.14.3-23.3.el6_8.x86_64.rpm nspr-4.19.0-1.el6.x86_64.rpm nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64.rpm nss-sysinit-3.36.0-8.el6.x86_64.rpm nss-tools-3.36.0-8.el6.x86_64.rpm
準備中... ########################################### [100%]
1:nspr ########################################### [ 10%]
2:nss-util ########################################### [ 20%]
3:nss-softokn-freebl ########################################### [ 30%]
4:p11-kit ########################################### [ 40%]
5:nss-softokn ########################################### [ 50%]
6:nss-sysinit ########################################### [ 60%]
7:nss ########################################### [ 70%]
8:p11-kit-trust ########################################### [ 80%]
9:ca-certificates ########################################### [ 90%]
10:nss-tools ########################################### [100%]
ドンッ。最後のところでエラーが出た方、ご愁傷さまです。試行錯誤してください。
# yum install rsync
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 29 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 12 MB 00:01
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:3.0.6-12.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================
Package Arch Version Repository Size
=======================================================================
Installing:
rsync x86_64 3.0.6-12.el6 base 335 k
Transaction Summary
=======================================================================
Install 1 Package(s)
Total download size: 335 k
Installed size: 682 k
Is this ok [y/N]: y
Downloading Packages:
rsync-3.0.6-12.el6.x86_64.rpm | 335 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : rsync-3.0.6-12.el6.x86_64 1/1
Installed:
rsync.x86_64 0:3.0.6-12.el6
Complete!
ホイ来た。
# rsync
rsync version 3.0.6 protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, xattrs, iconv, symtimes
rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
rsync is a file transfer program capable of efficient remote update
via a fast differencing algorithm.
Usage: rsync [OPTION]... SRC [SRC]... DEST
or rsync [OPTION]... SRC [SRC]... [USER@]HOST:DEST
or rsync [OPTION]... SRC [SRC]... [USER@]HOST::DEST
or rsync [OPTION]... SRC [SRC]... rsync://[USER@]HOST[:PORT]/DEST
or rsync [OPTION]... [USER@]HOST:SRC [DEST]
or rsync [OPTION]... [USER@]HOST::SRC [DEST]
or rsync [OPTION]... rsync://[USER@]HOST[:PORT]/SRC [DEST]
The ':' usages connect via remote shell, while '::' & 'rsync://' usages connect
to an rsync daemon, and require SRC or DEST to start with a module name.
Options
-v, --verbose increase verbosity
-q, --quiet suppress non-error messages
--no-motd suppress daemon-mode MOTD (see manpage caveat)
-c, --checksum skip based on checksum, not mod-time & size
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
--no-OPTION turn off an implied OPTION (e.g. --no-D)
-r, --recursive recurse into directories
-R, --relative use relative path names
--no-implied-dirs don't send implied dirs with --relative
-b, --backup make backups (see --suffix & --backup-dir)
--backup-dir=DIR make backups into hierarchy based in DIR
--suffix=SUFFIX set backup suffix (default ~ w/o --backup-dir)
-u, --update skip files that are newer on the receiver
--inplace update destination files in-place (SEE MAN PAGE)
--append append data onto shorter files
--append-verify like --append, but with old data in file checksum
-d, --dirs transfer directories without recursing
-l, --links copy symlinks as symlinks
-L, --copy-links transform symlink into referent file/dir
--copy-unsafe-links only "unsafe" symlinks are transformed
--safe-links ignore symlinks that point outside the source tree
-k, --copy-dirlinks transform symlink to a dir into referent dir
-K, --keep-dirlinks treat symlinked dir on receiver as dir
-H, --hard-links preserve hard links
-p, --perms preserve permissions
-E, --executability preserve the file's executability
--chmod=CHMOD affect file and/or directory permissions
-A, --acls preserve ACLs (implies --perms)
-X, --xattrs preserve extended attributes
-o, --owner preserve owner (super-user only)
-g, --group preserve group
--devices preserve device files (super-user only)
--copy-devices copy device contents as regular file
--specials preserve special files
-D same as --devices --specials
-t, --times preserve modification times
-O, --omit-dir-times omit directories from --times
--super receiver attempts super-user activities
--fake-super store/recover privileged attrs using xattrs
