一、问题描述
某次OS升级到Anolis 8.6后,但是还需要centos 6.5的yum源,恢复回去后,yum更新,报如下错误:
Errors during downloading metadata for repository ‘base’:
- Curl error (8): Weird server reply for ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml [Got a 500 ftp-server response when 220 was expected]
错误:为仓库 ‘base’ 下载元数据失败 : Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
资源:CURL-FAQ
二、报错处理
2.1、根据报错,执行:
curl -vvv ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml
* Trying 10.172.1.206...
* TCP_NODELAY set
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
< 500 OOPS: tcp_wrappers is set to YES but no tcp wrapper support compiled in
* Got a 500 ftp-server response when 220 was expected
* Closing connection 0
curl: (8) Got a 500 ftp-server response when 220 was expected
FTP server配置文件回顾:其中,tcp_wrappers用于访问控制,如上显示yum安装的默认未启用该功能支持,因此,我们只需要禁用即可。除非你必须使用,可从新编译,增加:
说明:TCP_Wrappers实际是Linux OS中的一个安全机制,可叫它为TCP_Wrappers防火墙,是一个工作在第四层(传输层)的安全工具,它有一个TCP的守护进程叫作tcpd,可以对有状态连接的特定服务进行安全检测并实现访问控制,凡是包含有libwrap.so库文件的程序就可以受TCP_Wrappers的安全控制。它的主要功能就是控制谁可以访问,常见的程序有rpcbind、vsftpd、sshd,telnet。优点 :配置改变,立即生效;缺点:缺只能针对服务程序和主机地址进行访问控制策略的设置,而不能指定网络解析和其他属性进行设置。
对于基于UDP连接的访问控制,可以通过使用内置或第三方的防火墙来实现。比如:每当有ssh的连接请求时,tcpd即会截获请求,先读取系统管理员所设置的访问控制文件,符合要求,则会把这次连接原封不动的转给真正的ssh进程,由ssh完成后续工作;如果这次连接发起的ip不符合访问控制文件中的设置,则会中断连接请求,拒绝提供ssh服务。
它的控制文件就是用OS的:/etc/hosts.allow 定义允许的访问,/etc/hosts.deny 定义拒绝的访问,另外deny文件里的过滤规则说明:
LOCAL 主机中不含.的主机(通常是指自己)
KNOWN 所有在DNS中可以解析到的主机
UNKNOWN 所有在DNS不可以解析到的主机
PARANOID 所有在DNS中正向解析与反向解析不匹配的主机
ALL 代表匹配所有(这个主机和服务都可以定义)
EXCEPT 反向选择
2.2、重新编译支持制定功能
FTP编译是没有configure,可编辑构建文件启用相关功能:vi /usr/local/src/vsftp-d.2.3.4/builddefs.h
默认值如下:支持则将对应项设为define,否则设为undef,建议全部define
#undef VSF_BUILD_TCPWRAPPERS #是否支持TCP WRAPPERS*/
#define VSF_BUILD_PAM #是否支持自定义虚拟用户登录*/
#undef VSF_BUILD_SSL #是否支持SSL传输*/
2.3、报错:不支持media协议, Unsupported protocol for media
Errors during downloading metadata for repository 'base':
- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz [Protocol "media" not supported or disabled in libcurl]
- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6-primary.xml.gz [Protocol "media" not supported or`strace -f ` disabled in libcurl]
- Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz [Protocol "media" not supported or disabled in libcurl]
错误:为仓库 'base' 下载元数据失败 : Yum repo downloading error: Downloading error(s): repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz - Download failed: Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz [Protocol "media" not supported or disabled in libcurl]; repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz - Download failed: Curl error (1): Unsupported protocol for media://1385726732.061157/#1/repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz [Protocol "media" not supported or disabled in libcurl]; repodata/495d3964f864fbab835ea1afb8a5272352cd12ded1
调试
curl -vvv ftp://10.172.1.206/centos6.5/media/repodata/repomd.xml
* Trying 10.172.1.206...
* TCP_NODELAY set
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> USER anonymous
< 331 Please specify the password.
> PASS ftp@example.com
< 230 Login successful.
> PWD
< 257 "/" is the current directory
* Entry path is '/'
> CWD centos6.5
* ftp_perform ends with SECONDARY: 0
< 250 Directory successfully changed.
> CWD media
< 250 Directory successfully changed.
> CWD repodata
< 250 Directory successfully changed.
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||60100|)
* Trying 10.172.1.206...
* TCP_NODELAY set
* Connecting to 10.172.1.206 (10.172.1.206) port 60100
* Connected to 10.172.1.206 (10.172.1.206) port 21 (#0)
> TYPE I
< 200 Switching to Binary mode.
> SIZE repomd.xml
< 213 4062
> RETR repomd.xml
< 150 Opening BINARY mode data connection for repomd.xml (4062 bytes).
