Why we are getting "CDN loading error: access forbidden" error while enabling repository for new (version) repository made available on CDN? Manifest refresh did not help.

Solution Verified - Updated

Environment

  • Red Hat Satellite 6
  • Subscription Manifest

Issue

  • When trying to add the 3.4 Version of OpenShift Container Platform repository into our satellite server 6.2 i get below error. I reloaded the updated manifest before.

    Katello::Errors::SecurityViolation: CDN loading error: access forbidden to    https://cdn.redhat.com:443/content/dist/rhel/server/7/7Server/x86_64/ose/3.4/os/repodata/repomd.xml

Resolution

  • Remove the OpenShift subscriptions you have attached to the manifest and add them back.

     1) Access the manifest profile
 2) Select `Red Hat OpenShift Container Platform, 2-Core` subscriptions and click on `Remove Selected`
 3) Click on `Attach Subscription` and add same openshift subscription of required quantity. 
 4) Then try to refresh the manifest on the satellite server and let us know whether you are able to enable `Red Hat OpenShift Container Platform 3.4` repository or not.

For more KB articles/solutions related to Red Hat Satellite 6.x Repository Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Repository Issues.

Root Cause

  • The newly released version 3.4 of OpenShift Container was not updated/reflected in the manifest even after manifest refresh.

Diagnostic Steps

  • Extract the manifest and check whether the certificates in the manifest provide access to required repository or not. 

    # mkdir /tmp/manifest
 - Copy the manifest file  manifest_f466a03c-da13-4aed-bbc1-2a5e7db89430.zip to /tmp/manifest/
# cd /tmp/manifest
# unzip manifest_f466a03c-da13-4aed-bbc1-2a5e7db89430.zip
# unzip consumer_export.zip
# cd /tmp/manifest/export/entitlement_certificates/
# wget --certificate 2707087463433796763.pem  https://cdn.redhat.com:443/content/dist/rhel/server/7/7Server/x86_64/ose/3.4/os/repodata/repomd.xml --no-check-certificate
SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.