How-To – Use YUM installer in containers

Using a RHEL base image, you’ll just use yum the “usual” way in installing packages for your container.

Though containers should be small and only contain the really necessary packages, there are some best-practices.

  1. Enable only the necessary repositories.
    yum install -y –disablerepo=”*” –enablerepo=”…” …
    Inside a RHEL7 container, subscription-manager is disabled. But on the host system check with: subscription-manager repos –list-enabled
  2. Don’t install documentation with your packages, because you might not need it and it just consumes space
    yum install/update –setopt=tsflags=nodocs …
  3. Check if it makes sense for you to use “delta rpm” https://www.certdepot.net/rhel7-get-started-delta-rpms/
    It is so far only available for rhel-7-server-rpms:
    yum install -y –setopt=tsflags=nodocs –disablerepo=”*” –enablerepo=”rhel-7-server-rpms” deltarpm
  4. Change your yum repository settings for further commands permanently. So for example only get security updates for rhel7 server rpms
    RUN yum install -y –setopt=tsflags=nodocs –disablerepo=”*” –enablerepo=”rhel-7-server-rpms” yum-utils  && \
    yum-config-manager –disable “*” && \
    yum-config-manager –enable rhel-7-server-rpms && \
    yum update -y –setopt=tsflags=nodocs && \
  5. Use provided PGP Keys (check /etc/pki/rpm-gpg)

    rpm –import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \

    && rpm –import http://… \
    ,,,,
  6. How to enable EPEL

    rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
    && rpm –import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
    && yum install -y –enablerepo=epel …
  7. yum clean all at the end

    && yum clean all