Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-11347

Leapp cannot upgrade with a custom https repo

    • leapp-repository-0.19.0-2.el7_9
    • None
    • Moderate
    • rhel-sst-upgrades
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      Customer uses custom repositories hosted behind an HTTPS server.
      They use a dedicated certificate which is not copied into the target userspace, leading to an error while trying to retrieve the metadata.

      Version-Release number of selected component (if applicable):
      leapp-upgrade-el7toel8-0.15.0-6.el7_9

      How reproducible:
      Always

      Steps to Reproduce:
      1. Setup an HTTPS server hosting your repositories
      2. Specify the certificate in sslcacert in the repo file

      Actual results:
      [MIRROR] libcgroup-0.41-19.el8.x86_64.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://<HIDDEN_HOSTNAME>/pulp/content/ci-rhel8-baseos2/Packages/l/libcgroup-0.41-19.el8.x86_64.rpm [SSL certificate problem: unable to get local issuer certificate]

      Additional info:

      • Setting sslverify=0 is a workaround, but this is not what the customer wants.
      • The issue was workarounded by bind-mounting the /etc/pki/ca-trust directory into the container (by modifying ALWAYS_BIND in mounting.py).
      • I think something allowing to simply add files into the target userspace could help. With the below patch, a user can execute the following command to move forward:
      1. for f in $(find /etc/pki/ca-trust -type f); do echo $f:$f >> /etc/leapp/filesfortargetuserspace.conf; done

      — /usr/share/leapp-repository/repositories/system_upgrade/common/actors/scanfilesfortargetuserspace/libraries/scanfilesfortargetuserspace.py.orig 2022-01-14 15:55:58.698593070 +0100
      +++ /usr/share/leapp-repository/repositories/system_upgrade/common/actors/scanfilesfortargetuserspace/libraries/scanfilesfortargetuserspace.py 2022-01-14 16:08:35.738180885 +0100
      @@ -8,6 +8,8 @@
      '/etc/hosts': '/etc/hosts'
      }

      +FILES_FOR_TARGET_USERSPACE_CFG = '/etc/leapp/filesfortargetuserspace.conf'
      +

      def scan_files_to_copy():
      """
      @@ -21,6 +23,17 @@
      dst_path = FILES_TO_COPY_IF_PRESENT[src_path]
      files_to_copy.append(CopyFile(src=src_path, dst=dst_path))

      + if os.path.exists(FILES_FOR_TARGET_USERSPACE_CFG):
      + try:
      + with open(FILES_FOR_TARGET_USERSPACE_CFG, "r") as f:
      + additional_files = f.readlines()
      + for line in additional_files:
      + src_path, dst_path = line.split(':')
      + files_to_copy.append(CopyFile(src=src_path, dst=dst_path))
      + except:
      + # silence any error (EACCES, EPERM, bad file format, ...)
      + pass
      +
      preupgrade_task = TargetUserSpacePreupgradeTasks(copy_files=files_to_copy)

      api.produce(preupgrade_task)

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-cbesson Christophe Besson
              RH Bugzilla Integration RH Bugzilla Integration
              RHEL Upgrades QE Team RHEL Upgrades QE Team
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: