Custom Yum Rpm Repo Install

What the Yum Package Installer does

This Automox Worklet™ installs RPM packages from configured yum repositories on Linux endpoints. The Worklet runs immediately upon deployment and installs the specified package using the yum package manager.

You configure the target package by setting the REQUIRED_PKG variable in the remediation script. The Worklet then queries rpm to check if the package is already installed. If not present, it runs yum install with the -y flag for unattended installation.

This approach uses packages from your existing yum repositories, so you do not need to upload package files to Automox. The endpoint pulls packages directly from the configured repository sources.

Why deploy packages through yum repositories

Enterprise Linux environments often require software that does not exist in standard repositories like EPEL, CentOS Base, or vendor channels. Internal applications, proprietary tools, specially compiled packages, and third-party commercial software need installation from custom repositories that you host on internal servers or private cloud storage.

Standard repository configurations only include vendor-provided repos, leaving administrators to manually configure custom repositories on each endpoint. This manual process introduces errors when administrators type URLs incorrectly, forget GPG keys, or misconfigure repository priorities. Inconsistent configurations across your fleet create unpredictable software installation results.

Some software vendors provide RPM packages but do not offer public yum repositories. To use yum for installation and dependency resolution, you must create your own repository, generate metadata with createrepo, and configure endpoints to trust and use this custom repository. This requires repository management knowledge and infrastructure that not all teams have readily available.

Air-gapped and high-security environments cannot access public repositories on the internet. These environments require all software to come from internal repositories behind firewall boundaries. Configuring endpoints to use these internal repositories becomes a critical deployment step that must happen reliably across hundreds or thousands of systems.

How yum package deployment works

1. Evaluation phase: The Worklet immediately exits with code 1 to trigger remediation. This design means the Worklet always attempts installation and relies on the remediation script to check for existing packages.

2. Remediation phase: The Worklet queries rpm -qa to check if the specified package is installed. If not found, it runs yum install with the -y (assume yes) and -q (quiet) flags. After installation, it reports success or failure based on the yum exit code.

Yum package installation requirements

• Linux endpoint with yum package manager (RHEL, CentOS, Fedora, or compatible)

• Repository containing the target package must be configured and enabled

• Network access to the repository servers

• Root or sudo privileges for package installation

• Set REQUIRED_PKG variable in remediation.sh to the package name (example: mod_ssl)

Expected state after package installation

A new repository configuration file is created in /etc/yum.repos.d/ with the name, base URL, and settings you specified in the Worklet parameters. The yum package manager immediately recognizes this repository and includes it in all future package searches and installations.

The endpoint can now install packages from your custom repository using standard yum commands like 'yum install packagename'. The yum dependency resolver checks your custom repository along with standard repositories when looking for packages and their dependencies.

Repository metadata is cached locally on the endpoint according to your repository's metadata_expire setting. The endpoint periodically refreshes this metadata to discover new packages or updated versions available in your repository.

You can verify the repository configuration by running 'yum repolist' or 'yum repoinfo reponame' on the endpoint. The output shows your repository with its URL, status, and package count. Running 'yum search' for packages in your repository returns results, confirming the endpoint can query your repository successfully.

How to validate custom yum rpm repo install changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for custom yum rpm repo install.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as exit, else, then rerun evaluation for compliance.