- Posted In
- Red Hat Enterprise Linux Atomic Host
I periodically sync RHEL repos along with RHEL Atomic Host repo and I have an issue syncing rhel-atomic-host-rpms repo lately. The last time this operation worked for me was mid October 2018 with RHEL 7.5
All other repos I sync except this one work - rhel-7-server-rpms, rhel-7-server-optional-rpms, rhel-server-rhscl-7-rpms, rhel-7-server-extras-rpms.
I would appreciate any suggestions on this issue.
The first thing I have noticed is that adding the atomic host repo is ignored, while other repos get listed when listing all available repos.
$ yum-config-manager --enable rhel-atomic-host-rpms
While running above command does not throw any error, checking all available repos with
yum repolist all does not list atomic host repo at all.
Tried to add the associated to rhel-atomic-host-rpms repo URL, however, this did not work well:
$ yum-config-manager --add-repo https://cdn.redhat.com/content/dist/rhel/atomic/7/Server/x86_64/os
adding repo from: https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/noarchx86_64/os
name=added from: https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/noarchx86_64/os
$ reposync -g -n -r cdn.redhat.com_content_dist_rhel_atomic_7_7Server_noarchx86_64_os -p /repos/rhel/7.6
2018-12-17 11:04:58,489 attempt 1/10: https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/noarchx86_64/os/repodata/repomd.xml
2018-12-17 11:04:58,490 opening local file "/var/cache/yum/x86_64/7Server/cdn.redhat.com_content_dist_rhel_atomic_7_7Server_noarchx86_64_os/repomd7WMDWItmp.xml" with mode wb
* About to connect() to cdn.redhat.com port 443 (#7)
* Trying 126.96.36.199...
* Connected to cdn.redhat.com (188.8.131.52) port 443 (#7)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* Server certificate:
* subject: CN=cdn.redhat.com,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* start date: Nov 06 14:18:27 2018 GMT
* expire date: Nov 05 14:18:27 2020 GMT
* common name: cdn.redhat.com
* issuer: Efirstname.lastname@example.org,CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 7
2018-12-17 11:04:58,582 exception: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
2018-12-17 11:04:58,582 retrycode (14) not in list [-1, 2, 4, 5, 6, 7], re-raising
2018-12-17 11:04:58,582 MIRROR: failed
2018-12-17 11:04:58,582 GR mirrors:  0
2018-12-17 11:04:58,583 MAIN mirrors: [https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/noarchx86_64/os/] 0
Error setting up repositories: failure: repodata/repomd.xml from cdn.redhat.com_content_dist_rhel_atomic_7_7Server_noarchx86_64_os: [Errno 256] No more mirrors to try.
https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/noarchx86_64/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
Disabling certificate check gives me 403 error:
yum.Errors.NoMoreMirrorsRepoError: failure: repodata/repomd.xml from cdn.redhat.com_content_dist_rhel_atomic_7_Server_x86_64_os: [Errno 256] No more mirrors to try.
https://cdn.redhat.com/content/dist/rhel/atomic/7/Server/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden