Re: [xcat-user] Using https pkgdir with rhels8.5.0

2022-01-18 Thread Mark Gurevich 



Vinícius,

What version of xCAT are you running ?

See if this works for you:

1. edit /opt/xcat/share/xcat/netboot/rh/genimage

Around line 343, there should be a line:
print $yumconfig "[$osver-$arch-$repnum]\nname=$osver-$arch-$repnum
\nbaseurl=$srcdir\ngpgcheck=0\nskip_if_unavailable=True\n\n";

Add "sslverify=0" to the end of the line

2. Remove old image with "rmimage"
3. Generate image again with "genimage"

Mark Gurevich
Poughkeepsie Development Lab
HPC Software Development - xCAT

"If we knew what it was we were doing, it would not be called research,
would it?"
--Albert Einstein





From:   "Vinícius Ferrão via xCAT-user"

To: "xCAT Users Mailing list" 
Cc: "Vinícius Ferrão" 
Date:   01/13/2022 11:43 AM
Subject:[EXTERNAL] [xcat-user] Using https pkgdir with rhels8.5.0



Hello, I'm trying to run genimage with rhels8.5.0 and I've added some https
repos to pkgdir image definition:

[root@headnode repos]# lsdef -t osimage rhels8.5.0-x86_64-netboot-compute
Object name: rhels8.5.0-x86_64-netboot-compute
exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.exlist
imagetype=linux
osarch=x86_64
osdistroname=rhels8.5.0-x86_64
osname=Linux
osvers=rhels8.5.0
otherpkgdir=/install/post/otherpkgs/rhels8.5.0/x86_64
otherpkglist=/install/custom/netboot/compute.otherpkglist
permission=755
pkgdir=/install/rhels8.5.0/x86_64,
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os,https://download.fedoraproject.org/pub/epel/8/Everything/x86_64,https://download.fedoraproject.org/pub/epel/8/Modular/x86_64,http://repos.openhpc.community/OpenHPC/2/CentOS_8,http://repos.openhpc.community/OpenHPC/2/updates/CentOS_8

pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.pkglist

postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.postinstall,/install/custom/netboot/compute.postinstall

profile=compute
provmethod=netboot
rootimgdir=/install/netboot/rhels8.5.0/x86_64/compute
synclists=/install/custom/netboot/compute.synclists

But when I issue genimage there's some issues with curl. It seems something
is broken with the certificate chain:

Errors during downloading metadata for repository 'rhels8.5.0-x86_64-2':
  - Curl error (60): Peer certificate cannot be authenticated with given CA
cert
ificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repoda

ta/repomd.xml [SSL certificate problem: self signed certificate in
certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-2': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-3 0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-3':
  - Curl error (60): Peer certificate cannot be authenticated with given CA
certificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml
  [SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-3': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-4 0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-4':
  - Curl error (60): Peer certificate cannot be authenticated with given CA
certificates for
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os/repodata/repomd.xml
  [SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-4': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were
tried
rhels8.5.0-x86_64-5 7.5 MB/s |  11 MB 00:01
rhels8.5.0-x86_64-6 1.1 MB/s | 979 kB 00:00
rhels8.5.0-x86_64-7 1.7 MB/s | 3.1 MB 00:01
rhels8.5.0-x86_64-8 1.5 MB/s | 2.6 MB 00:01
otherpkgs1  0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'otherpkgs1':
  - Curl error (37): Couldn't read a file:// file for
file:///install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml
[Couldn't open
file /install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml]
Error: Failed to download metadata for repo 'otherpkgs1': Cannot download
repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Is there any fix to this curl certificate chain errors?

Thank you.

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/

[xcat-user] Using https pkgdir with rhels8.5.0

2022-01-13 Thread Vinícius Ferrão via xCAT-user 
Hello, I'm trying to run genimage with rhels8.5.0 and I've added some https 
repos to pkgdir image definition:

[root@headnode repos]# lsdef -t osimage rhels8.5.0-x86_64-netboot-compute
Object name: rhels8.5.0-x86_64-netboot-compute
exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.exlist
imagetype=linux
osarch=x86_64
osdistroname=rhels8.5.0-x86_64
osname=Linux
osvers=rhels8.5.0
otherpkgdir=/install/post/otherpkgs/rhels8.5.0/x86_64
otherpkglist=/install/custom/netboot/compute.otherpkglist
permission=755

pkgdir=/install/rhels8.5.0/x86_64,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os,https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os,https://download.fedoraproject.org/pub/epel/8/Everything/x86_64,https://download.fedoraproject.org/pub/epel/8/Modular/x86_64,http://repos.openhpc.community/OpenHPC/2/CentOS_8,http://repos.openhpc.community/OpenHPC/2/updates/CentOS_8
pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.pkglist

postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels8.x86_64.postinstall,/install/custom/netboot/compute.postinstall
profile=compute
provmethod=netboot
rootimgdir=/install/netboot/rhels8.5.0/x86_64/compute
synclists=/install/custom/netboot/compute.synclists

But when I issue genimage there's some issues with curl. It seems something is 
broken with the certificate chain:

Errors during downloading metadata for repository 'rhels8.5.0-x86_64-2':
  - Curl error (60): Peer certificate cannot be authenticated with given CA cert
ificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repoda
ta/repomd.xml [SSL certificate problem: self signed certificate in certificate 
chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-2': Cannot 
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
rhels8.5.0-x86_64-3 0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-3':
  - Curl error (60): Peer certificate cannot be authenticated with given CA 
certificates for 
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml
 [SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-3': Cannot 
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
rhels8.5.0-x86_64-4 0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'rhels8.5.0-x86_64-4':
  - Curl error (60): Peer certificate cannot be authenticated with given CA 
certificates for 
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/codeready-builder/os/repodata/repomd.xml
 [SSL certificate problem: self signed certificate in certificate chain]
Error: Failed to download metadata for repo 'rhels8.5.0-x86_64-4': Cannot 
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
rhels8.5.0-x86_64-5 7.5 MB/s |  11 MB 00:01
rhels8.5.0-x86_64-6 1.1 MB/s | 979 kB 00:00
rhels8.5.0-x86_64-7 1.7 MB/s | 3.1 MB 00:01
rhels8.5.0-x86_64-8 1.5 MB/s | 2.6 MB 00:01
otherpkgs1  0.0  B/s |   0  B 00:00
Errors during downloading metadata for repository 'otherpkgs1':
  - Curl error (37): Couldn't read a file:// file for 
file:///install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml [Couldn't 
open file /install/post/otherpkgs/rhels8.5.0/x86_64/repodata/repomd.xml]
Error: Failed to download metadata for repo 'otherpkgs1': Cannot download 
repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Is there any fix to this curl certificate chain errors?

Thank you.

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user