I am setting up kubernetes cluster using kubeadm on on-premise servers (Centos 7.6). I got the "Peer certificate error". I set sslverify=0 in kubernetes.conf and able to proceed. But want to know how to download the certificate and proceed without sslverify flase.
[root#k8s-master yum.repos.d]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* update: centos.excellmedia.net
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
One of the configured repositories failed (Kubernetes),
and yum doesn't have enough cached data to continue. At this point the
only safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=kubernetes ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable kubernetes
or
subscription-manager repos --disable=kubernetes
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true
failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Related
How guys, can you help me I have problem with install centreon:
#yum install centreon-base-config-centreon-engine centreon
output
Loading mirror speeds from cached hostfile
base: mirror.vpsnet.com
centos-kernel: mirror.vpsnet.com
extras: mirror.vpsnet.com
updates: centosh9.centos.org
http://yum.centreon.com/standard/3.4/el7/stable/armhfp/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article
https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
One of the configured repositories failed (Centreon Entreprise Linux reposistory contains software to use with Centreon.),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=centreon-stable ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable centreon-stable
or
subscription-manager repos --disable=centreon-stable
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=centreon-stable.skip_if_unavailable=true
failure: repodata/repomd.xml from centreon-stable: [Errno 256] No more mirrors to try.
http://yum.centreon.com/standard/3.4/el7/stable/armhfp/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
What i done is:
ls /etc/yum.repos.d/
nano /etc/yum.repos.d/centreon.repo #enabled=0
Where can i find package for "centreon-base-config-centreon-engine centreon"
The Centreon version 3.4 is not supported anymore.
You should use an newer version.
Latest is the 21.04.
This version comes with a script that does all the install automatically.
It is described in the "Packages" tab of the Centreon download site: https://download.centreon.com/
I tried to install the latest version of Juniper.junos on my Mac :
sudo ansible-galaxy install Juniper.junos
-downloading role 'junos', owned by Juniper
-downloading role from https://github.com/Juniper/ansible-junos-stdlib/archive/2.0.2.tar.gz
[ERROR]: failed to download the file: Failed to validate the SSL certificate for github.com:443. Make sure your managedsystems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590).
[WARNING]: - Juniper.junos was NOT installed successfully.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
ansible-galaxy --version
ansible-galaxy 2.5.0
I already tried with different ansible versions, but the error is still the same.
We are facing this issue sometimes, it’s connectivity issue to install module via ansible-galaxy, not related to Juniper ansible module.
Kindly use below command for installation, it will work well.
sudo ansible-galaxy install git+https://github.com/Juniper/ansible junos-stdlib.git,,Juniper.junos
[abc#hostname /homes/abc] sudo ansible-galaxy install git+https://github.com/Juniper/ansible-junos-stdlib.git,,Juniper.junos
- extracting Juniper.junos to /homes/babud/.ansible/roles/Juniper.junos
- Juniper.junos was installed successfully
For every yum command it will return SSL certificate error
Loaded plugins: fastestmirror, rhnplugin, security
The SSL certificate failed verification.
My SSL cert if valid.
I checked rhel site for https://access.redhat.com/solutions/93313 but the problem is i cannot reinstall rhn-client-tools since yum is actually not working and for some other reasons i cannot boot it from DVD/image.
Any tips on this?
Before trying to reinstall, have you also checked your firewall settings and the time and date setting on your server ?
If the firewall is not the issue, I would suggest a simpler approach, just by going to RH's site and downloading the appropriate rhn-client-tools RPM package, copying it to your server and installing it.
"What about the possible dependencies?" I foresee you asking...
Use a different server (or VM) with the same OS version that has access to the internet.
use yum with the download only plugin to only download all the needed dependencies (you must have the yum-plugin-downloadonly package installed beforehand) in a local directory like so:
yum install --downloadonly --downloaddir=<directory> <package>
Copy the packages downloaded at step #2 to your affected machine and install them using the rpm utility as so: rpm -ivh /path/to/yum/download/dir/*
I use certbot-auto for deploying Let's Encrypt SSL certificates, and I renew certificate with crontab -e like this:
* 01 * * 1 /home/myname/certbot-auto --quiet
It has an error message like the below:
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
To use Certbot, packages from the EPEL repository need to be installed.
Please enable this repository and try running Certbot again.
I can't solve this error. Please help me!
Under centos 7, provided the "extras" repo is enabled, you can just run yum -y install epel-release. I'm not sure this is available under Centos 6 (certainly won't hurt to try it). However, to install under CentOS 6 manually you would just run (as root, or using sudo):
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -Uvh epel-release-6*.rpm
Once the EPEL repository is installed on your system, try running certbot again. It should now be able to automatically install any required dependencies.
I'm installing GNU Radio and following the instruction here
But everytime I try to do sudo yum install gnuradio, it says
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.mirror.cdnetworks.com
* extras: centos.mirror.cdnetworks.com
* updates: centos.mirror.cdnetworks.com
Setting up Install Process
No package gnuradio available.
Error: Nothing to do
It's a fresh installed CentOS 6.5 and I've never edited CentOS yum repository information. What's wrong with gnuradio? They've removed the package from yum repository?
In their website, they provide several ways to install it including PyBOMBS. But I prefer yum. Building from source is somewhat bothering me so it's the last thing I will try.
By default CentOS does not include all the repositories needed by gnuradio and its dependencies.
You additionally need to configure/add at least RPMForge and Epel for your CentOS.
References:
http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-f0c3ecee3dbb407e4eed79a56ec0ae92d1398e01
http://www.rackspace.com/knowledge_center/article/installing-rhel-epel-repo-on-centos-5x-or-6x
This is what I was told, but I have not yet tested this so cannot say is is correct for sure.