Step-by-Step: Configuring Internal YUM Repo Access on RPM-Based Hosts
#yum#rpm#devops#linux
yelenary

yelenary @yelenary

About: Senior Infrastructure & DevOps Engineer | CI/CD Automation Fan Passionate about building scalable infrastructure using Kubernetes, Terraform, Crossplane, and CI/CD practices.

Joined:
Jun 4, 2025

Step-by-Step: Configuring Internal YUM Repo Access on RPM-Based Hosts

Publish Date: Jun 5
0 0

Background

In modern enterprise environments it's common to host private packages in an internal YUM repository. This guide walks through configuring a Rocky Linux 8/9 (or other RPM-based) host to securely access and install packages from a private YUM repository hosted in Google Artifact Registry.

✅ Prerequisites

  • A host running Rocky Linux 8 or 9
  • Access to a private YUM repo in Google Artifact Registry
  • A service account JSON key with the required permissions
  • yum or dnf installed

🛠 Step-by-Step Setup

🔹 Step 1: Import the GPG Key for Google Cloud RPM Packages 
sudo rpm --import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
Enter fullscreen mode Exit fullscreen mode
🔹 Step 2: Add the Artifact Registry Plugin Repository

Create a new repo file at /etc/yum.repos.d/artifact-registry-plugin.repo:

sudo tee /etc/yum.repos.d/artifact-registry-plugin.repo <<EOF
[ar-plugin]
name=Artifact Registry Plugin
baseurl=https://packages.cloud.google.com/yum/repos/dnf-plugin-artifact-registry-el9-stable
enabled=1
gpgcheck=1
EOF
Enter fullscreen mode Exit fullscreen mode

📝 This enables your host to install the required plugin for accessing Google Artifact Registry.

🔹 Step 3: Update YUM and Install the Artifact Registry Plugin 
sudo yum makecache
sudo yum install dnf-plugin-artifact-registry
Enter fullscreen mode Exit fullscreen mode
🔹 Step 4: Configure the Artifact Registry Plugin Credentials

Create or edit the file /etc/dnf/plugins/artifact-registry.conf:

[main]
enabled=1
service_account_json = "/path/to/your/service-account.json"
Enter fullscreen mode Exit fullscreen mode

⚠️ Replace /path/to/your/service-account.json with the actual path to your GCP service account key file.

🔹 Step 5: Add Your Internal YUM Repository 
Create the file /etc/yum.repos.d/yum-private.repo with the following content:
sudo tee /etc/yum.repos.d/yum-private.repo <<EOF
[yum-private]
name=Internal YUM Repo
baseurl=https://<region>-yum.pkg.dev/path/to/repo
enabled=1
repo_gpgcheck=0
gpgcheck=0
EOF
Enter fullscreen mode Exit fullscreen mode

🔁 Replace with your Google Cloud region (e.g., europe-west3) and /path/to/repo with your actual repository path inside Artifact Registry.

🔹 Step 6: Refresh the Package Cache 
sudo yum makecache
Enter fullscreen mode Exit fullscreen mode

This ensures the repo metadata is up to date and packages are available to install.

✅ Conclusion:

You’ve now configured your RPM-based host to securely pull packages from a private YUM repository hosted in Google Artifact Registry. This is especially useful in production or enterprise environments where package access must be controlled, reproducible, and secure.

🧠 Bonus Tip

To automate this process, consider:

  • Writing an Ansible role or bash script

  • Integrating this configuration into your Packer build if you're baking AMIs or VM images

  • Managing the credentials via Vault or GCP Secret Manager for security

Comments 0 total

    Add comment