Vinícius,
What version of xCAT are you running ?
See if this works for you:
1. edit /opt/xcat/share/xcat/netboot/rh/genimage
Around line 343, there should be a line:
print $yumconfig "[$osver-$arch-$repnum]\nname=$osver-$arch-$repnum
\nbaseurl=$srcdir\ngpgcheck=0\nskip_if_unavailable=True\n\n";
Add "sslverify=0" to the end of the line
2. Remove old image with "rmimage"
3. Generate image again with "genimage"
Mark Gurevich
Poughkeepsie Development Lab
HPC Software Development - xCAT
"If we knew what it was we were doing, it would not be called research,
would it?"
--Albert Einstein
From: "Vinícius Ferrão via xCAT-user"
To: "xCAT Users Mailing list"
Cc: "Vinícius Ferrão"
Date: 01/13/2022 11:43 AM
Subject:[EXTERNAL] [xcat-user] Using https pkgdir with rhels8.5.0
Hello, I'm trying to run genimage with rhels8.5.0 and I've added some https
repos to pkgdir image definition:
[root@headnode repos]# lsdef -t osimage rhels8.5.0-x86_64-netboot-compute
Object name: rhels8.5.0-x86_64-netboot-compute
exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.exlist
imagetype=linux
osarch=x86_64
osdistroname=rhels8.5.0-x86_64
osname=Linux
osvers=rhels8.5.0
otherpkgdir=/install/post/otherpkgs/rhels8.5.0/x86_64
otherpkglist=/install/custom/netboot/compute.otherpkglist
permission=755
pkgdir=/install/rhels8.5.0/x86_64,
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os,https://download.fedoraproject.org/pub/epel/8/Everything/x86_64,https://download.fedoraproject.org/pub/epel/8/Modular/x86_64,http://repos.openhpc.community/OpenHPC/2/CentOS_8,http://repos.openhpc.community/OpenHPC/2/updates/CentOS_8
pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.pkglist
postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.postinstall,/install/custom/netboot/compute.postinstall
profile=compute
provmethod=netboot
rootimgdir=/install/netboot/rhels8.5.0/x86_64/compute
synclists=/install/custom/netboot/compute.synclists
But when I issue genimage there's some issues with curl. It seems something
is broken with the certificate chain:
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-2':
- Curl error (60): Peer certificate cannot be authenticated with given CA
cert
ificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repoda
ta/repomd.xml [SSL certificate problem: self signed certificate in
certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-2': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-3 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-3':
- Curl error (60): Peer certificate cannot be authenticated with given CA
certificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml
[SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-3': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-4 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-4':
- Curl error (60): Peer certificate cannot be authenticated with given CA
certificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os/repodata/repomd.xml
[SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-4': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-5 7.5 MB/s | 11 MB 00:01
rhels8.5.0-x86_64-6 1.1 MB/s | 979 kB 00:00
rhels8.5.0-x86_64-7 1.7 MB/s | 3.1 MB 00:01
rhels8.5.0-x86_64-8 1.5 MB/s | 2.6 MB 00:01
otherpkgs1 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'otherpkgs1':
- Curl error (37): Couldn't read a file:// file for
file:///install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml
[Couldn't open
file /install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml]
Error: Failed to download metadata for repo 'otherpkgs1': Cannot download
repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Is there any fix to this curl certificate chain errors?
Thank you.
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/