Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4633

osbuild-composer repo overrides for satellite do not use the sslcacert defined in the redhat.repo file.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Important
    • rhel-sst-image-builder
    • ssg_front_door
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      When using image builder with Satellite repos, we must use overrides here.

      [Composer image builder uses CDN repositories when host is registered to Satellite 6](https://access.redhat.com/solutions/5773421)

      And we are told to use these steps here:

      1. mv /etc/rhsm/ca/redhat-uep.pem {,.rpmsave}
      2. ln -s /etc/rhsm/ca/katello-server-ca.pem /etc/rhsm/ca/redhat-uep.pem

      If rhsm=true allows osbuild to read the redhat.repo file to identify the entitlements needed, then it should also read the ssl cert defined in the redhat.repo file.

      Version-Release number of selected component (if applicable):
      r8 and r9

      How reproducible:
      Everytime

      Steps to Reproduce:
      1. configure a repo override for a satellite repo
      2. composer-cli blueprints depsolve test
      3.

      Actual results:
      ERROR: BlueprintsError: third: DNF error occurred: RepoError: There was a problem reading a repository: Failed to download metadata for repo '09fbe4005a3906de392013c928a0224670b7f797ef232b0a30c1cb93e83af9b0' [appstream: https://Satellite.net/pulp/content/astrazeneca/Dev/RHEL8/content/dist/rhel8/8/x86_64/appstream/os]: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

      > dnf logs show:

      Feb 16 09:13:11 HOSTNAME.net osbuild-composer[904122]: 2023/02/16 09:13:11 GET /api/v1/blueprints/depsolve/third
      Feb 16 09:13:12 HOSTNAME.net osbuild-composer[904623]: Errors during downloading metadata for repository '304349e2bd71fc67f77e602caf2c79acd903f7410c6fc19e8becc73052c3ad26':
      Feb 16 09:13:12 HOSTNAME.net osbuild-composer[904623]: - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://Satellite.net/pulp/content/astrazeneca/Dev/RHEL8/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
      Feb 16 09:13:12 HOSTNAME.net osbuild-composer[904623]: RepoError: There was a problem reading a repository: Failed to download metadata for repo '304349e2bd71fc67f77e602caf2c79acd903f7410c6fc19e8becc73052c3ad26': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

      Expected results:
      we should know to use the /etc/rhsm/ca/katello-server-ca.pem instead of having to make a link.

      Additional info:

              osbuilders Osbuilders Bot Account
              rhn-support-jcastran John Castranio
              Osbuilders Bot Account Osbuilders Bot Account
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: