I just installed the peel repo on a RedHat Ent 6.1 system using the following command…
su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rp...'
Now when I query yum I get the following error message...
Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
The repo file seem good to me…
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
But now this is breaking a number of package installed in puppet. I Googled this error, but the consensus seems to be to just disable the repo, which doesn’t really address the problem.
Does anyone have a clue as to why this is happening?
Thanks, James "Zeke" Dehnert
-- James "Zeke" Dehnert Phone:(707) 588 8554 Cell: (707) 479 8542 -=# Eschew Obfuscation #=- mailto:jdehnert@dehnert.com
Thanks, James "Zeke" Dehnert -- mailto:jdehnert@dehnert.com James "Zeke" Dehnert Phone: 707 588 8554 -= Eschew Obfuscation =- "Life is racing. Everything else is just waiting"
I just installed the peel repo on a RedHat Ent 6.1 system using the following command…
su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rp...'
Now when I query yum I get the following error message...
Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
The repo file seem good to me…
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
But now this is breaking a number of package installed in puppet. I Googled this error, but the consensus seems to be to just disable the repo, which doesn’t really address the problem.
Does anyone have a clue as to why this is happening?
Thanks, James "Zeke" Dehnert
-- James "Zeke" Dehnert Phone:(707) 588 8554 Cell: (707) 479 8542 -=# Eschew Obfuscation #=- mailto:jdehnert@dehnert.com
On Wed, 17 Oct 2012 16:04:53 -0700 James P Dehnert Sr jdehnert@dehnert.com wrote:
I just installed the peel repo on a RedHat Ent 6.1 system using the following command…
su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rp...'
Now when I query yum I get the following error message...
Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
The repo file seem good to me…
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
But now this is breaking a number of package installed in puppet. I Googled this error, but the consensus seems to be to just disable the repo, which doesn’t really address the problem.
Does anyone have a clue as to why this is happening?
Do a:
URLGRABBER_DEBUG=1 yum check-update
and see if that tells you what the problem is.
It could be any of:
- The date/time on your system is way off, so they metalink is invalid. - You are behind a proxy and can't download the metalink. - Your dns is not working right. etc.
kevin
The time is OK. It was on UTC, and I swigged it to local time with no difference.
I ran the debug command, which puts out a lot of data, but this at the end seems to be the telling part…
2012-10-17 19:26:26,940 attempt 1/10: https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 INFO:urlgrabber:attempt 1/10: https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 2012-10-17 19:26:26,940 opening local file "/var/cache/yum/x86_64/6Server/epel/metalink.xml.tmp" with mode wb INFO:urlgrabber:opening local file "/var/cache/yum/x86_64/6Server/epel/metalink.xml.tmp" with mode wb * About to connect() to mirrors.fedoraproject.org port 443 (#0) * Trying 152.19.134.146... * connected * Connected to mirrors.fedoraproject.org (152.19.134.146) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Peer's certificate issuer is not recognized: 'CN=GeoTrust SSL CA,O="GeoTrust, Inc.",C=US' * NSS error -8179 * Closing connection #0 * Peer certificate cannot be authenticated with known CA certificates 2012-10-17 19:26:27,125 exception: [Errno 14] Peer cert cannot be verified or peer cert invalid INFO:urlgrabber:exception: [Errno 14] Peer cert cannot be verified or peer cert invalid 2012-10-17 19:26:27,125 retrycode (14) not in list [-1, 2, 4, 5, 6, 7], re-raising INFO:urlgrabber:retrycode (14) not in list [-1, 2, 4, 5, 6, 7], re-raising Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
Based on this it seems that I could benefit from an updated set of time in /etc/pki/tls/certs, in particular the ca-bundle.crt ca-bundle.trust.crt files, or am I all wrong on this?
Thanks, James "Zeke" Dehnert -- mailto:jdehnert@dehnert.com James "Zeke" Dehnert Phone: 707 588 8554 -= Eschew Obfuscation =- "Life is racing. Everything else is just waiting"
On Oct 17, 2012, at 4:16 PM, Kevin Fenzi kevin@scrye.com wrote:
On Wed, 17 Oct 2012 16:04:53 -0700 James P Dehnert Sr jdehnert@dehnert.com wrote:
I just installed the peel repo on a RedHat Ent 6.1 system using the following command…
su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rp...'
Now when I query yum I get the following error message...
Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
The repo file seem good to me…
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
But now this is breaking a number of package installed in puppet. I Googled this error, but the consensus seems to be to just disable the repo, which doesn’t really address the problem.
Does anyone have a clue as to why this is happening?
Do a:
URLGRABBER_DEBUG=1 yum check-update
and see if that tells you what the problem is.
It could be any of:
- The date/time on your system is way off, so they metalink is invalid.
- You are behind a proxy and can't download the metalink.
- Your dns is not working right.
etc.
kevin _______________________________________________ epel-devel-list mailing list epel-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/epel-devel-list
On Wed, 17 Oct 2012 17:33:07 -0700 James P Dehnert Sr jdehnert@dehnert.com wrote:
...snip...
Based on this it seems that I could benefit from an updated set of time in /etc/pki/tls/certs, in particular the ca-bundle.crt ca-bundle.trust.crt files, or am I all wrong on this?
yeah. Perhaps 6.1's versions were too old to have geotrust in them?
That would be somewhat surprising to me, but I suppose it's possible.
kevin
FYI, I pulled the perl script mk-ca-bundle.pl from the cURL repo on Github. after running that on the problem host and installing the ca-bundle.crt it generates, everything is working like a champ now.
On Oct 18, 2012, at 8:45 AM, Kevin Fenzi kevin@scrye.com wrote:
On Wed, 17 Oct 2012 17:33:07 -0700 James P Dehnert Sr jdehnert@dehnert.com wrote:
...snip...
Based on this it seems that I could benefit from an updated set of time in /etc/pki/tls/certs, in particular the ca-bundle.crt ca-bundle.trust.crt files, or am I all wrong on this?
yeah. Perhaps 6.1's versions were too old to have geotrust in them?
That would be somewhat surprising to me, but I suppose it's possible.
kevin _______________________________________________ epel-devel-list mailing list epel-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/epel-devel-list
Thanks, James "Zeke" Dehnert
-- mailto:jdehnert@dehnert.com James "Zeke" Dehnert Phone: 707 588 8554 -= Eschew Obfuscation =- "Life is racing. Everything else is just waiting"
epel-devel@lists.fedoraproject.org