search

voxpupuli / puppet-yum

Puppet module for Yum
https://forge.puppet.com/puppet/yum
MIT License
16 stars 101 forks source link

Redhat yum repo certificates have expired #279

Open stuhay opened 2 years ago

stuhay commented 2 years ago

Using puppet 6.28 on Redhat 8 within AWS, using the latest version of this module.

When using DNF to install or update packages, we get the following error:

 - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://rhui2-cds01.eu-west-1.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/8/8/x86_64/rh-common/os [SSL certificate problem: certificate has expired]
Error: Failed to download metadata for repo 'rhui-REGION-rhel-server-rh-common': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://rhui2-cds01.eu-west-1.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/8/8/x86_64/rh-common/os [SSL certificate problem: certificate has expired]

This is being caused by the server listed in https://github.com/voxpupuli/puppet-yum/blob/master/data/os/RedHat/RedHat.yaml#L25 having an expired certificate.

Redhat have updated the server list (when not using the module), Redhat have change the Mirror list to mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os

This new server does not have the certificate issue.

It seems like the module needs to update the details in https://github.com/voxpupuli/puppet-yum/blob/master/data/os/RedHat/RedHat.yaml

How to reproduce (e.g Puppet code you use)

    manage_os_default_repos => true,
    require                 => File['/etc/yum.repos.d'],
    managed_repos           => $_managed_repos,
    repos                   => $_repos,
    config_options          => {
      gpgcheck                     => true,
      assumeyes                    => {
        ensure => 'absent',
      },
      debuglevel                   => {
        ensure => absent,
      },
      installonly_limit            => 3,
      skip_if_unavailable          => 'True',
      clean_requirements_on_remove => 'True',
      best                         => 'True',
    },
    notify                  => Exec['clear yum cache'],
    loglevel                => 'warning',
  }

Run dnf install make

What are you seeing

SSL certificate problem: certificate has expired

What behaviour did you expect instead

No error

Output log

N/A

Any additional information you'd like to impart