Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jenkins Redhat repo certificate has expired #989

Closed
chhex opened this issue Sep 16, 2020 · 2 comments
Closed

Jenkins Redhat repo certificate has expired #989

chhex opened this issue Sep 16, 2020 · 2 comments

Comments

@chhex
Copy link

chhex commented Sep 16, 2020

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: Bolt 2.13.0
  • Ruby: jruby 9.2.11.1 (2.5.7)
  • Distribution:
  • Module version: 'puppet-jenkins', '2.0.0'

How to reproduce (e.g Puppet code you use)

class { 'jenkins':
version => '2.235.1',
.....
}

What are you seeing

Package[jenkins]: change from 'purged' to '2.235.1' failed: Could not update: Execution of '/bin/yum -d 0 -e 0 -y install jenkins-2.235.1' returned 1: One of the configured repositories failed (Jenkins),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

   1. Contact the upstream for the repository and get them to fix the problem.

   2. Reconfigure the baseurl/etc. for the repository, to point to a working
      upstream. This is most often useful if you are using a newer
      distribution release than is supported by the repository (and the
      packages for the previous distribution release still work).

   3. Run the command with the repository temporarily disabled
          yum --disablerepo=jenkins ...

   4. Disable the repository permanently, so yum won't use it by default. Yum
      will then just ignore the repository until you permanently enable it
      again or use --enablerepo for temporary usage:

          yum-config-manager --disable jenkins
      or
          subscription-manager repos --disable=jenkins

   5. Configure the failing repository to be skipped, if it is unavailable.
      Note that yum will try to contact the repo. when it runs most commands,
      so will have to try and fail each time (and thus. yum will be be much
      slower). If it is a very temporary problem though, this is often a nice
      compromise:

          yum-config-manager --save --setopt=jenkins.skip_if_unavailable=true

failure: repodata/repomd.xml from jenkins: [Errno 256] No more mirrors to try.
https://pkg.jenkins.io/redhat-stable/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate has expired."

When going to https://pkg.jenkins.io/redhat-stable/

WARNING: The gpg key use to sign our packages has been updated on 16th of April 2020, therefore you need to reimport it if you imported before this date.

What behaviour did you expect instead

Jenkins installed

Output log

See above

Any additional information you'd like to impart

more /etc/yum.repos.d/jenkins.repo
[jenkins]
name=Jenkins
baseurl=https://pkg.jenkins.io/redhat-stable/
enabled=1
gpgcheck=1
gpgkey=https://pkg.jenkins.io/redhat/jenkins-ci.org.key
@igalic
Copy link
Contributor

igalic commented Sep 19, 2020

IIRC, the problem is the Reimport.
the yum module doesn't support that

@ekohl
Copy link
Member

ekohl commented May 12, 2022

Given it works on fresh installs and it was rotated a while back, I'm going to assume this is no longer a problem.

@ekohl ekohl closed this as completed May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ekohl @igalic @chhex