[CentOS] Can I force yum to only use http.

Tue Oct 20 16:52:14 UTC 2015

> -----Original Message-----
> From: Styma, Robert E (Robert) [mailto:robert.styma at alcatel-lucent.com]
> Sent: Monday, October 19, 2015 5:12 PM
> To: CentOS at centos.org
> Subject: [CentOS] Can I force yum to only use http.
> 
> Our outsourced IT department has decided to use white listing on the firewalls for outbound ftp.  I was given a list of sites our lab
> had accessed via ftp and eventually tracked them down to Linux machines running yum.  They are all CentOS 5 or 6 with a smattering
> of 7.  It is impractical to list all the possibilities since they change on a regular basis.  Also any 3rd party repos we need are another
> ball of wax.
> 
> Various Google searches and the manual page have not shown me how to avoid using ftp mirrors.  I have considered taking out the
> ftp-proxy information so that the ftp cannot get out, but I suspect it will just hang waiting for a response.
> 
> Does anyone have any suggestions on ways to tell yum not to use ftp as the download mechanism?

On the machines that are using ftp, do the contents of /etc/yum.repos.d/Centos-Base.repo look the same as the machines that are not using FTP?  Perhaps include the Centos-Base.repo file from ONE of the offending machines in an email.
Baseurl can be used to force where and how to connect, but because are getting ftp instead of http connections I am suspecting someone has probably already forced it the other way, the files may tell.  

Another possibility is that on those machines once-upon-a-time they found that the ftp host had the fastest _ping_ time, and have used it ever since. You may be able to log into those machines, `cat /var/cache/yum/timedhosts.txt` and see ftp hosts listed.
If so try [large hammer warning] `yum clean all; yum update` and see if they try going back to the ftp site or pick a new http one.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the terms of any contract.