Using yum with Images

From NovaOrdis Knowledge Base
Jump to: navigation, search



Overview images may need at times additional components installed with yum. However, they do not come pre-configured with any repository yum may use, so it fails with:

This article describes the procedure to configure the image with the appropriate repositories and entitlements, so yum can be used. Note that entitlements required to access the RPM repository in question are necessary.


Prepare a yum repository file. It can be conventionally named redhat.repo. It should list the repositories that contains the dependencies that are needed. A commonly used repository is "rhel-7-server-extras-rpms":

name = Red Hat Enterprise Linux 7 Server - Extras (RPMs)
baseurl =$basearch/extras/os
ui_repoid_vars = basearch
metadata_expire = 86400
sslverify = 1
enabled = 1
gpgcheck = 1
sslclientkey = /etc/pki/entitlement/00000000000000000-key.pem
sslclientcert = /etc/pki/entitlement/00000000000000000.pem
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslcacert = /etc/rhsm/ca/redhat-uep.pem

Place redhat.repo into a local ./entitlements directory.

Gather entitlements (/etc/pki/entitlement/00000000000000000-key.pem, /etc/pki/entitlement/00000000000000000.pem) and various other cryptographic artifacts (/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release and /etc/rhsm/ca/redhat-uep.pem) from a system that has them and place them into a local ./entitlements directory.

Use the following Dockerfile fragment:

COPY ./entitlements/redhat.repo /etc/yum.repos.d/redhat.repo
COPY ./entitlements/00000000000000000-key.pem /etc/pki/entitlement/00000000000000000-key.pem
COPY ./entitlements/00000000000000000.pem /etc/pki/entitlement/00000000000000000.pem
COPY ./entitlements/RPM-GPG-KEY-redhat-release /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
COPY ./entitlements/redhat-uep.pem /etc/rhsm/ca/redhat-uep.pem
USER root
RUN yum -y install crontabs && rm /etc/pki/entitlement/*.pem


docker build -t .