Errors updating from repository Curl error (28):

Tito · November 23, 2021, 9:04pm

I have being trying to update my from the repository today and i am getting curl 28 back.
I first checked the firewall, then i made sure i can resolve the dns i.e.

[root@localhost ~]# yum update
Rocky Linux 8 - AppStream                                                                                                                                                                                                    0.0  B/s |   0  B     06:00    
Errors during downloading metadata for repository 'appstream':
  - Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]

then i try to make sure that my dns is working i.e.

dig  mirrors.rockylinux.org @10.192.12.251

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> mirrors.rockylinux.org @10.192.12.251
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65152
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mirrors.rockylinux.org.                IN      A

;; ANSWER SECTION:
mirrors.rockylinux.org. 279     IN      CNAME   dualstack.dl.map.rockylinux.org.
dualstack.dl.map.rockylinux.org. 279 IN CNAME   rockylinux.map.fastly.net.
rockylinux.map.fastly.net. 9    IN      A       151.101.114.132

;; Query time: 1 msec
;; SERVER: 10.192.12.251#53(10.192.12.251)
;; WHEN: Di Nov 23 21:53:05 CET 2021
;; MSG SIZE  rcvd: 137

then ping

[root@localhost certs]# ping 151.101.114.132
PING 151.101.114.132 (151.101.114.132) 56(84) bytes of data.
64 bytes from 151.101.114.132: icmp_seq=1 ttl=61 time=10.7 ms
64 bytes from 151.101.114.132: icmp_seq=2 ttl=61 time=1.61 ms

no matter what i try i.e. sudo dnf update or yum update nothing works. I even change my dns to 9.9.9.9 to try it but sill no luck.

the trace shows only retransmission’s but i do not understand why. My firewall pfsense does not block the ip 151.101.114.132 , i have validated that.

Any ideas are really appreciated

joebeasley3 · November 24, 2021, 1:40am

Probably just an issue with the mirror site at 151.101.114.132. mirrors.rockylinux.org now resolves to a different address. Does it work now?

Tito · November 24, 2021, 11:27am

Hello @joebeasley3

unforutantelly no. I have cleared the cache in the DNS (unbound) tried different dns i.e. 8.8.8.8 . I can ping the host but yum or dnf still does not work. i.e. here is the dns resolution from today

dig mirrors.rockylinux.org @8.8.8.8
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> mirrors.rockylinux.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26380
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mirrors.rockylinux.org.                IN      A

;; ANSWER SECTION:
mirrors.rockylinux.org. 300     IN      CNAME   dualstack.dl.map.rockylinux.org.
dualstack.dl.map.rockylinux.org. 300 IN CNAME   rockylinux.map.fastly.net.
rockylinux.map.fastly.net. 18   IN      A       199.232.194.132
rockylinux.map.fastly.net. 18   IN      A       199.232.198.132

;; Query time: 5 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mi Nov 24 12:24:58 CET 2021
;; MSG SIZE  rcvd: 153

Please note that on this machine i have only ipv4 i…e not dual stack.

to me it seems that rock mirros is simply not responding i.e. see the wireshark capture below. Only retransmission’s:

i found this in the /var/log/dnf.log

2021-11-24T11:47:59+0100 DEBUG error: Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds] (https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8).
2021-11-24T11:47:59+0100 WARNING Errors during downloading metadata for repository 'appstream':
  - Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]
2021-11-24T11:47:59+0100 DDEBUG Cleaning up.
2021-11-24T11:47:59+0100 SUBDEBUG 
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/dnf/repo.py", line 574, in load
    ret = self._repo.load()
  File "/usr/lib64/python3.6/site-packages/libdnf/repo.py", line 397, in load
    return _repo.Repo_load(self)
libdnf._error.Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 67, in main
    return _main(base, args, cli_class, option_parser_class)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 106, in _main
    return cli_run(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 122, in cli_run
    cli.run()
  File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 1055, in run
    return self.command.run()
  File "/usr/lib/python3.6/site-packages/dnf/cli/commands/makecache.py", line 50, in run
    return self.base.update_cache(timer)
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 370, in update_cache
    self.fill_sack(load_system_repo=False, load_available_repos=True)  # performs the md sync
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 399, in fill_sack
    self._add_repo_to_sack(r)
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 139, in _add_repo_to_sack
    repo.load()
  File "/usr/lib/python3.6/site-packages/dnf/repo.py", line 581, in load
    raise dnf.exceptions.RepoError(str(e))
dnf.exceptions.RepoError: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]
2021-11-24T11:47:59+0100 CRITICAL Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 [Connection timed out after 30000 milliseconds]
2021-11-24T12:47:48+0100 INFO --- logging initialized ---
2021-11-24T12:47:48+0100 DDEBUG timer: config: 4 ms

Tito · November 24, 2021, 12:09pm

OK please ignore this . The fault was in our side the firewall allowed the traffic but the i.e. IPS/IDS blocked the IP for some reason i do not yet understand why. Anyway maybe this will be usefull in the feature to someone else.

neil · November 24, 2021, 7:07pm

I’m glad to hear the issue is resolved! Apologies that you had trouble with your IDS. We’ve been in contact with Palo Alto regarding their “App ID” functionality in their IDS/IPS product line to get supported in there, but there may be other vendors which do inspection and could break this, too.

Topic		Replies	Views
Mirrorlist error while downloading any packages on rocky 8.7 Infrastructure	4	1686	August 11, 2023
Rocky 9 yum update Curl error Rocky Linux General	7	8267	August 25, 2023
Errors during downloading metadata for repository 'appstream': Rocky Linux General	3	9948	August 25, 2023
Proxy Error 502 Rocky Linux General	12	1459	August 25, 2023
Curl 60 error when updating system Rocky Linux General	19	26703	August 25, 2023

Errors updating from repository Curl error (28):

Related Topics