How to Set Up a Local Yum/DNF Repository on RHEL 10 for Efficient Package Management

Managing multiple Red Hat Enterprise Linux (RHEL) 10 servers in production environments demands a robust and reliable solution for package management. Setting up a local Yum/DNF repository using the official RHEL 10 ISO and serving it over HTTP ensures faster deployments, bandwidth savings, and consistent package availability, especially in air-gapped or restricted networks. This tutorial delves into creating such a localized repository step-by-step, with practical insights from a senior Linux administrator’s perspective. By the end, you’ll understand how to not only build the repository but also share it efficiently on your network, allowing clients to install and update packages without relying on external Red Hat repositories.

Why Create a Local Yum/DNF Repository on RHEL 10?

In enterprise environments, depending solely on remote repositories can introduce latency, network bottlenecks, or even outages due to external connectivity issues. A local Yum/DNF repository removes these dependencies by hosting RPM packages within your network. This setup provides:

• Availability in isolated networks: Ideal for secure environments that disallow internet access.
• Bandwidth optimization: Avoids multiple downloads of the same packages by different systems.
• Consistent package versions: Ensures all servers run identical software versions, reducing configuration drift.
• Faster patching and installs: Local access significantly speeds up software deployment and maintenance.
• Centralized control: Helps you curate and control what packages are available.

In RHEL 10, you primarily deal with two repositories:

• BaseOS: Contains core OS packages essential for system operation.
• Application Stream (AppStream): Holds additional application software, development tools, and multiple versions of runtime languages and databases.

The official RHEL ISO includes both repositories, making it a perfect source for building a local repo.

Step-by-Step Guide to Setting Up Local Yum/DNF Repository on RHEL 10

Let’s walk through the actual commands and procedures to get your local repository up and running.

1. Mount the RHEL 10 ISO Image

First, attach and mount your RHEL 10 ISO to a mount point, typically /mnt. This exposes the ISO content without extracting it.

sudo mount -o loop rhel-10.0-x86_64-dvd.iso /mnt

This command mounts the ISO file using the loop option, which allows a file system image to be mounted as a block device. In many virtualized setups, the ISO might be exposed via a device like /dev/sr0 rather than a file; you can mount it similarly:

sudo mount /dev/sr0 /mnt

Mounting the ISO gives access to the BaseOS and AppStream directories needed to create the repository.

2. Organize the Repository Files Locally

Next, create a directory to store your local repository RPM packages under a web server’s root directory, often /var/www/html, which is the default document root for Apache HTTP Server.

sudo mkdir -p /var/www/html/rhel10-repo

Copy both BaseOS and AppStream directories from the mounted ISO to this newly created directory. This provides an accessible location for clients over HTTP.

sudo cp -av /mnt/BaseOS/ /var/www/html/rhel10-repo/

sudo cp -av /mnt/AppStream/ /var/www/html/rhel10-repo/

The -a flag preserves file attributes and directory structure, while -v gives verbose output, helping verify the copy process.

3. Generate Repository Metadata with createrepo_c

The createrepo_c tool generates XML metadata files that Yum/DNF consults to perform package management operations.

sudo dnf install createrepo_c -y

Once installed, run it on both the BaseOS and AppStream directories to create the repository metadata.

sudo createrepo /var/www/html/rhel10-repo/BaseOS/

sudo createrepo /var/www/html/rhel10-repo/AppStream/

If you add/update packages later, update the repository metadata with:

sudo createrepo --update /var/www/html/rhel10-repo/BaseOS/

sudo createrepo --update /var/www/html/rhel10-repo/AppStream/

Generating metadata is critical because DNF uses it to identify package differences, dependencies, and available versions.

4. Install and Configure Apache HTTP Server

To serve your repository over the network, install Apache HTTP server.

sudo dnf install httpd -y

Then enable and start the service so it autostarts after system reboots.

sudo systemctl enable --now httpd

Allow HTTP traffic through the firewall for clients to access the repo.

sudo firewall-cmd --add-service=http --permanent

sudo firewall-cmd --reload

Verify repository accessibility by browsing to http://<your-server-ip>/rhel10-repo/. You should see directories and files list, indicating the repo is being served correctly.

