当你在Azure上部署旧版本RHEL的VM之后运行yum相关命令会出现以下报错:[Errno 14] curl#58 – “SSL peer rejected your certificate as expired.”
这种问题通常发生于部署较旧的RHEL OS映像(例如小于或等于RedHat:RHEL:7.4版本),则会遇到因 TLS/SSL 客户端证书现已过期而出现的 RHUI 连接问题。
[本人中所有涉及到 Azure 的实验均在 Azure Global 国际版中进行配置,部分功能可能在 Azure 世纪互联中受到限制]
[如果您认为本文章帮助到了您,请在文章末尾“打赏”作者,感谢!]
症状:
当你在Azure上部署旧版本RHEL的VM之后运行yum相关命令会出现以下报错:
RHEL7:
auto
Loaded plugins: langpacks, product-id, search-disabled-repos
https://rhui-3.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.
https://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.AUTO
7 lines|496 chars
RHEL8:
auto
Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-eus-rhui-rpms':
- Curl error (56): Failure when receiving data from the peer for https://rhui-2.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0]
- Curl error (56): Failure when receiving data from the peer for https://rhui-1.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0]
- Curl error (56): Failure when receiving data from the peer for https://rhui-3.microsoft.com/pulp/repos/content/eus/rhel8/rhui/8.4/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0]
Error: Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-eus-rhui-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were triedAUTO
5 lines|1,097 chars
原因:
这种问题通常发生于部署较旧的RHEL OS映像(例如小于或等于RedHat:RHEL:7.4版本),则会遇到因 TLS/SSL 客户端证书过期而出现的 RHUI 连接问题。
解决:
若要解决此问题,请使用以下命令更新 Azure上的RHUI 客户端程序包:
auto
sudo yum update -y --disablerepo='*' --enablerepo='*microsoft*'
sudo yum clean all
sudo yum makecacheAUTO
3 lines|103 chars
如果上述方法不生效,请参考以下方法强制更新RHUI:
shell
#Backup default repos
mv /etc/yum.repos.d/ /etc/yum.repos.d_old/
mkdir /etc/yum.repos.d/
#Repos Manually update - For RHEL 6 only:
yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel6.config' install 'rhui-azure-rhel6'
#Repos Manually update - For RHEL 7 only:
yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'SHELL
9 lines|440 chars
auto
#Repos Manually update - For RHEL 8 only:
# 1. Create a config file:
vi rhel8.config
# 2. Add the following content into the config file:
[rhui-microsoft-azure-rhel8]
name=Microsoft Azure RPMs for Red Hat Enterprise Linux 8
baseurl=https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-2.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-3.microsoft.com/pulp/repos/microsoft-azure-rhel8
enabled=1
gpgcheck=1
gpgkey=https://rhelimage.blob.core.windows.net/repositories/RPM-GPG-KEY-microsoft-azure-release sslverify=1
# 3. Save the file and run the following command:
dnf --config rhel8.config install 'rhui-azure-rhel8'
# 4. Update your VM
sudo dnf updateAUTO
18 lines|706 chars
< Latest Update: June/07/2021 by AndyX>
参考文档:
Red Hat Update Infrastructure – Azure Virtual Machines | Microsoft Docs
(END)
文章撰写:AndyX,来自AndyX.Net。
[本文为AndyX.Net原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明!]