[Spacewalk-list] RHEL repo sync error - CURL #60

Matt Moldvan matt at moldvan.com
Tue Oct 9 16:46:27 UTC 2018 

No, unfortunately, I gave up on trying a long time ago, as it seemed like a
very hokey approach to first sync using reposync on additional VMs, run
createrepo, then add those as channels in Spacewalk.  Due to that and other
cost saving initiatives, I gave up and changed our infrastructure to avoid
using RHEL as much as possible in favor of CentOS...

On Tue, Oct 9, 2018 at 11:55 AM Raymond Setchfield <
raymond.setchfield at gmail.com> wrote:

> Have you got this working, Matt?
>
> On 9 Oct 2018, at 16:21, Matt Moldvan <matt at moldvan.com> wrote:
>
> Oops, looks like my replies weren't making it to the mailing list (forgot
> to change the "From" option).
>
> Anyway, I intended to reply to the list and not just Robert...
>
> On Tue, Oct 9, 2018 at 11:18 AM Matt Moldvan <sandwormusmc at gmail.com>
> wrote:
>
>> Yeah, makes sense.  My point was that Red Hat expecting this to be done
>> by it's customers is silly and they shouldn't be using self signed certs in
>> the path and making their customers do extra work...
>>
>> On Tue, Oct 9, 2018 at 9:50 AM Robert Paschedag <robert.paschedag at web.de>
>> wrote:
>>
>>> Am 9. Oktober 2018 15:24:55 MESZ schrieb sandwormusmc <
>>> sandwormusmc at gmail.com>:
>>> >Looks like an issue Red Hat should fix, too be honest.  While you could
>>> >pull the CA cert of the issuer and import it, I get an invalid issuer
>>> >error when I pull up that URL in my browser, too.  So updating your CA
>>> >certs may not help either (unless Red Hat provides the root cert for
>>> >whomever generated the cert for cdn.redhat.com).
>>> >If you have a Red Hat support contract, I would open a ticket with this
>>> >information and ask for their input.
>>> >
>>> >
>>> >Sent from my Verizon, Samsung Galaxy smartphone
>>> >-------- Original message --------From: "Irwin, Jeffrey"
>>> ><Jeffrey.Irwin at rivertechllc.com> Date: 10/9/18  8:46 AM  (GMT-05:00)
>>> >To: Robert Paschedag <robert.paschedag at web.de>,
>>> >spacewalk-list at redhat.com Subject: Re: [Spacewalk-list] RHEL repo sync
>>> >error - CURL #60
>>> >I have tried this with a local mirror repo......no dice, tried it with
>>> >subscribed RHEL repo, no dice, trying to track this pesky cert issue.
>>> >Will check out the man page and see, would be nice to see a more
>>> >verbose indication of what cert it is trying to use, where it is, etc..
>>> >________________________________________
>>> >From: Robert Paschedag <robert.paschedag at web.de>
>>> >Sent: Tuesday, October 9, 2018 8:41 AM
>>> >To: spacewalk-list at redhat.com; Irwin, Jeffrey;
>>> >spacewalk-list at redhat.com
>>> >Subject: Re: [Spacewalk-list] RHEL repo sync error - CURL #60
>>> >
>>> >Am 9. Oktober 2018 14:04:25 MESZ schrieb "Irwin, Jeffrey"
>>> ><Jeffrey.Irwin at rivertechllc.com>:
>>> >>?Same issue I ma having, interested to see the solution.
>>> >
>>> >I think manpage of update-ca-certificates should help.
>>> >
>>> >Get the issuer cert, update the local CA certs and it should run (in
>>> >case, there is no new rpm which updates the certs)
>>> >
>>> >Robert
>>> >>
>>> >>________________________________
>>> >>From: spacewalk-list-bounces at redhat.com
>>> >><spacewalk-list-bounces at redhat.com> on behalf of Raymond Setchfield
>>> >><raymond.setchfield at gmail.com>
>>> >>Sent: Monday, October 8, 2018 6:47 AM
>>> >>To: spacewalk-list at redhat.com
>>> >>Subject: [Spacewalk-list] RHEL repo sync error - CURL #60
>>> >>
>>> >>Hi
>>> >>
>>> >>I have been attempting to pull the RHEL updates into spacewalk, and I
>>> >>am receiving the following error;
>>> >>
>>> >># spacewalk-repo-sync -c rhel07-update
>>> >>11:44:03 ======================================
>>> >>11:44:03 | Channel: rhel07-update
>>> >>11:44:03 ======================================
>>> >>11:44:03 Sync of channel started.
>>> >>11:44:03
>>> >>11:44:03   Processing repository with URL:
>>> >>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
>>> >>Repository group_spacewalkproject-java-packages is listed more than
>>> >>once in the configuration
>>> >>11:44:03 ERROR: failure: repodata/repomd.xml from rhel07-update.repo:
>>> >>[Errno 256] No more mirrors to try.
>>> >>
>>> https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml
>>> :
>>> >>[Errno 14] curl#60 - "Peer's certificate issuer has been marked as not
>>> >>trusted by the user."
>>> >>11:44:03 Sync of channel completed in 0:00:00.
>>> >>11:44:03 Total time: 0:00:00
>>> >>
>>> >>Looking into this it appears to be a certificate issue from what I can
>>> >>gather. My assumption is to use the "redhat-uep.pem" Is this correct?
>>> >>If so where do I place this to allow the curl to work? Or am I off in
>>> >>the wrong direction
>>> >>
>>> >>Thanks
>>> >>
>>> >>Ray
>>> >
>>> >
>>> >--
>>> >sent from my mobile device
>>> >
>>> >_______________________________________________
>>> >Spacewalk-list mailing list
>>> >Spacewalk-list at redhat.com
>>> >https://www.redhat.com/mailman/listinfo/spacewalk-list
>>>
>>> There is a self signed cert within the SSL path, which does not seem to
>>> be on your cert parts.
>>>
>>> So download the certs via the browser (export root ca and intermediate
>>> cas), put the in the "anchors" directory  (where update-ca-trust or
>>> update-ca-certificates wants them to be), update the certs... Then try
>>> again.
>>>
>>> Robert
>>> --
>>> sent from my mobile device
>>>
>> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20181009/a5c20d5d/attachment.htm>

More information about the Spacewalk-list mailing list