5. Configure Client Machines to Use the Local Repo

On each RHEL 10 client, create a Yum repository file pointing to your new web-hosted repo URLs. Replace 192.168.1.36 with your actual repository server’s IP address or hostname.

sudo tee /etc/yum.repos.d/rhel10-local.repo < 
Disabling subscription-manager plugin on clients prevents conflicts with Red Hat’s official repositories:
 
sudo subscription-manager unregister

sudo sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/subscription-manager.conf

 
Finally, refresh the package cache:
 
sudo dnf clean all

sudo dnf makecache

 
Now test by listing available repositories and installing a package like telnet:
 
sudo dnf repolist

repo id               repo name
local-BaseOS          Local RHEL10 BaseOS
local-AppStream       Local RHEL10 AppStream

sudo dnf install telnet -y

Dependencies resolved.
================================================================================
 Package           Arch      Version            Repository        Size
================================================================================
Installing:
 telnet            x86_64    0.17-62.el10       local-AppStream   70 k

Transaction Summary
================================================================================
Install 1 Package

Total download size: 70 k
Installed size: 120 k
Downloading Packages:
telnet-0.17-62.el10.x86_64.rpm                        95 kB/s |  70 kB     00:00
--------------------------------------------------------------------------------
Total                                              102 kB/s |  70 kB     00:00
Running transaction
  Preparing        :                                                        1/1
  Installing       : telnet-0.17-62.el10.x86_64                              1/1
  Verifying        : telnet-0.17-62.el10.x86_64                              1/1

Installed:
  telnet-0.17-62.el10.x86_64

 
This confirms the client is fetching packages from your local repository.
 
Best Practices for Managing Local Yum/DNF Repositories
 
While setting up a local repository is straightforward, enterprise-grade environments demand additional considerations:
 
 
Automate Metadata Updates: If your repo gets periodic updates beyond the initial ISO, use cron jobs or Ansible playbooks to automate createrepo --update to keep metadata current.
 
Use GPG Signing: For security, sign your RPMs and enable gpgcheck=1 in repo files. This protects against tampering and verifies package integrity. It’s easy to skip this in labs, but production needs secure repos.
 
Secure Access: Consider restricting Apache access with firewalls or HTTP authentication if sensitivity or compliance demands.
 
Mirror Upstream Repos When Possible: In environments with internet access, mirroring Red Hat repos can provide more up-to-date packages than static ISOs.
 
Monitor Repo Disk Usage: RPMs consume storage; regularly prune unused packages or archive older repos.
 
 
In practice, a local repo setup often integrates into larger automation pipelines, reducing manual intervention while ensuring smooth updates across fleet nodes.
 
Troubleshooting Scenario: Resolving Metadata Parse Errors
 
A common hiccup I’ve encountered is the repomd.xml parser error, often arising when the metadata is corrupt or missing. For instance, after copying ISO content and running DNF commands on clients, you might see:
 
yum repolist

Error: Failed to download metadata for repo ‘Local-BaseOS’: repomd.xml parser error: Parse error at line: 1 (Extra content at the end of the document)

 
This typically means either the repository metadata is incomplete or the web server serves unexpected content (like an autoindex HTML instead of XML). To fix it, I usually:
 
 
Verify that createrepo ran successfully and metadata files exist under the repo directories.
 
Check the Apache document root corresponds exactly to the copied directories without extra HTML files preempting it.
 
Remount the ISO to rule out corrupted mounts if copying from the ISO device.
 
Verify firewall and SELinux aren’t blocking HTTP access or file reads.
 
 
Once these checks pass, running sudo createrepo --update again and refreshing client caches fixes the error promptly.
 
Conclusion
 
Setting up a local Yum/DNF repository on RHEL 10 using the official ISO and Apache HTTP server is a pragmatic solution for enterprise Linux administrators managing systems in isolated, secure, or bandwidth-sensitive environments. This method not only ensures quick and reliable package availability but also grants fine-grained control over the software distributed across your infrastructure. Remember to update your repo metadata regularly, secure your HTTP server, and tune client configurations to avoid conflicts with subscription management tools. With these steps mastered, you’ll significantly improve your infrastructure's resilience, predictability, and performance regarding package management.