11 Aug
2022
11 Aug
'22
15:50
Hello Julio uyuni:~ # curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/repodata/repomd.xml * Trying 195.135.221.134:443... * Connected to download.opensuse.org (195.135.221.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. There seems to be an issue with the CA. I changed the Repository URL from https to http - now it works. Thank you Martin Am 11.08.22 um 13:35 schrieb Julio Gonzalez via Uyuni Users: > El jueves, 11 de agosto de 2022 13:20:28 (CEST) Martin via Uyuni Users > escribió: >> Hallo all >> >> I can't connect to uyuni-stable repo: >> >> uyuni:~ # zypper ref -s >> All services have been refreshed. >> Repository 'Update repository of openSUSE Backports' is up to date. >> Repository 'Non-OSS Repository' is up to date. >> Repository 'Haupt-Repository' is up to date. >> Repository 'Update repository with updates from SUSE Linux Enterprise >> 15' is up to date. >> Repository 'Hauptaktualisierungs-Repository' is up to date. >> Repository 'Aktualisierungs-Repository (Nicht-Open-Source-Software)' is >> up to date. >> Retrieving repository 'uyuni-server-stable' metadata >> ............................................................................ >> ......................[error] > Repository 'uyuni-server-stable' is invalid. >> [uyuni-server-stable|https://download.opensuse.org/repositories/systemsmanag >> ement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/] > Valid >> metadata not found at specified URL >> History: >> - [|] Error trying to read from >> 'https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable >> /images/repo/Uyuni-Server-POOL-x86_64-Media1/' > - Download (curl) error for >> 'https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable >> /images/repo/Uyuni-Server-POOL-x86_64-Media1/content': > Error code: Curl >> error 60 >> Error message: SSL certificate problem: unable to get local issuer >> certificate >> >> Please check if the URIs defined for this repository are pointing to a >> valid repository. >> Skipping repository 'uyuni-server-stable' because of the above error. >> Some of the repositories have not been refreshed because of an error. > curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/ > Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/repodata/repomd.xml > > and inspect the output > > The repomd.xml doesn't get you redirected to a mirror, and works fine from > here. But curl will give you more info about what's wrong. > > In my case I see: > > Server certificate: > * subject: CN=opensuse.org > * start date: Jul 12 00:12:58 2022 GMT > * expire date: Oct 10 00:12:57 2022 GMT > * subjectAltName: host "download.opensuse.org" matched cert's > "*.opensuse.org" > * issuer: C=US; O=Let's Encrypt; CN=R3 > * SSL certificate verify ok. > >> Two additional Questions >> >> What I have to do, if the uyuni server IP has changed? > AFAIK, as long as you keep the same hostname, you don't need to do anything. > > If you also changed the hostname: > https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ > troubleshooting/tshoot-hostname-rename.html > >> What I have to do, if the IP of a uyuni managed client has changed? > AFAI; if you onboarded using the clients hostname (recommended), nothing > particular. At some point a refresh will happen and you will see the new IPs > at the UI. > > But if you onboarded using the IP of the clients, then I think (but I am not > sure), that you need to use reactivation keys. > > https://www.uyuni-project.org/uyuni-docs/en/uyuni/client-configuration/ > activation-keys.html#_reactivation_keys > >> We move our servers to a new IP Range. > As long as you are using hostnames in all cases, chaging IPs should not really > big an issue > > >> Best regards >> >> Martin >> >> Am 10.08.22 um 13:07 schrieb Julio Gonzalez via Uyuni Users: >> >>> VERY IMPORTANT: 2022.08 requires special procedures if you are not >>> already >>> using Uyuni 2022.06! The configuration files for the proxy on containers >>> also > needs to be updated. Make sure you read the release notes before >>> updating!> >>> >>> >>> We are happy to announce the availability of Uyuni 2022.08. Most openSUSE >>> mirrors should already have 2022.08, but if you do not see it yet, wait a >>> few > hours until your local openSUSE mirror is synced. >>> >>> >>> Athttps://www.uyuni-project.org/pages/stable-version.html you will find >>> all > the resources you need to start working with Uyuni 2022.08, >>> including the release notes, documentation, requirements and setup >>> instructions.> >>> >>> >>> This is the list of highlights for this release: >>> >>> >>> >>> - Ubuntu 22.04 as client >>> - GPG key handling in Uyuni >>> - Disabling locally defined repositories >>> - Technology Preview: Helm chart to deploy containerized Uyuni Proxy >>> >>> and Retail Branch Server >>> >>> >>> >>> Remember that Uyuni will follow a rolling release planning, so the next >>> version will contain bugfixes for this one and any new features. There >>> will be > no maintenance of 2022.08 >>> >>> >>> As always, we hope you will enjoy Uyuni 2022.08 and we invite everyone of >>> you > to send us your feedback [1] and of course your patches, if you can >>> contribute. >>> >>> >>> >>> Happy hacking! >>> >>> >>> >>> [1]https://www.uyuni-project.org/pages/contact.html >