Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-145326

Regression. RHEL 10 osbuild fails to connect to Satellite due to self signed certificate

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • image-builder
    • Yes
    • Low
    • 1
    • image-builder
    • 5
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • IB Upcoming Priorities
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Use osbuild with a Satellite. (Followed exact steps: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/composing_a_customized_rhel_system_image/index#configuring-and-using-satellite-cv-as-a-content-source_managing-repositories)

      What is the impact of this issue to you?

      Unable to build images using Satellite repositories as source.

      Please provide the package NVR for which the bug is seen:

      python3-osbuild-158-1.el10.noarch
      osbuild-selinux-158-1.el10.noarch
      osbuild-158-1.el10.noarch
      osbuild-depsolve-dnf-158-1.el10.noarch
      osbuild-luks2-158-1.el10.noarch
      osbuild-lvm2-158-1.el10.noarch
      osbuild-ostree-158-1.el10.noarch
      osbuild-composer-worker-149-1.el10.x86_64
      osbuild-composer-core-149-1.el10.x86_64
      osbuild-composer-149-1.el10.x86_64

      How reproducible is this bug?:

      Everytime

      Steps to reproduce

      1. yum update to latest content
      2. configure osbuild for a satellite . https://access.redhat.com/solutions/5773421

      3. [root@dhcp-8-29-235 ~]# composer-cli blueprints show  test
        name = "test"description = "A test"version = "0.0.2"modules = []
        groups = []
        distro = ""
        [[packages]]
        name = "bash"version = "*"

      4. # composer-cli blueprints depsolve test

      Expected results

      The osbuild composure should read the certificate from /etc/rhsm/ca/katello-server-ca.pem

      Actual results

      Jan 30 15:59:26 bootc-rhel10-base.test.local osbuild-composer[124578]:   - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://xxxx.redhat.com/pulp/content/RedHat/Library/content/dist/rhel10/10.1/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain]
      Jan 30 15:59:26 bootc-rhel10-base.test.local osbuild-composer[124578]: RepoError: There was a problem reading a repository: Failed to download metadata for repo '31010c28aa4e271c138fe02e6e87e839e952f06784d4184541cf9c79470c665b': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

      Workaround:

      https://access.redhat.com/solutions/5773421

      # mv /etc/rhsm/ca/redhat-uep.pem{,.rpmsave}
# ln -s /etc/rhsm/ca/katello-server-ca.pem /etc/rhsm/ca/redhat-uep.pem

              osbuilders Osbuilders Bot Account
              rhn-support-mkenjale Mahesh Kenjale
              Osbuilders Bot Account Osbuilders Bot Account
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: