Closed Bug 1345879 Opened 8 years ago Closed 8 years ago

Failed o fetch data from Ubuntu16 repository using https

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dragrom, Assigned: dividehex)

References

Details

Attachments

(2 files)

Failed o fetch data from Ubuntu16 repository using https, I received the following error when run apt-get update: "W: The repository 'https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04/dists/xenial/main/binary-amd64/Packages E: Some index files failed to download. They have been ignored, or old ones used instead." To unlock me, I changed from https to http, into modules/packages/manifests/aptrepo.pp. I'll revert changes after we will fix the https access
Lets start by making sure the apt-transport-https package is installed during kickstart and before puppet changes the apt source lists to https.
Assignee: relops → jwatkins
Attachment #8853156 - Flags: checked-in+
This issue seems to stem from apt-get not being able to read the /var/lib/puppet/ssl/certs/ca.pem. I suspect it is dropping privilege somewhere during an apt-get update and since the /var/lib/puppet dir is 'o-rwx', it fails to access the file. I'm hesitant to change the file permissions anywhere in the down that path so I'm opting to simply copy the CA cert to a more appropriate location (such as /etc/ssl/certs) and ensure it is world readable. Enabling debugging in /etc/apt/apt.conf.d/99mozilla: Debug::Acquire::https "true"; 'apt-get update' now spits more interesting errors: * Trying 10.134.48.16... Ign:21 https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial/main Translation-en_US 96% [Working]* Connected to puppetagain-apt.pvt.build.mozilla.org (10.134.48.16) port 443 (#21) * error reading ca cert file /var/lib/puppet/ssl/certs/ca.pem (Error while reading file.) * Closing connection 21 Once apt-get can read the CA, it https apt sources works fine.
Attachment #8853163 - Flags: review?(dhouse) → review+
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Blocks: 1366828
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: