Open cloudmatt opened 8 months ago
The reason that changing the mirrorlist entry doesn't help is that the content at the location it references is itself a URL, and it will also be relative to the dualstack endpoints.
In order to work around the behavior you're seeing, you'll need to hardcode the baseurl value instead of the mirrorlist. You can find the baseurl value with dnf repolist -v
. Be aware that the GUID references a specific version of the repository, though, so you'll need to update it any time you want to point to a new AL2023 release.
What's actually happening in your case is that the VPC DNS server overrides the IPv4-only S3 endpoint DNS names, but does not override the corresponding dualstack name. I don't know why that is and we'll need to chase that down with the right team internally. I don't think there's anything we can do to make this work by default within the distro, since we explicitly want to default to using the dualstack endpoints for our repositories.
Describe the bug
I have a freshly deployed Amazon Linux 2023 instance that is placed in a VPC without direct internet access. The VPC has the s3 endpoint enabled with private DNS which should allow me to update this instance but whenever the
yum update
command is ran, it attempts to resolve a DNS record for a public facing IP address.To Reproduce
yum literallyanything
Expected behavior I should be able to use a private s3 endpoint without internet access to download updates from the mirror.
Screenshots
Desktop (please complete the following information):
Additional context Even when hardcoding the mirrorlist to use the ipv4 private vpc endpoint, when it retrieves the list it always attempts to connect out to the public IP addressed mirror. As you can see in the text box up there, even when hardcoding the URL to not include the
.dualstack
URL component, it's still being retrieved by something in the repolist