I’ve got a clean minimal install. Installed and enabled the cockpit web-gui. that’s basically all I did.
Using the webgui I enabled automatic updates. Now this error pops up regularly:
dnf-makecache failed to start
Looking a bit further:
Curl error (35): SSL connect error for https://ftp.ps.pl/pub/Linux/rockylinux/8.4/AppStream/x86_64/os/repodata/repomd.xml [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ftp.ps.pl:443 ]
Any ideas? I’m completely new to Rocky, coming from Debian.
i got the same problem and still looking for an solution
What is the output of openssl s_client -connect ftp.ps.pl:443?
Is your system clock set correctly?
i got the fllowing result by runing your command:
# openssl s_client -connect mirrors.sjtug.sjtu.edu.cn:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
and here is my timezone settings, i come from china btw.
# timedatectl
Local time: 四 2021-08-05 16:15:07 CST
Universal time: 四 2021-08-05 08:15:07 UTC
RTC time: 四 2021-08-05 08:15:07
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
I’ve got the same output. Time is OK. It’s set via NTP.
I’m connecting to a Polish mirror.
Interestingly, I can’t connect at all to mirrors.sjtug.sjtu.edu.cn on 443. ftp.ps.pl gave me an error once and worked subsequently. This appears to be an issue with the mirrors. I think we were a little too readily accepting of mirrors and we need to start being more aggressive about pruning the low quality / troublesome ones.
I’ll bring this up with the infrastructure team (cc @neil @tgmux). In the meantime, please switch to a high quality reliable mirror (ftp.jaist.ac.jp should work well in your location).
Is there an easier way to do this then to change every repo file?
# Rocky-AppStream.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client. You should use this for Rocky updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.
[appstream]
name=Rocky Linux $releasever - AppStream
mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Extra information: the error doesn’t always occur. But when it succeeds, I have no clue which mirror it used.
you can check out the dnf log file at /var/log/dnf.log
sorry, some how , my network manager block some of the provide mirrors
another things get me confused, I’m using Rocky Linux 8.4, but while i try to find out what’s wrong with my mirror the other day, i happend to find out that the dnf lead my network action to the version 8 uri instead of 8.4 uri, i have to use the ‘–releaserver=8.4’ option to make it right, although this did not create any problem yet and i’m not sure whether it is a problem or it is intentional.
os version:
# rpm -qa | grep rocky-release
rocky-release-8.4-32.el8.noarch
some of the dnf log :
SSL connect error for https://mirrors.sjtug.sjtu.edu.cn/rocky/8/AppStream/x86_64/os/repodata/repomd.xml [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mirr
ors.sjtug.sjtu.edu.cn:443
I stopped using mirror list
sudo sed -i 's/^metalink/#metalink/g' /etc/yum.repos.d/*
sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*
sudo sed -i 's/^#baseurl/baseurl/g' /etc/yum.repos.d/*
and then hardcoded my closest mirror
sudo sed -i 's/baseurl=http\:\/\/dl\.rockylinux\.org\//baseurl=http\:\/\/syd\.mirror\.rackspace\.com\//g' /etc/yum.repos.d/*
sudo sed -i 's/pub\/rocky/rocky/g' /etc/dnf/vars/contentdir # different path on mirror
with thanks to Sed Script to update Yum Repo Data · GitHub
I tried this fix and came up with a different error. I went from a “Curl error 60” to a “Curl error 28”. Looks like it is timing out somewhere. My Ubuntu server VM on the same host is working fine, so may be connectivity to the Rocky mirror.
[jcole@rocky ~]$ sudo dnf update
Rocky Linux 8 - AppStream 4.5 kB/s | 561 kB 02:03
Errors during downloading metadata for repository ‘appstream’:
Hi bug4j, I’m not much of an expert, but for what it’s worth,
I’m in Australia, so those last two lines are for a specific mirror close to me:
/pub from /pub/rocky in the path it’s reading from, because that mirror doesn’t have the extra directorySo you might want to one closer to you
baseurl in your /etc/yum.repos.d/* files/pub/rocky, or just /rocky, or something else) and reflect in /etc/dnf/vars/contentdir
Hi folks, apologies for the delay here. I missed the notification on the forums.
I am looking into this and will have an update as soon as I can!
Bump this topic…
Fresh install Rocky 8.5:
Error: Failed to download metadata for repo ‘extras’: Cannot download repomd.xml: Status code: 404 for http://rockylinux.ip-connect.vn.ua/8.5/extras/x86_64/os/repodata/repomd.xml (IP: 91.236.251.12)
There still are some mirrors that don’t fully comply.