-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 21 13:54, Karanbir Singh wrote: > On 21/04/16 13:41, Fabian Arrotin wrote: > > On 21/04/16 14:34, Karanbir Singh wrote: > >> On 20/04/16 20:50, Dusty Mabe wrote: > >>> We've seen a bunch of yum errors today with our tests. > >>> basically a bunch of these types of errors: > >> > >>> [Errno -1] repomd.xml does not match metalink for epel > >> > >>> Full log at [1]. I'm thinking maybe we should modify our tests > >>> to run yum in a loop to account for intermittent errors like > >>> this? > >> > >>> [1] - > >>> https://ci.centos.org/job/atomicapp-test-docker-pr/67/console > >> > >> this is actually a problem with fedora infra, EPEL is often > >> broken for direct access. > >> > >> one option might be to mirror epel into our mirror instance there > >> in the ci network. Would that work Fabian / Brian ? > >> > > > > Well, yes and no , but let me explain : - yes for the internal > > mirror : as soon as we know from where to fetch/rsync pkgs, we can > > do that and maintain that the same way we have an internal mirror > > for mirror.centos.org > > > > - no as that would *not* be transparent : by default, when one > > installs epel-release, the mirrorlist line in > > /etc/yum.repos.d/epel.repo looks like this : > > mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch > =$basearch > > > > While we can write a small index.php for an internal mirrorlist > > node (that's how we redirect all centos yum operations to the > > internal mirror), we can't cheat with a TLS cert. So we can have an > > internal mirror, but we'd have to advertize/document it to the CI > > users so that they'd have to tweak their epel.repo file in their CI > > jobs to intentionally point to our mirror (so basically replacing > > the mirrorlist line and have a baseurl one instead) instead of > > continuing to go to outside. > > > > dont the fedora guys have that mirrormanager redirect option that > allows us to map all traffic from our public end points to just return > a local url ? > > > -- > Karanbir Singh, Project Lead, The CentOS Project > +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS > GnuPG Key : http://www.karan.org/publickey.asc I'm pretty sure there are a couple of ways to do that, but I'll check to be sure. +1 for looking into a local EPEL mirror, but I don't think that will solve Dusty's problem here since the problem isn't with the mirror itself but with the metalink hashes which reside entirely in Fedora-managed infrastructure. - --Brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJXGONOAAoJEIMGvNKzCweMWIgP/1qnSL+lH8E9F78i6nJ5vkMm 0/IZtHNo9Kp1arNy4p7KdnJhZ8BnKdvEnupbbVUbGrigNP+s/8y/fDC99x72eG32 cIVEcwOcEHXgsZjI+MIe7S3Fhok3cMG3fNMTkY4yzUzSx/O/nYK6CrMQtYShPgSE MUyDoASp6ch+83DJvksxJujs7za2FMUfhZ79HqQRWIce0C/l/ciJmHKc0KpFdBK5 BxhLMk9Roih3gQTcvm6Ft5hVq7JzooM0LPyp7FKSvVjpHHur8oxc6neJaPyQiuMz HseBl4fHess99rJZZm4Wew6txFuFefKY+ZJCHs4F6SkM8PdbKqK+W0LJjNjn4VWZ IHUzQ34iFBJncm1GueMLRuztzb1yeQrInpP5sUUO+wdr0kuparZFj054LJvqSztS bRPaedyY4wA5FWAwNEGfOE+xZPN7hOCtObeun7XQFMm4fHqi9dZIrWtZqtFmc/CD vBPDBLUP18xbZ5Nm6N5akVUknzxR12OnO2ibk/Ar4O9iZ2RiNxxMVxp/svi7mg8a 7hEel7/qHqi+DETR2nwb/Fh3NKht+GZviKEsT1A1XgGyrNfmUT4Dn+zdan2lFaTJ NOSFOVYG9okF66hKOSHYWGc0HrbgAoEFELeOLumgMSQaWoCrkDunJQ0OhnAEQDNn lUZHzz0/fFyTeSzrJsNw =owzR -----END PGP SIGNATURE-----