Pointing CentOS-6 clients to our local Foreman server

Support
1

Problem:
Hello, I know CentOS-6 is way passed supported so please don’t blast me, not exactly my decision. That being said, I still have 100s of CentOS-6 hosts that until we can get them moved to CentOS-7 or another flavor of Linux, since CentOS-8 is not even an option now, I would still at least like to get them patched up the latest patches I have on our Foreman Sever. Is it possible to just point the Base repos to point just to our Foreman server for patches? I tried on one host but when I ran the security update I received this error:
[u’Errors were encountered while downloading packages.’, u’32:bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6_-_Updates_-_x86_64: [Errno 256] No more mirrors to try.’, u’32:bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6_-Updates-_x86_64: [Errno 256] No more mirrors to try.’]

Is it looking at the client mirrors or is it looking at the Foreman-Katello server mirrors?

Foreman and Proxy versions:
1.23.2

2

It should point to your Foreman (with Katello in this case). There can be several reasons for this. Could be a firewall but it could also be that you’re not on the latest CentOS 6 and there could be an issue with ciphers in case you’ve hardened your server. Without a more precise error it’s hard to say.

Can you share the yum repo definitions on the CentOS 6 host? Does curl https://foreman.example.com work from that host?

1 Like
3

Yes I can run curl to our Foreman-Katello server with no issues.

So here is the output from Pulp on the Foreman server:

Output: {“pulp_tasks”=>
[{“exception”=>nil,
“task_type”=>nil,
“_href”=>“/pulp/api/v2/tasks/52cf8872-0c42-4ab7-84ee-dc715572ac44/”,
“task_id”=>“52cf8872-0c42-4ab7-84ee-dc715572ac44”,
“tags”=>
[“pulp:consumer:67097afa-27fd-44fe-af1f-5288f418ac42”,
“pulp:action:unit_install”],
“finish_time”=>“2021-01-05T18:59:48Z”,
ns"=>“task_status”,
“start_time”=>“2021-01-05T18:59:34Z”,
“traceback”=>nil,
“spawned_tasks”=>[],
“progress_report”=>{},
“queue”=>“agent.dq2”,
“state”=>“finished”,
“worker_name”=>“agent”,
“result”=>
{“reboot”=>{“scheduled”=>false, “details”=>{}},
“details”=>
{“erratum”=>
{“details”=>
{“message”=>
"[u’Errors were encountered while downloading packages.‘, u’32:bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6_-_Updates_-_x86_64: [Errno 256] No more mirrors to try.’, u’32:bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6-Updates-_x86_64: [Errno 256] No more mirrors to try.']”,
“trace”=>
“Traceback (most recent call last):\n” +
“\n” +
" File "/usr/lib/python2.6/site-packages/pulp/agent/lib/dispatcher.py", line 61, in install\n" +
" _report = handler.install(conduit, units, dict(options))\n" +
“\n” +
" File "/usr/lib/python2.6/site-packages/pulp_rpm/handlers/rpm.py", line 287, in install\n" +
" details = pkg.update_minimal(advisories=advisories)\n" +
“\n” +
" File "/usr/lib/python2.6/site-packages/pulp_rpm/handlers/rpmtools_yum.py", line 262, in update_minimal\n" +
" yb.processTransaction()\n" +
“\n” +
" File "/usr/lib/python2.6/site-packages/pulp_rpm/handlers/rpmtools_yum.py", line 651, in processTransaction\n" +
" YumBase.processTransaction(self, callback, rpmDisplay=display)\n" +
“\n” +
" File "/usr/lib/python2.6/site-packages/yum/init.py", line 5079, in processTransaction\n" +
" pkgs = self._downloadPackages(callback)\n" +
“\n” +
" File "/usr/lib/python2.6/site-packages/yum/init.py", line 5114, in downloadPackages\n" +
" raise Errors.YumDownloadError, errstr\n" +
“\n” +
"YumDownloadError: [u’Errors were encountered while downloading packages.‘, u’32:bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-libs-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6_-_Updates_-_x86_64: [Errno 256] No more mirrors to try.’, u’32:bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64: failure: Packages/b/bind-utils-9.8.2-0.68.rc1.el6_10.8.x86_64.rpm from Default_Organization_CentOS_6_CentOS_6-Updates-_x86_64: [Errno 256] No more mirrors to try.']\n"},
“succeeded”=>false}},
“succeeded”=>false,
“num_changes”=>0},
“error”=>nil,
“_id”=>{“$oid”=>“5ff4b8d815953a1a8dc3cb21”},
“id”=>“5ff4b8d815953a1a8dc3cb21”}],
“poll_attempts”=>{“total”=>16, “failed”=>1},
“client_accepted”=>“2021-01-05 14:07:24 -0500”}

This is my /etc/yum.conf:

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=19&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

4

Ah, it’s from Pulp’s log. I thought it was from yum itself. I think this is because the CentOS project removed CentOS 6 from their mirror network. You can no longer sync in content. It is still on their vault so you can sync one time from that if needed, but there’s no point in a schedule after that.

5

Should it matter? In other words, I have updated the Foreman-Katello server with the latest errata right before CentOS closed down their mirrors. So I have all the patches up until November, at least up to the date when CentOS closed down the mirror. If I click on my host, go to security, and choose a package on foreman, doesn’t my foreman server already have that package? See screenshots. why is trying another mirror when my foreman server already has the package?

foreman-erratta_issue-1
foreman-erratta_issue-1982×324 29 KB
foreman-erratta_issue-2
foreman-erratta_issue-21125×362 37.6 KB
foreman-erratta_issue-3
foreman-erratta_issue-3989×424 37.5 KB

6

Aren’t all these packages located in my foreman repository? Thank you.

foreman-erratta_issue-4
foreman-erratta_issue-41151×535 46.6 KB

7

That depends, if you configured the repos with the on_demand download policy, then they are probably not downloaded to the server (only when a client requests it). Only if you set the repos to immediate they are downloaded upfront.