Martin, could you please to check the output of the following command also:
echo | openssl s_client -connect download.opensuse.org:443
Victor
On Thu, 2022-08-11 at 17:50 +0200, Martin via Uyuni Users wrote:
Hello Julio
uyuni:~ # curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stabl e/images/repo/Uyuni-Server-POOL-x86_64-Media1/repodata/repomd.xml
Or try with curl -k -v to inspect the output. -k forces the connection even if the SSL certification fails. El jueves, 11 de agosto de 2022 17:52:56 (CEST) Victor Zhestkov via Uyuni Users escribió: *
Trying 195.135.221.134:443... * Connected to download.opensuse.org (195.135.221.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
There seems to be an issue with the CA.
I changed the Repository URL from https to http - now it works.
Yes, that works but now your connection is not encrypted, so I'd strongly recommend you debug why you are having the issue. Besides the next major upgrade for Uyuni, next year, will restore the repos to https.
Thank you
Martin
Am 11.08.22 um 13:35 schrieb Julio Gonzalez via Uyuni Users:
El jueves, 11 de agosto de 2022 13:20:28 (CEST) Martin via Uyuni Users escribió:
Hallo all
I can't connect to uyuni-stable repo:
uyuni:~ # zypper ref -s All services have been refreshed. Repository 'Update repository of openSUSE Backports' is up to date. Repository 'Non-OSS Repository' is up to date. Repository 'Haupt-Repository' is up to date. Repository 'Update repository with updates from SUSE Linux Enterprise 15' is up to date. Repository 'Hauptaktualisierungs-Repository' is up to date. Repository 'Aktualisierungs-Repository (Nicht-Open-Source- Software)' is up to date. Retrieving repository 'uyuni-server-stable' metadata ................................................................. ........... ......................[error]
Repository 'uyuni-server-stable' is invalid.
[uyuni-server- stable|https://download.opensuse.org/repositories/systemsmanag ement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64- Media1/]
Valid
metadata not found at specified URL History: - [|] Error trying to read from ' https://download.opensuse.org/repositories/systemsmanagement:/Uyun i:/Stable /images/repo/Uyuni-Server-POOL-x86_64-Media1/'
- Download (curl) error for
' https://download.opensuse.org/repositories/systemsmanagement:/Uyun i:/Stable /images/repo/Uyuni-Server-POOL-x86_64-Media1/content':
Error code: Curl
error 60 Error message: SSL certificate problem: unable to get local issuer certificate
Please check if the URIs defined for this repository are pointing to a valid repository. Skipping repository 'uyuni-server-stable' because of the above error. Some of the repositories have not been refreshed because of an error.
curl -v https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/ Stable/images/repo/Uyuni-Server-POOL-x86_64- Media1/repodata/repomd.xml
and inspect the output
The repomd.xml doesn't get you redirected to a mirror, and works fine from here. But curl will give you more info about what's wrong.
In my case I see:
Server certificate: * subject: CN=opensuse.org * start date: Jul 12 00:12:58 2022 GMT * expire date: Oct 10 00:12:57 2022 GMT * subjectAltName: host "download.opensuse.org" matched cert's "*.opensuse.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok.
Two additional Questions
What I have to do, if the uyuni server IP has changed?
AFAIK, as long as you keep the same hostname, you don't need to do anything.
If you also changed the hostname: https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ troubleshooting/tshoot-hostname-rename.html
What I have to do, if the IP of a uyuni managed client has changed?
AFAI; if you onboarded using the clients hostname (recommended), nothing particular. At some point a refresh will happen and you will see the new IPs at the UI.
But if you onboarded using the IP of the clients, then I think (but I am not sure), that you need to use reactivation keys.
https://www.uyuni-project.org/uyuni-docs/en/uyuni/client-configuration/ activation-keys.html#_reactivation_keys
We move our servers to a new IP Range.
As long as you are using hostnames in all cases, chaging IPs should not really big an issue
Best regards
Martin
Am 10.08.22 um 13:07 schrieb Julio Gonzalez via Uyuni Users:
VERY IMPORTANT: 2022.08 requires special procedures if you are not already using Uyuni 2022.06! The configuration files for the proxy on containers also
needs to be updated. Make sure you read the release notes before
updating!>
We are happy to announce the availability of Uyuni 2022.08. Most openSUSE mirrors should already have 2022.08, but if you do not see it yet, wait a few
hours until your local openSUSE mirror is synced.
Athttps://www.uyuni-project.org/pages/stable-version.html you will find all
the resources you need to start working with Uyuni 2022.08,
including the release notes, documentation, requirements and setup instructions.>
This is the list of highlights for this release:
- Ubuntu 22.04 as client - GPG key handling in Uyuni - Disabling locally defined repositories - Technology Preview: Helm chart to deploy containerized Uyuni Proxy
and Retail Branch Server
Remember that Uyuni will follow a rolling release planning, so the next version will contain bugfixes for this one and any new features. There will be
no maintenance of 2022.08
As always, we hope you will enjoy Uyuni 2022.08 and we invite everyone of you
to send us your feedback [1] and of course your patches, if you can
contribute.
Happy hacking!
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com