-S, --sparse handle sparse files efficiently
-n, --dry-run perform a trial run with no changes made
-W, --whole-file copy files whole (without delta-xfer algorithm)
-x, --one-file-system don't cross filesystem boundaries
-B, --block-size=SIZE force a fixed checksum block-size
-e, --rsh=COMMAND specify the remote shell to use
--rsync-path=PROGRAM specify the rsync to run on the remote machine
--existing skip creating new files on receiver
--ignore-existing skip updating files that already exist on receiver
--remove-source-files sender removes synchronized files (non-dirs)
--del an alias for --delete-during
--delete delete extraneous files from destination dirs
--delete-before receiver deletes before transfer, not during
--delete-during receiver deletes during transfer (default)
--delete-delay find deletions during, delete after
--delete-after receiver deletes after transfer, not during
--delete-excluded also delete excluded files from destination dirs
--ignore-errors delete even if there are I/O errors
--force force deletion of directories even if not empty
--max-delete=NUM don't delete more than NUM files
--max-size=SIZE don't transfer any file larger than SIZE
--min-size=SIZE don't transfer any file smaller than SIZE
--partial keep partially transferred files
--partial-dir=DIR put a partially transferred file into DIR
--delay-updates put all updated files into place at transfer's end
-m, --prune-empty-dirs prune empty directory chains from the file-list
--numeric-ids don't map uid/gid values by user/group name
--timeout=SECONDS set I/O timeout in seconds
--contimeout=SECONDS set daemon connection timeout in seconds
-I, --ignore-times don't skip files that match in size and mod-time
--size-only skip files that match in size
--modify-window=NUM compare mod-times with reduced accuracy
-T, --temp-dir=DIR create temporary files in directory DIR
-y, --fuzzy find similar file for basis if no dest file
--compare-dest=DIR also compare destination files relative to DIR
--copy-dest=DIR ... and include copies of unchanged files
--link-dest=DIR hardlink to files in DIR when unchanged
-z, --compress compress file data during the transfer
--compress-level=NUM explicitly set compression level
--skip-compress=LIST skip compressing files with a suffix in LIST
-C, --cvs-exclude auto-ignore files the same way CVS does
-f, --filter=RULE add a file-filtering RULE
-F same as --filter='dir-merge /.rsync-filter'
repeated: --filter='- .rsync-filter'
--exclude=PATTERN exclude files matching PATTERN
--exclude-from=FILE read exclude patterns from FILE
--include=PATTERN don't exclude files matching PATTERN
--include-from=FILE read include patterns from FILE
--files-from=FILE read list of source-file names from FILE
-0, --from0 all *-from/filter files are delimited by 0s
-s, --protect-args no space-splitting; only wildcard special-chars
--address=ADDRESS bind address for outgoing socket to daemon
--port=PORT specify double-colon alternate port number
--sockopts=OPTIONS specify custom TCP options
--blocking-io use blocking I/O for the remote shell
--stats give some file-transfer stats
-8, --8-bit-output leave high-bit chars unescaped in output
-h, --human-readable output numbers in a human-readable format
--progress show progress during transfer
-P same as --partial --progress
-i, --itemize-changes output a change-summary for all updates
--out-format=FORMAT output updates using the specified FORMAT
--log-file=FILE log what we're doing to the specified FILE
--log-file-format=FMT log updates using the specified FMT
--password-file=FILE read daemon-access password from FILE
--list-only list the files instead of copying them
--bwlimit=KBPS limit I/O bandwidth; KBytes per second
--write-batch=FILE write a batched update to FILE
--only-write-batch=FILE like --write-batch but w/o updating destination
--read-batch=FILE read a batched update from FILE
--protocol=NUM force an older protocol version to be used
--iconv=CONVERT_SPEC request charset conversion of filenames
-4, --ipv4 prefer IPv4
-6, --ipv6 prefer IPv6
--version print version number
(-h) --help show this help (-h works with no other options)
Use "rsync --daemon --help" to see the daemon-mode command-line options.
Please see the rsync(1) and rsyncd.conf(5) man pages for full documentation.
See http://rsync.samba.org/ for updates, bug reports, and answers
rsync error: syntax or usage error (code 1) at main.c(1407) [client=3.0.6]
これでこのサーバのデータ移行ができて、廃止できる。おつかれ!