Setup: - Created my own CA and entitlement cert. - Created my own SSL certificate for my server and changed apache to use it in ssl.conf. - Configured a repo as being protected by pulp. - Try to sync the repo using the auth credentials. It fails for both yum and grinder. - I can wget the repomd.xml correctly. I suspect this is an issue on how we have httpd configured. This sort of setup works in RHUI 1.2 where we replace ssl.conf with our own file. In Pulp, we're trying to leave that one in place and define our stuff inside of it (in pulp.conf). root@venom rhui-1.2-5Server-i386]# grinder yum --label foo -U https://guardian//pulp/repos/content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os --cacert consumer-rhui-1.2-5Server-i386.ca --cert consumer-rhui-1.2-5Server-i386.cert --key consumer-rhui-1.2-5Server-i386.key grinder.RepoFetch: INFO fetchYumRepo() basepath = ./ grinder.RepoFetch: INFO Fetching repo metadata... grinder.RepoFetch: ERROR Caught exception when trying to fetch content from [https://guardian//pulp/repos/content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os]: Cannot retrieve repository metadata (repomd.xml) for repository: foo. Please verify its path and try again Traceback (most recent call last): File "/usr/bin/grinder", line 23, in <module> GrinderCLI.CLI().main() File "/usr/lib/python2.7/site-packages/grinder/GrinderCLI.py", line 349, in main cmd.main() File "/usr/lib/python2.7/site-packages/grinder/GrinderCLI.py", line 60, in main self._do_command() File "/usr/lib/python2.7/site-packages/grinder/GrinderCLI.py", line 272, in _do_command self.yfetch.fetchYumRepo() File "/usr/lib/python2.7/site-packages/grinder/RepoFetch.py", line 362, in fetchYumRepo self.yumFetch.getRepoData() File "/usr/lib/python2.7/site-packages/grinder/RepoFetch.py", line 140, in getRepoData for ftype in self.getRepoXmlFileTypes(): File "/usr/lib/python2.7/site-packages/grinder/RepoFetch.py", line 125, in getRepoXmlFileTypes return self.repo.repoXML.fileTypes() File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1413, in <lambda> repoXML = property(fget=lambda self: self._getRepoXML(), File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1409, in _getRepoXML raise Errors.RepoError, msg yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: foo. Please verify its path and try again [root@venom rhui-1.2-5Server-i386]# wget https://guardian//pulp/repos/content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os/repodata/repomd.xml --certificate consumer-rhui-1.2-5Server-i386.cert --private-key consumer-rhui-1.2-5Server-i386.key --ca-certificate consumer-rhui-1.2-5Server-i386.ca --2011-04-13 16:58:38-- https://guardian//pulp/repos/content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os/repodata/repomd.xml Resolving guardian... 192.168.0.201 Connecting to guardian|192.168.0.201|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1610 (1.6K) [text/plain] Saving to: “repomd.xml” 100%[==============================================================>] 1,610 --.-K/s in 0s 2011-04-13 16:58:38 (29.2 MB/s) - “repomd.xml” saved [1610/1610] [root@venom rhui-1.2-5Server-i386]# yum repolist Loaded plugins: langpacks, presto, refresh-packagekit Adding en_US to language list https://guardian//pulp/repos/content/dist/rhel/rhui/server/5Server/i386/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection
It turns out there was something wrong with my cert. We're not 100% sure yet of what happened, but it has to do with signing multiple certs from the same CA with the same serial number. Someone in the process is caching this information (yum or httpd) and wasn't allowing the second (different) cert with the same serial number. The fix is to correctly generate certs, maintaining unique serial numbers for a given CA.