[URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

DeCaro, James John (Jim) CIV DISA FE (USA) james.j.decaro3.civ at mail.mil
Tue May 3 17:24:57 UTC 2022 

Hello--sorry it took so long to respond. And I apologize for the length of this email.

Yes, the curl command returns an xml file.  I included an excerpt from the output:

"About to connect() to download.copr.fedorainfracloud.org port 443 (#0)
*   Trying 13.32.153.64...
* Connected to download.copr.fedorainfracloud.org (13.32.153.64) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=download.copr.fedorainfracloud.org
*       start date: Nov 30 00:00:00 2021 GMT
*       expire date: May 11 19:03:32 2022 GMT
*       common name: download.copr.fedorainfracloud.org
*       issuer: CN=DoD WCF Signing CA 2,OU=WCF PKI,OU=DoD,O=U.S. Government,C=US
> GET /results/isc/bind/epel-7-x86_64/repodata/repomd.xml HTTP/1.1
> User-Agent: curl/7.29.0
> Host: download.copr.fedorainfracloud.org
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/xml
< Content-Length: 3394
< Connection: keep-alive
< Last-Modified: Thu, 21 Apr 2022 03:26:42 GMT
< Accept-Ranges: bytes
< Server: lighttpd/1.4.64
< Cache-Control: no-cache
< Date: Tue, 03 May 2022 16:47:42 GMT
< ETag: "791953762"
< X-Cache: RefreshHit from cloudfront
< Via: 1.1 4f2fdf2ba20f9ce71aed4e27ec6e9ce2.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: IAD66-C2
< X-Amz-Cf-Id: 7inLCrtuEkDG6UfKzpBDFtHY5sx6aGez22MKyDfJpE72U5ae73zHFA==
...etc...

Ip's from the site:

Non-authoritative answer:
download.copr.fedorainfracloud.org      canonical name = d1nld9ovj32u75.cloudfront.net.
Name:   d1nld9ovj32u75.cloudfront.net
Address: 13.32.153.17
Name:   d1nld9ovj32u75.cloudfront.net
Address: 13.32.153.113
Name:   d1nld9ovj32u75.cloudfront.net
Address: 13.32.153.64 <<<<<*
Name:   d1nld9ovj32u75.cloudfront.net
Address: 13.32.153.119

It appears I can talk to the server.  

I do get a failed repo error for a pre-configured redhat repo which I was ignoring before since I thought once the isc repository connected, then yum installation would proceed.  I tried disabling and removing the redhat repo with yum-config-manager --disable rhel-7-server-extras-rpms and subscription-manager repos --disable=rhel-7-server-extras-rpms and I tried skipping it with yum-config-manager --save --setopt=rhel-7-server-extras-rpms.skip_if_unavailable=true   ----but it still displays when I run yum install isc-bind.  Here is the complete message:

yum install isc-bind
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-
              : manager
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable
Trying other mirror.
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/solutions/69319

If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.



 One of the configured repositories failed (Red Hat Enterprise Linux 7 Server - Extras (RPMs)),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=rhel-7-server-extras-rpms ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable rhel-7-server-extras-rpms
        or
            subscription-manager repos --disable=rhel-7-server-extras-rpms

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=rhel-7-server-extras-rpms.skip_if_unavailable=true

failure: repodata/repomd.xml from rhel-7-server-extras-rpms: [Errno 256] No more mirrors to try.
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden

 I don't have access to the red hat repos yet.

Is this helpful?


V/R
Jim DeCaro

-----Original Message-----
From: Michał Kępień <michal at isc.org> 
Sent: Thursday, April 28, 2022 4:55 PM
To: DeCaro, James John (Jim) CIV DISA FE (USA) <james.j.decaro3.civ at mail.mil>
Cc: bind-users at lists.isc.org; Mcallister, Reginald CTR DISA FE (USA) <reginald.mcallister2.ctr at mail.mil>
Subject: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

All active links contained in this email were disabled.  Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.  




----

> Dnf is not available. Therefore using yum
> 
> Linux Red Hat 7.9 virtual machine on VMware, has internet connectivity
> 
> Set up local repository in /etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-8-_.repo:

Is something (e.g. policy) forcing you to set this repository up
manually?  IMHO it would have been simpler with the "copr" yum plugin.
CentOS 7 allows installing it via "yum install yum-plugin-copr", though
RHEL 7 seems to not have heard of a "yum-plugin-copr" package, so you
have to prod it a bit (similarly for EPEL, which you are going to need
for libnghttp2 if you plan to use the stable "bind" repository, which
currently contains BIND 9.18):

    # yum install Caution-http://mirror.centos.org/centos/7/os/x86_64/Packages/yum-plugin-copr-1.1.31-54.el7_8.noarch.rpm
    # yum install Caution-https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    # yum copr enable isc/bind
    # yum install isc-bind

(I just tested these commands on a fresh RHEL 7 Docker image.)

> now receiving error: "Caution-https://download.copr.fedorainfracloud.org/results/isc/bind/epel-8-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 503 - Service Unavailable" for each of the sites in isc: Caution-https:// download.copr.fedorainfracloud.org/results/isc/bind/epel-8-x86_64/    (i.e. repeats 10 x)
> 
> curl -k Caution-https://download.copr.fedorainfracloud.org/results/isc/bind/epel-8-x86_64/  shows web page content so the connection is good

And does:

    curl -v -k Caution-https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/repodata/repomd.xml

output an XML file?  What IP is it trying to connect to?  Are you able
to verify that yum tries to reach the same IP when you try to install
packages?

> internet search indicates a possible issue with the target site (which I doubt)

It is certainly within the realm of possibility.  Copr is backed by a
CDN, so I can imagine a situation in which the specific host you are
connecting to from your vantage point is dysfunctional in some way while
others are working just fine.

-- 
Best regards,
Michał Kępień

More information about the bind-users mailing list