当你在Azure上部署旧版本RHEL的VM之后运行yum相关命令会出现以下报错:[Errno 14] curl#58 – “SSL peer rejected your certificate as expired.”
这种问题通常发生于部署较旧的RHEL OS映像(例如小于或等于RedHat:RHEL:7.4版本),则会遇到因 TLS/SSL 客户端证书现已过期而出现的 RHUI 连接问题。
[本人中所有涉及到 Azure 的实验均在 Azure Global 国际版中进行配置,部分功能可能在 Azure 世纪互联中受到限制]
[如果您认为本文章帮助到了您,请在文章末尾“打赏”作者,感谢!]
症状:
当你在Azure上部署旧版本RHEL的VM之后运行yum相关命令会出现以下报错:
RHEL7:
Loaded plugins: langpacks, product-id, search-disabled-repos https://rhui-3.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml: [Errno 14] curl#58 - "SSL peer rejected your certificate as expired." Trying other mirror. https://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml: [Errno 14] curl#58 - "SSL peer rejected your certificate as expired." Trying other mirror.
RHEL8:
Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-eus-rhui-rpms': - Curl error (56): Failure when receiving data from the peer for https://rhui-2.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0] - Curl error (56): Failure when receiving data from the peer for https://rhui-1.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0] - Curl error (56): Failure when receiving data from the peer for https://rhui-3.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0] Error: Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-eus-rhui-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
原因:
这种问题通常发生于部署较旧的RHEL OS映像(例如小于或等于RedHat:RHEL:7.4版本),则会遇到因 TLS/SSL 客户端证书过期而出现的 RHUI 连接问题。
解决:
若要解决此问题,请使用以下命令更新 Azure上的RHUI 客户端程序包:
sudo yum update -y --disablerepo='*' --enablerepo='*microsoft*' sudo yum clean all sudo yum makecache
如果上述方法不生效,请参考以下方法强制更新RHUI:
#Backup default repos mv /etc/yum.repos.d/ /etc/yum.repos.d_old/ mkdir /etc/yum.repos.d/ #Repos Manually update - For RHEL 6 only: yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel6.config' install 'rhui-azure-rhel6' #Repos Manually update - For RHEL 7 only: yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
#Repos Manually update - For RHEL 8 only: # 1. Create a config file: vi rhel8.config # 2. Add the following content into the config file: [rhui-microsoft-azure-rhel8] name=Microsoft Azure RPMs for Red Hat Enterprise Linux 8 baseurl=https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-2.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-3.microsoft.com/pulp/repos/microsoft-azure-rhel8 enabled=1 gpgcheck=1 gpgkey=https://rhelimage.blob.core.windows.net/repositories/RPM-GPG-KEY-microsoft-azure-release sslverify=1 # 3. Save the file and run the following command: dnf --config rhel8.config install 'rhui-azure-rhel8' # 4. Update your VM sudo dnf update
< Latest Update: June/07/2021 by AndyX>
参考文档:
Red Hat Update Infrastructure – Azure Virtual Machines | Microsoft Docs
(END)
文章撰写:AndyX,来自AndyX.Net。
[本文为AndyX.Net原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明!]