| Summary: | RH protected repos can be downloaded, without entitlement certs | ||
|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Kedar Bidarkar <kbidarka> |
| Component: | Tools | Assignee: | Jay Dobies <jason.dobies> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
| Severity: | urgent | Docs Contact: | |
| Priority: | high | ||
| Version: | 2.0 | CC: | kbidarka, sghai, tsanders |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-31 12:58:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Kedar Bidarkar
2011-07-01 16:57:44 UTC
Also at times it works , but it tries another mirror. I find this strange. [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# cat /etc/yum.repos.d/rhui-load-balancers dhcp201-143.englab.pnq.redhat.com dhcp201-117.englab.pnq.redhat.com In the earlier comment, I meant. It denies access for one mirror, but it tries another mirror and its able to fetch. Also another observation, Every alternate attempts, it blocks one of them. [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 ./rh-rhui-tools-0.76-1.el5_5.noarch.rpm already exists and appears to be complete [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 oh boy.. high priority bug :) Nice catch!!! It's not exactly related to the mirror. When I turn sslverify to 0, it can connect to both CDS instances equally. Something is wrong with your SSL certificate on one of the CDS instances. commit c4c4f5a6cb9a1d9fbe2a15b54c182202773026f9
Author: Jay Dobies <jason.dobies>
Date: Fri Jul 1 14:04:36 2011 -0400
718287 - Pulp is inconsistent with what it stores in relative URL, so
changing from a startswith to a find for the protected repo retrieval.
src/pulp/repo_auth/oid_validation.py
Fixed in Pulp 0.201. Be sure to check that syncs from Pulp -> CDS work for protected repos, since they will have been affected too. The auth validation code exists on both places (Pulp and CDS), so I want to make sure the changes didn't secure one area while breaking another. Now, RH protected repos cannot be downloaded, without entitlement certs [root@dhcp201-188 ~]# yumdownloader rh-rhui-rhui12 Loaded plugins: pulp-profile-update, rhui-lb rhel-pnq | 4.0 kB 00:00 rhel-pnq/primary_db | 3.0 MB 00:00 rhel-pulp | 1.3 kB 00:00 rhel-pulp/primary | 4.5 kB 00:00 rhel-pulp 13/13 https://dhcp201-197.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. https://dhcp201-198.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] HTTP Error 401 : https://dhcp201-198.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml Trying other mirror. Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhui-1.2. Please verify its path and try again To show that the entitlement certs where not used. [root@dhcp201-188 ~]# cat /etc/yum.repos.d/rh-cloud.repo [rhui-rhui-1.2] name=Red Hat Update Infrastructure 1.2 (RPMs) mirrorlist=https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/5Server/$basearch/rhui/1.2/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/entitlement/ca.crt moving to release pending closing out, product released |