Problem scenario
You have a Bash script that cannot be modified that runs yum commands. The script runs on a RedHat distribution of Linux and uses URLs with SSL (e.g., https://continualintegration.com). The script expects a yum repository to be set up at this URL. This script must run without access to the Internet due to enterprise security policies. What do you do if you are behind enough security to not need SSL to be set up properly (given that you have no Internet access) and need to get the script to work immediately?
Solution
Mirror the URL resources on a server internally, and intentionally "spoof" the IP address to point DNS records for the URL to that internal yum server.
1. Go to the server that will run the script and change the /etc/hosts file so the FQDN of the URL will map to the IP address of the internal server. For example, the /etc/hosts file of the server that will run the script should have an entry like this (assuming the script refers to https://continualintegration.com and the internal server that will serve as https://continualintegration.com is at 123.123.123.123):
123.123.123.123 continualintegration.com
The steps will keep referring to 123.123.123.123 as the IP address of your internal yum repository server.
2. Go to the yum repository server at 123.123.123.123. Install Apache httpd server on this server. Modify the httpd.conf file (find it with this command "find / -name httpd.conf"). Search for the word "DocumentRoot" in httpd.conf to change instances of the default "/var/www/html" path to the path of the .rpms.
3. Transfer the .rpms from the server on the Internet to the yum repository server at 123.123.123.123. The destination directory should be the one you configured in the step above. Start the Apache server (e.g., "apachectl start").
4. Install createrepo on the 123.123.123.123 server if it has not been installed. Use this command to configure the directory with .rpms to be a yum repository: createrepo /path/to/rpms/
The above command will create a "repodata" directory in the directory you specified. The command will also create a repomd.xml file in that "repodata" subdirectory. These things allow the yum repository to work.
5. Set up SSL on this yum repository server at 123.123.123.123. Use this command: yum install mod_ssl
For further configuration details of SSL, see this link.
6. On the server that will run the script, modify the /etc/yum.conf file. Add this entry as the lowest stanza in the [main] section: sslverify=false
(This is not a best practice. But behind a firewall that blocks Internet access, it is a configuration that some Linux administrators use without too much risk.)
7. Now you should be able to run the script. The resolution of the FQDN of the URL should be to this new yum repository on your server. The script will never know it did not use the real server on the Internet.
For more information about configuring yum clients see this external link. It has details about retrieving RPMs for specific sources with SSL.