Hide Forgot
Description of problem: [root@dhcp201-178 ~]# cat /etc/yum.repos.d/rh-cloud.repo | grep -A 15 -i "rhui-rhui-1.2" [rhui-rhui-1.2] name=Red Hat Update Infrastructure 1.2 (RPMs) mirrorlist=https://dhcp201-143.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/5Server/$basearch/rhui/1.2/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/entitlement/ca.crt [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# ls anaconda-ks.cfg install.log install.log.syslog rh-cloud.repo rhel-pnq.repo rh-rhui-rhel6rhui12-2.2-1.el6.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# ll rh-rhui-tools-0.76-1.el5_5.noarch.rpm -rw-r--r--. 1 root root 100913 Jul 2 00:18 rh-rhui-tools-0.76-1.el5_5.noarch.rpm Version-Release number of selected component (if applicable): rhui 2.0.33 pulp - 0.199 How reproducible: remove entitlement certs and trying to download rpms, works Steps to Reproduce: 1. 2. 3. Actual results: protected repos can be fetched without entitlement certs. Expected results: protected repos, shouldn't be downloadable without entitlement certs Additional info:
Also at times it works , but it tries another mirror. I find this strange. [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# cat /etc/yum.repos.d/rhui-load-balancers dhcp201-143.englab.pnq.redhat.com dhcp201-117.englab.pnq.redhat.com
In the earlier comment, I meant. It denies access for one mirror, but it tries another mirror and its able to fetch. Also another observation, Every alternate attempts, it blocks one of them. [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 ./rh-rhui-tools-0.76-1.el5_5.noarch.rpm already exists and appears to be complete [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00 [root@dhcp201-178 ~]# rm -f rh-rhui-tools-0.76-1.el5_5.noarch.rpm [root@dhcp201-178 ~]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-178 ~]# yumdownloader rh-rhui-tools Loaded plugins: rhui-lb https://dhcp201-117.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. rhui-rhui-1.2 | 1.6 kB 00:00 rhui-rhui-1.2/primary | 5.6 kB 00:00 rhui-rhui-1.2 13/13 rh-rhui-tools-0.76-1.el5_5.noarch.rpm | 99 kB 00:00
oh boy.. high priority bug :) Nice catch!!!
It's not exactly related to the mirror. When I turn sslverify to 0, it can connect to both CDS instances equally. Something is wrong with your SSL certificate on one of the CDS instances.
commit c4c4f5a6cb9a1d9fbe2a15b54c182202773026f9 Author: Jay Dobies <jason.dobies> Date: Fri Jul 1 14:04:36 2011 -0400 718287 - Pulp is inconsistent with what it stores in relative URL, so changing from a startswith to a find for the protected repo retrieval. src/pulp/repo_auth/oid_validation.py
Fixed in Pulp 0.201. Be sure to check that syncs from Pulp -> CDS work for protected repos, since they will have been affected too. The auth validation code exists on both places (Pulp and CDS), so I want to make sure the changes didn't secure one area while breaking another.
Now, RH protected repos cannot be downloaded, without entitlement certs [root@dhcp201-188 ~]# yumdownloader rh-rhui-rhui12 Loaded plugins: pulp-profile-update, rhui-lb rhel-pnq | 4.0 kB 00:00 rhel-pnq/primary_db | 3.0 MB 00:00 rhel-pulp | 1.3 kB 00:00 rhel-pulp/primary | 4.5 kB 00:00 rhel-pulp 13/13 https://dhcp201-197.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. https://dhcp201-198.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml: [Errno 14] HTTP Error 401 : https://dhcp201-198.englab.pnq.redhat.com/pulp/repos//content/dist/rhel/rhui/server/5Server/x86_64/rhui/1.2/os/repodata/repomd.xml Trying other mirror. Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhui-1.2. Please verify its path and try again To show that the entitlement certs where not used. [root@dhcp201-188 ~]# cat /etc/yum.repos.d/rh-cloud.repo [rhui-rhui-1.2] name=Red Hat Update Infrastructure 1.2 (RPMs) mirrorlist=https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/5Server/$basearch/rhui/1.2/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/entitlement/ca.crt
moving to release pending
closing out, product released