Background
In modern enterprise environments it's common to host private packages in an internal YUM repository. This guide walks through configuring a Rocky Linux 8/9 (or other RPM-based) host to securely access and install packages from a private YUM repository hosted in Google Artifact Registry.
โ Prerequisites
- A host running Rocky Linux 8 or 9
- Access to a private YUM repo in Google Artifact Registry
- A service account JSON key with the required permissions
-
yumordnfinstalled
๐ Step-by-Step Setup
๐น Step 1: Import the GPG Key for Google Cloud RPM Packages
sudo rpm --import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
๐น Step 2: Add the Artifact Registry Plugin Repository
Create a new repo file at /etc/yum.repos.d/artifact-registry-plugin.repo:
sudo tee /etc/yum.repos.d/artifact-registry-plugin.repo <<EOF
[ar-plugin]
name=Artifact Registry Plugin
baseurl=https://packages.cloud.google.com/yum/repos/dnf-plugin-artifact-registry-el9-stable
enabled=1
gpgcheck=1
EOF
๐ This enables your host to install the required plugin for accessing Google Artifact Registry.
๐น Step 3: Update YUM and Install the Artifact Registry Plugin
sudo yum makecache
sudo yum install dnf-plugin-artifact-registry
๐น Step 4: Configure the Artifact Registry Plugin Credentials
Create or edit the file /etc/dnf/plugins/artifact-registry.conf:
[main]
enabled=1
service_account_json = "/path/to/your/service-account.json"
โ ๏ธ Replace /path/to/your/service-account.json with the actual path to your GCP service account key file.
๐น Step 5: Add Your Internal YUM Repository
Create the file /etc/yum.repos.d/yum-private.repo with the following content:
sudo tee /etc/yum.repos.d/yum-private.repo <<EOF
[yum-private]
name=Internal YUM Repo
baseurl=https://<region>-yum.pkg.dev/path/to/repo
enabled=1
repo_gpgcheck=0
gpgcheck=0
EOF
๐ Replace with your Google Cloud region (e.g., europe-west3) and /path/to/repo with your actual repository path inside Artifact Registry.
๐น Step 6: Refresh the Package Cache
sudo yum makecache
This ensures the repo metadata is up to date and packages are available to install.
โ Conclusion:
Youโve now configured your RPM-based host to securely pull packages from a private YUM repository hosted in Google Artifact Registry. This is especially useful in production or enterprise environments where package access must be controlled, reproducible, and secure.
๐ง Bonus Tip
To automate this process, consider:
Writing an Ansible role or bash script
Integrating this configuration into your Packer build if you're baking AMIs or VM images
Managing the credentials via Vault or GCP Secret Manager for security
Top comments (0)