search

RedHatEMEA / demobuilder

GNU General Public License v3.0
29 stars 37 forks source link

rhel-server-7:gui:ose-3.2 cert error #158

Open jedrington opened 8 years ago

jedrington commented 8 years ago

yum errors with a certificate error "Peer's Certificate issuer is not recognized." on the rhel-server-7:gui:ose-3.2 build.

It appears this may be related to having two separate register_channels commands in https://github.com/RedHatEMEA/demobuilder/blob/master/layers/rhel-server-7:gui:ose-3.2/%40target/install#L7-L8. When I combine them as a single line, I don't get the error anymore.

Debug output:

Sat Jun 18 14:09:11 2016: rhel-server-7:gui:ose-3.2: + yum_install atomic-openshift bind-utils docker lsof openshift-ansible-playbooks PyPAM net-tools nmap-ncat strace tcpdump unzip Sat Jun 18 14:09:11 2016: rhel-server-7:gui:ose-3.2: + '[' -x /usr/bin/dnf ']' Sat Jun 18 14:09:11 2016: rhel-server-7:gui:ose-3.2: + PYTHONUNBUFFERED=1 Sat Jun 18 14:09:11 2016: rhel-server-7:gui:ose-3.2: + /usr/bin/yum -y install atomic-openshift bind-utils docker lsof openshift-ansible-playbooks PyPAM net-tools nmap-ncat strace tcpdump unzip Sat Jun 18 14:09:12 2016: rhel-server-7:gui:ose-3.2: Loaded plugins: product-id, search-disabled-repos, subscription-manager Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Trying other mirror. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: It was impossible to connect to the Red Hat servers. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: This could mean a connectivity issue in your environment, such as the requirement to configure a proxy, Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: or a transparent proxy that tampers with TLS security, or an incorrect system clock. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Please collect information about the specific failure that occurs in your environment, Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: using the instructions in: https://access.redhat.com/solutions/1527033 and open a ticket with Red Hat Support. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: One of the configured repositories failed (Red Hat Enterprise Linux 7 Server - Extras (RPMs)), Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: and yum doesn't have enough cached data to continue. At this point the only Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: safe thing yum can do is fail. There are a few ways to work "fix" this: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: 1. Contact the upstream for the repository and get them to fix the problem. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: 2. Reconfigure the baseurl/etc. for the repository, to point to a working Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: upstream. This is most often useful if you are using a newer Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: distribution release than is supported by the repository (and the Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: packages for the previous distribution release still work). Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: 3. Disable the repository, so yum won't use it by default. Yum will then Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: just ignore the repository until you permanently enable it again or use Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: --enablerepo for temporary usage: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: yum-config-manager --disable rhel-7-server-extras-rpms Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: 4. Configure the failing repository to be skipped, if it is unavailable. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Note that yum will try to contact the repo. when it runs most commands, Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: so will have to try and fail each time (and thus. yum will be be much Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: slower). If it is a very temporary problem though, this is often a nice Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: compromise: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: yum-config-manager --save --setopt=rhel-7-server-extras-rpms.skip_if_unavailable=true Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: failure: repodata/repomd.xml from rhel-7-server-extras-rpms: [Errno 256] No more mirrors to try. Sat Jun 18 14:09:14 2016: rhel-server-7:gui:ose-3.2: https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."