Sync errors - RPM1004: Error retrieving metadata: A connection error occurred

Latest response

Hi all.

We are facing connection errors while trying to sync official Red Hat repositories from CDN Redhat!! This problems started to happen suddenly after months running without problems.

Scenario:

Satellite 6.4.2, accessing CDN via proxy, with no SSL Inspection enabled on the environment, we are able to reach cdn but in some way pulp cannot verify SSL server certificate.

Error on pulp log.

Jan 7 11:07:05 satellite pulp: kombu.transport.qpid:INFO: Connected to qpid with SASL mechanism ANONYMOUS
22.164.156.101 - - [07/Jan/2020:11:07:05 -0300] "GET /pulp/api/v2//status HTTP/1.1" 301 - "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
22.164.156.101 - - [07/Jan/2020:11:07:05 -0300] "GET /pulp/api/v2/status/ HTTP/1.1" 200 289 "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
22.164.156.101 - admin [07/Jan/2020:11:07:05 -0300] "GET /pulp/api/v2/users/ HTTP/1.1" 200 140 "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
2020-01-07T11:07:06 [I|kat|8dc65] GET: https://satellite.bs.br.bsch/pulp/api/v2/users/: {"content_type"=>"application/json", "accept"=>"application/json"}
Response: 200: [{"_id": {"$oid": "5c7459c544cf7275a9e83ab8"}, "name": "admin", "roles": ["super-users"], "_ns": "users", "login": "admin", "_href": "/pulp/api/v2/users/admin/"}]
Jan 7 11:07:06 satellite pulp: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._queue_reserved_task[16dd4613-8d18-4fc5-9ff5-c50ff94fd5f7]
Jan 7 11:07:06 satellite pulp: celery.worker.strategy:INFO: Received task: pulp.server.managers.repo.sync.sync[94cd7c5c-076b-4231-9511-b5f12edde3d4]
Jan 7 11:07:06 satellite pulp: celery.app.trace:INFO: [16dd4613] Task pulp.server.async.tasks._queue_reserved_task[16dd4613-8d18-4fc5-9ff5-c50ff94fd5f7] succeeded in 0.019910944975s: Non
e
Jan 7 11:07:06 satellite pulp: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._release_resource[a90ed4a2-306f-487c-ace9-b444ce836a67]
Jan 7 11:07:06 satellite pulp: pulp_rpm.plugins.importers.yum.sync:INFO: [94cd7c5c] Downloading metadata from http://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2.6/
os/.
Jan 7 11:07:06 satellite pulp: requests.packages.urllib3.connectionpool:INFO: Starting new HTTP connection (1): proxy.local
22.164.156.101 - admin [07/Jan/2020:11:07:06 -0300] "GET /pulp/api/v2/events/ HTTP/1.1" 200 289 "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
22.164.156.101 - admin [07/Jan/2020:11:07:06 -0300] "POST /pulp/api/v2/repositories/ee3df060-8f13-418f-a7ca-78847b091fbe/actions/sync/ HTTP/1.1" 202 172 "-" "rest-client/2.0.1 (linux-gnu x86_6
4) ruby/2.4.6p354"
22.164.156.101 - admin [07/Jan/2020:11:07:06 -0300] "GET /pulp/api/v2/tasks/94cd7c5c-076b-4231-9511-b5f12edde3d4/ HTTP/1.1" 200 325 "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
22.164.156.101 - admin [07/Jan/2020:11:07:07 -0300] "GET /pulp/api/v2/tasks/94cd7c5c-076b-4231-9511-b5f12edde3d4/ HTTP/1.1" 200 526 "-" "rest-client/2.0.1 (linux-gnu x86_64) ruby/2.4.6p354"
Jan 7 11:07:08 satellite pulp: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): cdn.redhat.com
Jan 7 11:07:08 satellite pulp: nectar.downloaders.threaded:ERROR: Skipping requests to cdn.redhat.com due to repeated connection failures: [SSL: CERTIFICATE_VERIFY_FAILED] certificate ve
rify failed (_ssl.c:618)

OPENSSL S_CLIENT OUTPUT.

[root@satellite~]# echo | openssl s_client -connect cdn.redhat.com:443 -CAfile /etc/rhsm/ca/redhat-uep.pem
CONNECTED(00000003)
depth=2 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
verify return:1
depth=1 C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
verify return:1
depth=0 C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = cdn.redhat.com
verify return:1


We will be very greatfull if someone can help.

Best regards.

Responses

SOLVED, TKS GOD!!!

Red Hat CDN URL, that is configured in 'Content > Manage Manifest' was like http://cdn.redhat.com , not https://cdn.redhat.com !!!! We've have no ideia who did it, but it was the problem.

Sorry.