Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Issues synching yum.puppetlabs.com repo through Red Hat Satellite

Hi.

I appreciate this is most likely a Red Hat Satellite issue but thought it might be worth a shot here too.

We are having big issues adding repositories through our satellite server.

The repo we desperately need is:

https://yum.puppetlabs.com/el/6Server/dependencies/x86_64/

When we try to sync this repo we get an SSL handshake error:

Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:37 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:37 pulp: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://yum.puppetlabs.com/el/6Server/dependencies/x86_64/. Nov 13 14:40:37 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:37 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:38 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:38 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:38 pulp: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://yum.puppetlabs.com/el/6Server/dependencies/x86_64/. Nov 13 14:40:38 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:38 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:39 pulp: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading additional units. Nov 13 14:40:39 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:39 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Nov 13 14:40:40 pulp: urllib3.connectionpool:INFO: Starting new HTTPS connection (1): yum.puppetlabs.com Nov 13 14:40:40 pulp: nectar.downloaders.threaded:ERROR: Skipping requests to yum.puppetlabs.com due to repeated connection failures: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Things we have done to try to resolve the issue:

  1. updated the satellite to version 6.2.12.
  2. yum update on the satellite server.
  3. updated the squid proxy from using the squid package to using the squid34 both offered by Red Hat.
  4. The repo fails to sync with and with out the GPG key posted by Puppet.
  5. On our cobbler server the same repo syncs with out any issues.
  6. We can wget from the satellite to the remote repo.
  7. I can sync the elasticsearch repo but not the puppet repo listed above.

I have been stuck on this now for a week and desperately need a resolution.

Thanks

  • On the subject of GPG keys there are three found here: https://yum.puppetlabs.com/index_by_name.html

https://yum.puppetlabs.com/RPM-GPG-KEY-puppet https://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs https://yum.puppetlabs.com/RPM-GPG-KEY-reductive

I've tried the first two as well as no GPG key and it still doesn't work.

As above, our cobbler server can sync with the repo no issue with out a GPG key (I think) and we can wget from the repo just cant synch through the Satellite.