Why do I receive errors when I use yum on my Amazon EC2 instance that runs RHEL?

7 minute read
0

I want to use yum on my Amazon Elastic Compute Cloud (Amazon EC2) instance that runs Ret Hat Enterprise Linux (RHEL), but I receive errors.

Short description

After you run a yum command on your Amazon EC2 instance, you might receive an error. Use the output messages of the yum command to determine what error occurred and to troubleshoot. See the following list of common error messages:

  • "Connection timed out XXXX milliseconds or failed to download the packages."
  • "Could not contact any CDS load balancers."
  • "Failure: repodata/repomd.xml from rhel-7-server-rhui-rh-common-rpms: [Errno 256] No more mirrors to try or https://rhui3.eu-west-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7/x86_64/rh-common/os/repodata/repomd.xml : [Errno 14] HTTPS Error 404 - Not Found"
  • "This system is not registered with an entitlement server. You can use subscription-manager to register."

Resolution

Error: Connection timed out or failed to download packages

If you receive a "Connection timed out" or "Failed to download the packages" error, then follow these steps to resolve the issue:

1.    Verify that the security group that's attached to your EC2 instance allows outbound HTTP and HTTPS traffic.

2.    Verify that the network access control lists (network ACLs) that are associated with your instance's subnet allow outbound HTTP and HTTPS traffic. See the following example of network ACL rules:

Inbound rules  
Rule#    Type                    Protocol    Port Range    Source        Allow/Deny  
130      Custom TCP Rule         TCP (6)     1024-65535    0.0.0.0/0     ALLOW  
140      Custom TCP Rule         TCP (6)     1024-65535    ::/0          ALLOW  
*        ALL Traffic             ALL         ALL           0.0.0.0/0     DENY  
*        ALL Traffic             ALL         ALL           ::/0          DENY  
  
  
Outbound rules  
Rule #    Type                   Protocol    Port Range    Destination  Allow/Deny  
100       HTTP (80)              TCP (6)     80            0.0.0.0/0    ALLOW  
101       HTTPS (443)            TCP (6)     443           0.0.0.0/0    ALLOW  
102       HTTP (80)              TCP (6)     80            ::/0         ALLOW  
103       HTTPS (443)            TCP (6)     443           ::/0         ALLOW  
*         ALL Traffic            ALL         ALL           ::/0         DENY  
*         ALL Traffic            ALL         ALL           0.0.0.0/0    DENY

In the preceding example, Rule 100 and 101 in the outbound rules correspond to Rule 130 in the inbound rules. Rule 102 and 103 in the outbound rules correspond to Rule 140 in the inbound rules. The allowed outbound traffic on ports 80 and 443 (HTTP and HTTPS) is matched with the allowed inbound traffic on the ephemeral ports.

The example network ACL uses an ephemeral port range of 1024-65535. Depending on the type of client that you use or communicate with, you can use a different range for your network ACLs. Open ephemeral ports 1024-65535 to cover the different types of clients that might initiate traffic to public-facing instances in your virtual private cloud (VPC). You can also add rules to the network ACL to deny traffic on any malicious ports within that range. Make sure that you place the deny rules earlier in the table than the allow rules that open the wide range of ephemeral ports.

For more information, see Ephemeral ports and Custom network ACL.

3.    Use one of the following options to verify that your instance has access to RHEL repositories:

  • Your instance is in a public subnet with an internet gateway. For more information, see Turn on internet access.
  • Your instance is in a private subnet with a NAT gateway. For more information, see NAT gateways.
  • Your instance is in a private subnet with a NAT instance. For more information, see NAT instances.
  • Your instance is in a public or private subnet with an Amazon Simple Storage Service (Amazon S3) VPC endpoint. For more information, see How can we update a disconnected or an air-gapped system (A system without internet connection)? on the Red Hat website.
  • Your instance is in a private subnet with a proxy. To configure yum to use a proxy, modify the /etc/yum.conf file with the following parameters. In this example, replace proxy-port, proxy-user-name, and proxy-password with the correct values for your proxy.
    proxy=http://proxy-server-IP-address:proxy_port  
    proxy_username="proxy-user-name"  
    proxy_password="proxy-password"

For more details, see How to activate proxy settings for yum command on RHEL? on the Red Hat website.

