On 9/26/18 3:30 PM, Danesh Manoharan wrote:
> 1. pings don't come back. Think icmp is turned off.
> 2. On a machine inside.
> [root@testmachine001 ~] #wget
> https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/
> --2018-09-26 21:34:23-- (try:20)
> https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/
> Connecting to copr-be.cloud.fedoraproject.org|209.132.184.48|:443... failed:
> Connection timed out.
> Giving up.
> 3. On a machine outside.
> [root@testmachine ~]# wget
> https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/
> --2018-09-27 06:25:26--
> https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/
> Resolving copr-be.cloud.fedoraproject.org... 209.132.184.48
> Connecting to copr-be.cloud.fedoraproject.org|209.132.184.48|:443...
> connected.
> ERROR: certificate common name “copr.fedorainfracloud.org” doesn’t match
> requested host name “copr-be.cloud.fedoraproject.org”.
> To connect to copr-be.cloud.fedoraproject.org insecurely, use
> ‘--no-check-certificate’.
>
> I suspect we might have gotten blacklisted, maybe? We've been running a large
> lustre install with IML which tells it's hosts to pull from the repo.
Hmmm, well, I see three possibilities:
a) Your corporate firewall doesn't allow https:// (port 443)
connections (unlikely)
b) You're using a proxy or a browser that doesn't like the fact
that the domain requested doesn't match the domain the SSL cert
was generated for and just tosses the traffic out quietly. You
could try the wget using that "--no-check-certificate" option
and see if that buys you anything. That's just a wild stab in
the dark, though.
c) You really are blacklisted, but again I think that's fairly
unlikely. The owners of the website would need to know your
public IP to determine if you're blacklisted or not and you'd
need to contact them directly I'd think--not this list. The
website in question IS run by RedHat and the email contact for
tech questions (according to whois) is "n...@redhat.com".
In regards to b) above, it is interesting that SSL cert is generated for
copr.fedorainfracloud.org. That, in turn, is an alias for
copr-fe.cloud.fedoraproject.org with an IP of 209.132.184.54. And your
request is for copr-be.cloud.fedoraproject.org with an IP of
209.132.184.48. Dunno if a redirect occurs or what (doesn't appear so
from the wget output), but if so, you may need to make sure your
firewall allows both IPs (209.132.184.48 and 209.132.184.54).
That's subtle ("copr-fe...." versus "copr-be...."), but interesting. I'd
also have expected them to use wildcard SSL certs for
"*.fedoraproject.org" to handle this. For my part, I've always tried to
use SSL certs generated for actual the TLD of actual machine names--not
aliases. I think some servers and client libraries don't handle that
well, but I've been mistaken before (quite often, in fact).
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ri...@alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- I haven't lost my mind. It's backed up on tape somewhere, but -
- probably not recoverable. -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
