[Ci-users] Yum errors today in ci.centos.org

Thu Apr 21 14:27:26 UTC 2016
Brian Stinson <brian at bstinson.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 21 13:54, Karanbir Singh wrote:
> On 21/04/16 13:41, Fabian Arrotin wrote:
> > On 21/04/16 14:34, Karanbir Singh wrote:
> >> On 20/04/16 20:50, Dusty Mabe wrote:
> >>> We've seen a bunch of yum errors today with our tests.
> >>> basically a bunch of these types of errors:
> >> 
> >>> [Errno -1] repomd.xml does not match metalink for epel
> >> 
> >>> Full log at [1]. I'm thinking maybe we should modify our tests
> >>> to run yum in a loop to account for intermittent errors like
> >>> this?
> >> 
> >>> [1] - 
> >>> https://ci.centos.org/job/atomicapp-test-docker-pr/67/console
> >> 
> >> this is actually a problem with fedora infra, EPEL is often
> >> broken for direct access.
> >> 
> >> one option might be to mirror epel into our mirror instance there
> >> in the ci network. Would that work Fabian / Brian ?
> >> 
> > 
> > Well, yes and no , but let me explain : - yes for the internal
> > mirror : as soon as we know from where to fetch/rsync pkgs, we can
> > do that and maintain that the same way we have an internal mirror
> > for mirror.centos.org
> > 
> > - no as that would *not* be transparent : by default, when one
> > installs epel-release, the mirrorlist line in
> > /etc/yum.repos.d/epel.repo looks like this : 
> > mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch
> =$basearch
> >
> >  While we can write a small index.php for an internal mirrorlist
> > node (that's how we redirect all centos yum operations to the
> > internal mirror), we can't cheat with a TLS cert. So we can have an
> > internal mirror, but we'd have to advertize/document it to the CI
> > users so that they'd have to tweak their epel.repo file in their CI
> > jobs to intentionally point to our mirror (so basically replacing
> > the mirrorlist line and have a baseurl one instead) instead of 
> > continuing to go to outside.
> > 
> 
> dont the fedora guys have that mirrormanager redirect option that
> allows us to map all traffic from our public end points to just return
> a local url ?
> 
> 
> -- 
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc

I'm pretty sure there are a couple of ways to do that, but I'll check to
be sure. +1 for looking into a local EPEL mirror, but I don't think that
will solve Dusty's problem here since the problem isn't with the mirror
itself but with the metalink hashes which reside entirely in
Fedora-managed infrastructure. 

- --Brian 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJXGONOAAoJEIMGvNKzCweMWIgP/1qnSL+lH8E9F78i6nJ5vkMm
0/IZtHNo9Kp1arNy4p7KdnJhZ8BnKdvEnupbbVUbGrigNP+s/8y/fDC99x72eG32
cIVEcwOcEHXgsZjI+MIe7S3Fhok3cMG3fNMTkY4yzUzSx/O/nYK6CrMQtYShPgSE
MUyDoASp6ch+83DJvksxJujs7za2FMUfhZ79HqQRWIce0C/l/ciJmHKc0KpFdBK5
BxhLMk9Roih3gQTcvm6Ft5hVq7JzooM0LPyp7FKSvVjpHHur8oxc6neJaPyQiuMz
HseBl4fHess99rJZZm4Wew6txFuFefKY+ZJCHs4F6SkM8PdbKqK+W0LJjNjn4VWZ
IHUzQ34iFBJncm1GueMLRuztzb1yeQrInpP5sUUO+wdr0kuparZFj054LJvqSztS
bRPaedyY4wA5FWAwNEGfOE+xZPN7hOCtObeun7XQFMm4fHqi9dZIrWtZqtFmc/CD
vBPDBLUP18xbZ5Nm6N5akVUknzxR12OnO2ibk/Ar4O9iZ2RiNxxMVxp/svi7mg8a
7hEel7/qHqi+DETR2nwb/Fh3NKht+GZviKEsT1A1XgGyrNfmUT4Dn+zdan2lFaTJ
NOSFOVYG9okF66hKOSHYWGc0HrbgAoEFELeOLumgMSQaWoCrkDunJQ0OhnAEQDNn
lUZHzz0/fFyTeSzrJsNw
=owzR
-----END PGP SIGNATURE-----