Ask Your Question
0

Issues synching yum.puppetlabs.com repo through Red Hat Satellite

asked 2017-11-13 09:12:41 -0600

andrewmichael81 gravatar image

Hi.

I appreciate this is most likely a Red Hat Satellite issue but thought it might be worth a shot here too.

We are having big issues adding repositories through our satellite server.

The repo we desperately need is:

https://yum.puppetlabs.com/el/6Server...

When we try to sync this repo we get an SSL handshake error:

Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:37 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:37 pulp: pulprpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://yum.puppetlabs.com/el/6Server...64/. Nov 13 14:40:37 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:38 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:38 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:38 pulp: pulprpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://yum.puppetlabs.com/el/6Server...64/. Nov 13 14:40:38 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:38 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:39 pulp: pulprpm.plugins.importers.yum.sync:INFO: Downloading additional units. Nov 13 14:40:39 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:39 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure Nov 13 14:40:40 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:40 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] ssl.c:492: error:14077410:SSL routines:SSL23GETSERVERHELLO:sslv3 alert handshake failure

Things we have done to try to resolve the issue:

  1. updated the ...
(more)
edit retag flag offensive close merge delete

4 Answers

Sort by ยป oldest newest most voted
0

answered 2017-11-23 06:13:41 -0600

aagrawal gravatar image

updated 2017-11-24 04:24:04 -0600

Hello,

Thank you for your detailed information,

I assume your Satellite must be on RHEL6 base os. I have tried the same with Satellite on Rhel 7, its working like charm.

However, with RHEL6, I face similar issue,

Version of python in RHEL6 is 2.6.6 and it seems it doesn't have support to SNI (Server Name Indication).

Can you try syncing the repository over http not https

Regards, Anand

edit flag offensive delete link more
0

answered 2017-11-26 05:47:14 -0600

bschonecker gravatar image

To my understanding, Red Hat Satellite must be installed on RHEL7. I don't think it's supported on RHEL6.

edit flag offensive delete link more
0

answered 2017-11-27 07:56:44 -0600

fvoges gravatar image

You probably need to install some updates. I've seen a similar problem where CentOS/RHEL 6 have old (vulnerable) SSL libraries.

Running

yum update -y ca-certificates nss curl openssl wget

with the updates repo enabled will probably fix it. The NSS package is probably the one causing the issue.

edit flag offensive delete link more
0

answered 2017-11-28 03:58:50 -0600

andrewmichael81 gravatar image

Thank you all for your replies.

Yes indeed with further investigation we came to the realisation that RHEL 6.x has no support for SNI.

Syncing the http repo may be a way round this problem for the puppet repositories but it does mean we will have an issue with other repositories which use SNI in the future.

I understand that the simplest solution is just to install RHEL 7.x as the base OS for the Satellite.

Only problem is the company I work for are not ready to migrate to RHEL 7 yet and would prefer if I found a solution for RHEL 6.x.

I have been in discussions with RHEL support and they cant find a solution either. But I get the impression they are not particularly senior engineers.

Do you think there is anything I can do to get it to work on RHEL 6.x or I am just fighting a battle I cant win?

Thanks all for your help.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-11-13 09:12:41 -0600

Seen: 146 times

Last updated: Nov 28 '17