4.    Run the following command to confirm that the instance can access the repository:

sudo yum check-update

If the command successfully retrieves package information without errors, then your instance can access the repositories.

If you encounter errors, then check the repository configuration files in the /etc/yum.repos.d/ directory to make sure that they're configured correctly. Then, confirm that your instance is in a public subnet with the appropriate security group rules to allow outbound internet traffic.

To install software such as telnet, run the following command:

sudo yum install telnet

Error: Could not contact any CDS load balancers

To resolve this error, launch an EC2 instance with the latest version of the same RHEL release as your instance.

  1. Log in to the new instance, and then run the following command to download the latest RHUI client package:

     $ sudo yum install --downloadonly --downloaddir=/root/ rh-amazon-rhui-client.noarch
  2. Copy the downloaded rpm package to the instance. Then, run the following commands in the instance:

    $ sudo yum remove -y rh-amazon-rhui-client  
    $ sudo rpm -ivh --nodeps /path/to/rpmfile/rh-amazon-rhui-client*

    Note: Replace /path/to/rpmfile with the file path that you copied the file to.

  3. After you install the package, you must reinstall it to get all of the dependencies:

    $ sudo yum reinstall -y rh-amazon-rhui-client
  4. Download the required packages from RHUI:

    $ sudo yum clean all   
    $ sudo yum repolist   
    $ sudo yum list

For more information, see the AWS re:Post question and answer for the RHEL 7 yum list error.

Error: Failure: repodata/repomd.xml from rhel-7-server-rhui-rh-common-rpms: [Errno 256] No more mirrors to try OR https://rhui3.eu-west-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7/x86_64/rh-common/os/repodata/repomd.xml : [Errno 14] HTTPS Error 404 - Not Found OR similar errors

The "Failure: Repodata/repomd.xml" error or a similar "404 - Not Found" error occurs for the following reasons:

  • Corrupted yum cache
  • Inaccessible repository URL caused by network-related issues
  • Customized or other media repositories
  • Outdated allowlist when you use an IP-based firewall configuration to access Red Hat's Content Delivery Network (CDN)

To remove and rebuild the yum cache, run the following commands:

# rm -rf /var/cache/yum/*   
# yum clean all   
# yum check-update   
# yum repolist enabled

For more information, see Troubleshooting '[Errno 14] HTTPS Error 404 - Not Found' error observed on Red Hat Satellite 6 clients on the Red Hat website.

Error: This system is not registered with an entitlement server

To resolve this error, use subscription-manager to register the system. When you run an instance from the AWS Marketplace, there's a billing product that's embedded into the metadata that Red Hat provides. When Red Hat connects to the RHUI repositories that AWS uses, Red Hat uses the billing product to check for a valid subscription.

To check the billing product on an instance, run the following command:

curl http://169.254.169.254/latest/dynamic/instance-identity/document      2>/dev/null | grep billingProducts  
  
  "billingProducts" : [ "bp-6fa54006" ],

If your instance has the required billing code, then ignore the message from subscription manager. If you don't want to see the message, then set the subscription manager plugin from /etc/yum/pluginconf.d/subscription-manager.conf to enabled=0. Run the following command:

sudo vi  /etc/yum/pluginconf.d/subscription-manager.conf  
enabled=0

Then, save and quit the configuration file.

Note: If you migrated your instance or created an Amazon Machine Image (AMI) from snapshots, then the billing product isn't available. If you use a CreateImage from an existing instance that has a billing code, then the new AMI inherits this information. The AMI can now communicate with the RHUI repositories.

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago