The mirror.openshift.com change Justin Pierce announced with https://mailman-int.corp.redhat.com/archives/aos-devel/2021-December/msg00145.html changed the authentication method for the RPM mirror, and anything in CI using the openshift-e2e-aws-workers-rhel workflow permanently fails with repoquery's to mirror.openshift.com failing with a 401. The workflow is defined at https://github.com/openshift/release/tree/master/ci-operator/step-registry/openshift/e2e/aws/workers-rhel See https://k8s-testgrid.appspot.com/redhat-openshift-ocp-release-4.10-informing#periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-workers-rhel7 for an example of the recent failures, I learned of this auth change after emailing Justin, who in turn added Patrick Dillon and Jeremiah Stuever since they are listed in https://github.com/openshift/release/blob/master/ci-operator/step-registry/openshift/e2e/aws/workers-rhel/OWNERS The details from Justin on what changes are needed are in that email, but I'll copy/paste those here for convenience.... I picked this BZ component given this step-registry item was introduced with https://issues.redhat.com/browse/CORS-1711 The authentication method for accessing anything under https://mirror.openshift.com/enterprise/* has changed from being certificate based to basic auth. The yum.repo.d configuration file needs to change. [test] name = test baseurl = https://mirror.openshift.com/enterprise/..... enabled = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release gpgcheck = 0 username = .... password = .... I can provide this username and password for you when you are ready if you provide me with a public key. The actual yum configuration file becomes secret at this point unless you somehow dynamically assemble it from other secrets containing just the username and password.
The "I" is "I can provide this username and password for you when you are ready if you provide me with a public key." is Justin Pierce :-)
*** Bug 2035100 has been marked as a duplicate of this bug. ***
Kiran as working on this, but I am setting to blocker- as this affects CI and not the release image.
Yum repo updated for RHEL machines in CI, PR was merged, move bug to verified.
*** Bug 2050170 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069