Description of problem: spacewalk-repo-sync cannot connect over https +IPv6 [BAD], however: spacewalk-repo-sync over https + IPv4 [OK] spacewalk-repo-sync over http + IPv6 [OK] curl over https +IPv6 [OK] Version-Release number of selected component (if applicable): spacewalk-backend-tools-1.7.38-31.el6sat.noarch spacewalk-backend-1.7.38-31.el6sat.noarch m2crypto-0.20.2-9.el6.x86_64 How reproducible: always Steps to Reproduce: 1. prepare ipv6-only kvm guest 2. @guest: create some simple repo, start httpd to publish the repo via http(s) 3. @host: run spacewalk-repo-sync -c myrepo -u https://kvm/myrepo with traceback Actual results: traceback, no connection Expected results: successfull connection Additional info: # curl -k https://kvm/myrepo/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> ... # spacewalk-repo-sync -c myrepo -u http://kvm/myrepo/ Repo URL: http://kvm/myrepo/ Packages in repo: 4 Packages already synced: 0 Packages to sync: 4 1/4 : NetworkManager-openswan-0.8.0-8.el6-0.x86_64 2/4 : NetworkManager-glib-0.8.1-33.el6-1.x86_64 3/4 : NetworkManager-gnome-0.8.1-33.el6-1.x86_64 4/4 : NetworkManager-0.8.1-33.el6-1.x86_64 Repo http://kvm/myrepo/ has 0 errata. Sync completed. Total time: 0:00:24 # spacewalk-repo-sync -c myrepo -u https://kvm/myrepo/ Traceback (most recent call last): File "/usr/bin/spacewalk-repo-sync", line 100, in <module> sys.exit(abs(main() or 0)) File "/usr/bin/spacewalk-repo-sync", line 93, in main sync.sync() File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 100, in sync self.import_packages(plugin, repo_id, url) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 305, in import_packages packages = plug.list_packages(filters) File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/repo_plugins/yum_src.py", line 151, in list_packages self.sack.populate(self.repo, 'metadata', None, 0) File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate if self._check_db_version(repo, mydbtype): File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version return repo._check_db_version(mdtype) File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1256, in _check_db_version repoXML = self.repoXML File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1455, in <lambda> repoXML = property(fget=lambda self: self._getRepoXML(), File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1451, in _getRepoXML raise Errors.RepoError, msg yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: myrepo. Please verify its path and try again
What's happening here is that if you're repo-syncing over https (SSL), pycurl (which is what repo-sync -> yum libs -> urlgrabber use) returns the following error: 'Peer certificate cannot be authenticated with known CA certificates' This error is not properly propagated to spacewalk-repo-sync, or -- if you will -- is being propagated to the user as the traceback shown above. This problem can be fixed with the fix contained in bug #807000 and you'll be able to put the following into your /etc/rhn/spacewalk-repo-sync/yum.conf: [main] ... [myrepo] name=myrepo sslverify=False I think this still needs to be investigated closer (there's perhaps a better solution / fix to the problem here).