Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redhat yum repo certificates have expired #279

Open
stuhay opened this issue Oct 7, 2022 · 0 comments
Open

Redhat yum repo certificates have expired #279

stuhay opened this issue Oct 7, 2022 · 0 comments

Comments

@stuhay
Copy link

stuhay commented Oct 7, 2022

Using puppet 6.28 on Redhat 8 within AWS, using the latest version of this module.

When using DNF to install or update packages, we get the following error:

 - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://rhui2-cds01.eu-west-1.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/8/8/x86_64/rh-common/os [SSL certificate problem: certificate has expired]
Error: Failed to download metadata for repo 'rhui-REGION-rhel-server-rh-common': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://rhui2-cds01.eu-west-1.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/8/8/x86_64/rh-common/os [SSL certificate problem: certificate has expired]

This is being caused by the server listed in https://github.com/voxpupuli/puppet-yum/blob/master/data/os/RedHat/RedHat.yaml#L25 having an expired certificate.

Redhat have updated the server list (when not using the module), Redhat have change the Mirror list to
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os

This new server does not have the certificate issue.

It seems like the module needs to update the details in
https://github.com/voxpupuli/puppet-yum/blob/master/data/os/RedHat/RedHat.yaml

How to reproduce (e.g Puppet code you use)

    manage_os_default_repos => true,
    require                 => File['/etc/yum.repos.d'],
    managed_repos           => $_managed_repos,
    repos                   => $_repos,
    config_options          => {
      gpgcheck                     => true,
      assumeyes                    => {
        ensure => 'absent',
      },
      debuglevel                   => {
        ensure => absent,
      },
      installonly_limit            => 3,
      skip_if_unavailable          => 'True',
      clean_requirements_on_remove => 'True',
      best                         => 'True',
    },
    notify                  => Exec['clear yum cache'],
    loglevel                => 'warning',
  }

Run dnf install make

What are you seeing

SSL certificate problem: certificate has expired

What behaviour did you expect instead

No error

Output log

N/A

Any additional information you'd like to impart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stuhay