Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Update expired RHUI client certificate before installing any RHEL packages #2995

Closed
7 of 18 tasks
przemyslavic opened this issue Feb 28, 2022 · 0 comments
Closed
7 of 18 tasks
Assignees
Labels

Comments

@przemyslavic
Copy link
Collaborator

przemyslavic commented Feb 28, 2022

Describe the bug
When using an older RHEL VM image one may experience connectivity issues to RHUI due to a now-expired TLS/SSL client certificate:
SSL peer rejected your certificate as expired.
Link to the issue: https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-rhui#update-expired-rhui-client-certificate-on-a-vm

The fix has already been implemented in download-requirements script, however it has to be applied before installing packages for repository.

2022-02-28T11:43:06.2301154Z �[38;21m11:43:06 INFO cli.src.ansible.AnsibleCommand - TASK [repository : Install RedHat family packages for repository to work] ******�[0m
2022-02-28T11:43:09.8665633Z �[31;21m11:43:09 ERROR cli.src.ansible.AnsibleCommand - FAILED - RETRYING: [ci-devazurrhelflannel-repository-vm-0]: Install RedHat family packages for repository to work (3 retries left).�[0m
2022-02-28T11:43:12.4378634Z �[31;21m11:43:12 ERROR cli.src.ansible.AnsibleCommand - FAILED - RETRYING: [ci-devazurrhelflannel-repository-vm-0]: Install RedHat family packages for repository to work (2 retries left).�[0m
2022-02-28T11:43:14.9752737Z �[31;21m11:43:14 ERROR cli.src.ansible.AnsibleCommand - FAILED - RETRYING: [ci-devazurrhelflannel-repository-vm-0]: Install RedHat family packages for repository to work (1 retries left).�[0m
2022-02-28T11:43:17.5086048Z �[31;21m11:43:17 ERROR cli.src.ansible.AnsibleCommand - fatal: [ci-devazurrhelflannel-repository-vm-0]: FAILED! => {"attempts": 3, "changed": false, "msg": "Failure talking to yum: failure: repodata/repomd.xml from rhui-rhel-7-server-dotnet-rhui-rpms: [Errno 256] No more mirrors to try.\nhttps://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/os/repodata/repomd.xml: [Errno 14] curl#58 - \"SSL peer rejected your certificate as expired.\"\nhttps://rhui-2.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/os/repodata/repomd.xml: [Errno 14] curl#58 - \"SSL peer rejected your certificate as expired.\"\nhttps://rhui-3.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/os/repodata/repomd.xml: [Errno 14] curl#58 - \"SSL peer rejected your certificate as expired.\""}�[0m
2022-02-28T11:43:17.5101825Z �[38;21m11:43:17 INFO cli.src.ansible.AnsibleCommand - �[0m

How to reproduce
Steps to reproduce the behavior:

  1. execute epicli apply to deploy a repository vm

VM image spec:

    publisher: RedHat
    offer: RHEL
    sku: 7-LVM
    version: "7.9.2020111202"

Expected behavior
Epirepo should be set up with no issues.

Environment

  • Cloud provider: [Azure]
  • OS: [RHEL 7.9]

epicli version: [2.0.0dev]


DoD checklist

  • Changelog
    • updated
    • not needed
  • COMPONENTS.md
    • updated
    • not needed
  • Schema
    • updated
    • not needed
  • Backport tasks
    • created
    • not needed
  • Documentation
    • added
    • updated
    • not needed
  • Feature has automated tests
  • Automated tests passed (QA pipelines)
    • apply
    • upgrade
    • backup/restore
  • Idempotency tested
  • All conversations in PR resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants