Unable to enable Red Hat repositories on the Satellite
Environment
- Red Hat Satellite 6
Issue
- Getting the following message while trying to enable repositories in the Satellite
Web UI -> Content -> Red Hat Repositoriespage.
No repositories available
- You had followed How to test CDN scanning performed by Satellite6? and Satellite can connect to the Red Hat CDN successfully.
Resolution
- To test connect to the Red Hat CDN using
TLSv1.0, run the followingforeman-rake consolescript on the Satellite.
cat << EOF | foreman-rake console
module CdnResourceDebug
def http_downloader
net = super
net.ssl_version = "TLSv1"
net.set_debug_output(STDOUT)
net
end
end
Katello::Resources::CDN::CdnResource.prepend(CdnResourceDebug)
product = Katello::Product.find_by_cp_id("479")
cdn_config = Katello::CdnConfiguration.where(organization: Organization.find(1)).first
cdn_resource = Katello::Resources::CDN::CdnResource.create(product: product, cdn_configuration: cdn_config)
cdn_resource.get("/content/dist/rhel8/listing")
- To test connect to the Red Hat CDN using the latest supported TLS version (currently is TLSv1.3), run the following
foreman-rake consolescript on the Satellite.
cat << EOF | foreman-rake console
module CdnResourceDebug
def http_downloader
net = super
net.ssl_version = "SSLv23"
net.set_debug_output(STDOUT)
net
end
end
Katello::Resources::CDN::CdnResource.prepend(CdnResourceDebug)
product = Katello::Product.find_by_cp_id("479")
cdn_config = Katello::CdnConfiguration.where(organization: Organization.find(1)).first
cdn_resource = Katello::Resources::CDN::CdnResource.create(product: product, cdn_configuration: cdn_config)
cdn_resource.get("/content/dist/rhel8/listing")
EOF
- If the first script fails with SSL connection error like below:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: internal error)
- But the second script returns an expected results like below:
"8\n8.0\n8.1\n8.2\n8.3\n8.4\n8.5\n8.6\n8.7\n8.8\n"
- Then run the following hammer command to set the
cdn_ssl_versionasSSLv23. This will tell Satellite to use the highest TLS version supported by both the Satellite and the Red Hat CDN.
hammer settings set --name "cdn_ssl_version" --value "SSLv23"
- After that, try to enable any Red Hat repository.
Root Cause
- Satellite uses
TLSv1.0to connect to the Red Hat CDN by default. Your network or HTTP proxy might not allow connection with older TLS versions.
Diagnostic Steps
- Found the following error message in
/var/log/foreman/production.logfile.
[I|app|] CDN: Requesting path https://cdn.redhat.com:443/content/dist/rhel8/listing <https://cdn.redhat.com:443/content/dist/rhel8/listing>
[E|app|xxxxxxx] Failed at scanning for repository: SSL_connect returned=1 errno=0 state=error: internal error
SBR
Product(s)
Components
Category
Tags
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.