Git Product home page Git Product logo

yum-gs-iam's Introduction

yum-gs-iam

This is a yum plugin that allows for private Google Cloud Storage buckets to be used as package repositories. The plugin utilizes Google's Cloud Identity and Access Management (IAM) for authorization.

How to set it up

Setup the repository

You should be familiar with how yum works in general.

  • If you want to use an internal Google Cloud Storage bucket to host an internal mirror of a public repository (e.g. CentOS Core, EPEL, ...), simply rsync the repository to a local temp directory (check out Create Local Mirrors for Updates and Installs) and then use gsutil's rsync to push it to your bucket.

  • If you want to create an internal repository for internal packages use createrepo to create a repository in a local temp directory and push it to the bucket using gsutil or what ever other mechanism you like.

Permission the bucket to be readable by all service accounts that you want to have access. If the machines accessing the yum repository are running inside of Googles Compute Engine and your setup is not very complicated, you probably want to give read permissions to the Compute Engine default service account.

Install the plugin

Generate a RPM for the plugin. If you have Docker running, simply run ./make_rpm_docker.sh. If you don't run Docker, you can make the rpm by running:

sudo yum groupinstall -y 'Development Tools'
sudo yum install -y ruby-devel tar wget rpm which
sudo gem install fpm
./make_rpm.sh

This will place the plugin rpm in your current directory.

Now you can install the plugin on the machines that need access to the repo by:

  1. Install Google's Cloud Storage python library, pip install --upgrade google-cloud-storage
  2. Install the plugin, e.g.: yum install -y yum-plugin-gs-iam-*.rpm
  3. The plugin depends on the google cloud and auth python libraries being installed pip install google.auth google.cloud

You are ready to configure your .repo file, check out the example.repo.

In short, the baseurl parameter in your .repo file is expected to be in the format: gs://<bucket>/<path to repo> where <path to repo> is optional.

This plugin uses the Google Application Default Credentials. This means, if you are running in GCE and your machine service account it read permissioned, you will not have to supply any credentials in your .repo file.

yum-gs-iam's People

Contributors

fabianmenges avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.