* Maxdownload = -1
* Getting file with size: 4062
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
<revision>1385726898</revision>
<data type="group">
<checksum type="sha256">b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632</checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632-c6-x86_64-comps.xml"/>
<timestamp>1385726992.63</timestamp>
<size>1220797</size>
</data>
<data type="filelists">
<checksum type="sha256">6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d</checksum>
<open-checksum type="sha256">94e6b785bf5990ce8d806b2b3f369104ec05b135e5a4b052cd5374e170588f3b</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/6ac72f497df511cc2dc584eaa59779884fc572c1618e7c62dbd631ab8babf53d-filelists.xml.gz"/>
<timestamp>1385726972</timestamp>
<size>5475008</size>
<open-size>71286426</open-size>
</data>
<data type="group_gz">
<checksum type="sha256">ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66</checksum>
<open-checksum type="sha256">b4e0b9342ef85d3059ff095fa7f140f654c2cb492837de689a58c581207d9632</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/ca525c73086186bfcb81ad9edd45796026dac7e4e50524e0f2daf901532aaf66-c6-x86_64-comps.xml.gz"/>
<timestamp>1385726992.61</timestamp>
<size>225591</size>
</data>
<data type="primary">
<checksum type="sha256">495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6</checksum>
<open-checksum type="sha256">e8032322f7f5f06bd3485583420d81c54b5d3782b17b60cb054f4ee2b53206a8</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/495d3964f864fbab835ea1afb8a5272352cd12ded13d607205109fefaddd0ab6-primary.xml.gz"/>
<timestamp>1385726972</timestamp>
<size>2625479</size>
<open-size>17198556</open-size>
</data>
<data type="primary_db">
<checksum type="sha256">0dafccfdbf892f02acca8267ade4bdcee7280a682e65dc7e29145f3341fd7a8c</checksum>
<open-checksum type="sha256">4b2eb9c43c432dde3528fe5bd88fc9ba4f01ef5eb5e0ca2ea8f7665eefd6dd86</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/0dafccfdbf892f02acca8267ade4bdcee7280a682e65dc7e29145f3341fd7a8c-primary.sqlite.bz2"/>
<timestamp>1385726992.5</timestamp>
<database_version>10</database_version>
<size>4595171</size>
<open-size>20478976</open-size>
</data>
<data type="other_db">
<checksum type="sha256">fdd542ef36b0cde54ee0521fae90b98911db06483163aa1c049995b6d109349b</checksum>
<open-checksum type="sha256">969cff0b4ced02852da2df6b6b7ba964561e37c3f817f7b98266216097ae22b5</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/fdd542ef36b0cde54ee0521fae90b98911db06483163aa1c049995b6d109349b-other.sqlite.bz2"/>
<timestamp>1385726976.09</timestamp>
<database_version>10</database_version>
<size>2835495</size>
<open-size>12257280</open-size>
</data>
<data type="other">
<checksum type="sha256">5af8199bd0ffb441c34ef946582d0d06c1ad770755e631690771e0bceb0ad222</checksum>
<open-checksum type="sha256">661feb7628bd6d3d73b37bdc7371c7fd4ad6b056c296932d6d36fa7bd1a859cf</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/5af8199bd0ffb441c34ef946582d0d06c1ad770755e631690771e0bceb0ad222-other.xml.gz"/>
<timestamp>1385726972</timestamp>
<size>3148903</size>
<open-size>12981292</open-size>
</data>
<data type="filelists_db">
<checksum type="sha256">594d4bb4a79ed01d66635adbcf76c45ca4a85b30fc3e3c3c28316e64f0a83f21</checksum>
<open-checksum type="sha256">74459fc0aaf65a4603c3b47dbcbc241d2cabbd2a382271f8273c830806152074</open-checksum>
<location xml:base="media://1385726732.061157#1" href="repodata/594d4bb4a79ed01d66635adbcf76c45ca4a85b30fc3e3c3c28316e64f0a83f21-filelists.sqlite.bz2"/>
<timestamp>1385726986.64</timestamp>
<database_version>10</database_version>
<size>6121534</size>
<open-size>33275904</open-size>
</data>
</repomd>
* Remembering we are in dir "centos6.5/media/repodata/"
< 226 Transfer complete.
* Connection #0 to host 10.172.1.206 left intact
#跟踪调试
strace -f yum makecache|grep -iE '(curl|ssl)'
三、附录
1)FTP启动脚本
#!/bin/bash
#
# vsftpd This shell script takes care of starting and stopping
# standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program
# that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/local/sbin/vsftpd ] || exit 0
RETVAL=0
prog="vsftpd"
start() {
# Start daemons.
if [ -d /etc/vsftpd ] ; then
for i in `ls /etc/vsftpd/*.conf`; do
site=`basename $i .conf`
echo -n $"Starting $prog for $site: "
/usr/local/sbin/vsftpd $i &
RETVAL=$?
[ $RETVAL -eq 0 ] && {
touch /var/lock/subsys/$prog
success $"$prog $site"
}
echo
done
else
RETVAL=1
fi
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
