-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/04/16 13:41, Fabian Arrotin wrote: > On 21/04/16 14:34, Karanbir Singh wrote: >> On 20/04/16 20:50, Dusty Mabe wrote: >>> We've seen a bunch of yum errors today with our tests. >>> basically a bunch of these types of errors: >> >>> [Errno -1] repomd.xml does not match metalink for epel >> >>> Full log at [1]. I'm thinking maybe we should modify our tests >>> to run yum in a loop to account for intermittent errors like >>> this? >> >>> [1] - >>> https://ci.centos.org/job/atomicapp-test-docker-pr/67/console >> >> this is actually a problem with fedora infra, EPEL is often >> broken for direct access. >> >> one option might be to mirror epel into our mirror instance there >> in the ci network. Would that work Fabian / Brian ? >> > > Well, yes and no , but let me explain : - yes for the internal > mirror : as soon as we know from where to fetch/rsync pkgs, we can > do that and maintain that the same way we have an internal mirror > for mirror.centos.org > > - no as that would *not* be transparent : by default, when one > installs epel-release, the mirrorlist line in > /etc/yum.repos.d/epel.repo looks like this : > mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch =$basearch > > While we can write a small index.php for an internal mirrorlist > node (that's how we redirect all centos yum operations to the > internal mirror), we can't cheat with a TLS cert. So we can have an > internal mirror, but we'd have to advertize/document it to the CI > users so that they'd have to tweak their epel.repo file in their CI > jobs to intentionally point to our mirror (so basically replacing > the mirrorlist line and have a baseurl one instead) instead of > continuing to go to outside. > dont the fedora guys have that mirrormanager redirect option that allows us to map all traffic from our public end points to just return a local url ? - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXGM2eAAoJEI3Oi2Mx7xbtElkIAIwncfsaDlx7Qu/etgdmg19m dV1jDmDo8Kh+WSyFyQkdZBGFdtsoF8+V/XRMnkZCcs6Rf5OmLoqFwKNnsRSiOlU5 U+UG9TwACdfuNSaeqv0ii5sQ2G7YxzWhTgB/06dPOZWYHC1+7LCisKyTMVOogy+b d9GXbjPBFqex86W5w/YPqgAG/VRRs6vTACNx3tSH/XJyZEMfClzkotWjYReZwy72 G0ALsn/+qukSbG3R0okb4Qw5FD3nRfm2P7WkHrAmsWNwAvJJQIejZcr6DCl3qKH8 oWABgDDFtyIEFQEY28BIjznt7BfnQe/iglnFXElTOEqgYbarCj277u3wmaN3Q60= =uZHC -----END PGP SIGNATURE-----