Kickstart failing to fetch repomd from

Hi there,

I’ve got an automated job on a fixed schedule that builds a Rocky 8.6 VM image automatically via Kickstart, and it’s very recently (and very consistently) started failing, complaining that it can’t fetch the repomd.xml file for the AppStream vault URL (see first two attached screenshots) … I’m assuming the BaseOS URL is also affected, but the job fails before it gets tried.

However, I can fetch the XML file in question manually within the kickstart shell using both curl and wget (screenshot three), so clearly something’s not right.

Anyone else seeing this?

I’m inclined to think it’s one of our firewalls trying to be clever with User-Agent headers, but I just want to make sure I’ve got a handle on what’s going on.


For such process use the supported way with:
in your ks url/repo statement.

I’m not sure I follow. I’m not trying to kickstart from upstream (I have the media in a local repo), I’m trying to add the AppStream repo as an additional repo, e.g.,

repo --name="Rocky-AppStream" --baseurl$basearch/os/ --proxy=<local proxy URL> --install --cost=10
repo --name="Rocky-BaseOS" --baseurl$basearch/os/ --proxy=<local proxy URL> --install --cost=10 


Alas, 8.7 is the only currently supported version.
The vault is just “what once was”.

If I would want to use old version, then I would download entire repos to my local server; they don’t change any more so one needs to do it only once.

That still doesn’t explain why Kickstart started returning 503s when the Vault URL was working fine since early December, but I guess that’s an answer in and of itself. is loading just fine for me here, as are all the other vault URLs.

Your screenshot indicates that something is proxying; perhaps a firewall or another device. Please ask your network team to investigate to see if your traffic is being intercepted and blocked.

That’s what I figured, thanks for confirming @neil!


1 Like