yum update times out after upgrade to 131

General questions.
cwensink
Posts: 25
Joined: August 7th, 2018, 2:18 pm

Re: yum update times out after upgrade to 131

Post by cwensink » June 3rd, 2019, 6:52 pm

With the proxy turned off, I can run yum update cleanly and smoothly with no problems:

I went through each of these sub areas, as you suggested:

With the proxy line commented out in yum.conf: #proxy=http://10.5.1.1:8080

Proxy off, Transparent mode off, GEO Location off , URL Filter off , Update Accelerator off = no problems
Proxy Off, transparent mode off, Geo Location on, URL Filter off, Update accelerator off = no problems
Proxy On, transparent mode off, Geo Location on, URL Filter off, Update accelerator off = no problems
Proxy On, transparent mode off, Geo Location on, URL Filter on, Update accelerator off = no problems
Proxy On, transparent mode off, Geo Location on, URL Filter on, Update accelerator on = no problems

with the proxy line not commented out: proxy=http://10.5.1.1:8080

errors:
---------------------
[root@luigi etc]# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Error: Cannot find a valid baseurl for repo: base
----------------------------------------

with the proxy line commented out, and everything on:
errors:
------------------------------
[root@luigi etc]# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Error: Cannot find a valid baseurl for repo: base
[root@luigi etc]# ping mirrorlist.centos.org
PING mirrorlist.centos.org (212.69.166.138) 56(84) bytes of data.
64 bytes from babylon.castlegem.co.uk (212.69.166.138): icmp_seq=1 ttl=43 time=167 ms
64 bytes from babylon.castlegem.co.uk (212.69.166.138): icmp_seq=2 ttl=43 time=167 ms
^C
--- mirrorlist.centos.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1736ms
rtt min/avg/max/mdev = 167.595/167.632/167.669/0.037 ms
-----------------------------

You can see that yum update either times our or is not connecting at all, yet I can ping the host just fine.

Here's the advanced Proxy settings, does anything look wrong?
proxy-settings.JPG

cwensink
Posts: 25
Joined: August 7th, 2018, 2:18 pm

Re: yum update times out after upgrade to 131

Post by cwensink » June 5th, 2019, 6:03 pm

I found another detail that might be causing an issue.

yum update is still failing with the transparent proxy on:
--------------------------------
[root@daisy iqmsmh]# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Error: Cannot find a valid baseurl for repo: base
------------------------------------------------------------

When I try to do a wget to the same URL, it appears be capable of downloading information, but it downloads the contents into one file called index.html?release=6, and it attempts to execute two other commands: arch=x86_64 - an invalid command, and repo=os - another invalid command.

Here's the output:
--------------------------------------------------------------
[root@daisy iqmsmh]# wget http://mirrorlist.centos.org/?release=6 ... nfra=stock
[1] 326559
[2] 326560
[3] 326561
[root@daisy iqmsmh]# --2019-06-05 12:47:27-- http://mirrorlist.centos.org/?release=6
Resolving mirrorlist.centos.org... 67.219.148.138, 85.236.43.108, 212.69.166.138, ...
Connecting to mirrorlist.centos.org|67.219.148.138|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19 [text/plain]
Saving to: “index.html?release=6.1”

100%[=======================================================================>] 19 --.-K/s in 0s

2019-06-05 12:47:27 (1.58 MB/s) - “index.html?release=6.1” saved [19/19]


[1] Done wget http://mirrorlist.centos.org/?release=6
[2]- Done arch=x86_64
[3]+ Done repo=os
------------------------------------------------

the listing of files as a result and the contents of the index file
--------------------------------------
[root@daisy yum-issue]# ls
index.html?release=6
[root@daisy yum-issue]# cat index.html\?release\=6
arch not specified
[root@daisy yum-issue]#
-----------------------------------

The transparent proxy seems to be separating out the full command:

[root@daisy iqmsmh]# wget http://mirrorlist.centos.org/?release=6 ... nfra=stock

into three commands:

1. [root@daisy iqmsmh]# wget http://mirrorlist.centos.org/?release=6& - an incomplete wget resulting in the arch not specified
2. arch=x86_64& - an invalid command
3. repo=os - an invalid command
&infra=stock - last part is being ignored.

The arguments that the mirrorlist needs are not being passed through the transparent proxy, the apersand (&) key seems to somehow be the culprit, almost like the key is not be escaped somewhere properly.

Does anyone know where to look?

cwensink
Posts: 25
Joined: August 7th, 2018, 2:18 pm

Re: yum update times out after upgrade to 131

Post by cwensink » June 5th, 2019, 6:21 pm

More detail:

contents of /var/log/squid/access.log when trying to run yum update from a server inside the LAN:
----------------------------------------------------------------------------------------------------------------------
1559758076.387 31030 10.5.1.22 TCP_REFRESH_ABORTED/000 0 GET http://mirrorlist.centos.org/?release=6 ... nfra=stock - ORIGINAL_DST/212.69.166.138 -
1559758190.957 31030 10.5.1.22 TCP_REFRESH_ABORTED/000 0 GET http://mirrorlist.centos.org/?release=6 ... nfra=stock - ORIGINAL_DST/85.236.43.108 -
1559758304.838 27059 10.5.1.22 TCP_REFRESH_ABORTED/000 0 GET http://mirrorlist.centos.org/?release=6 ... nfra=stock - ORIGINAL_DST/216.176.179.218 -
1559758340.200 31030 10.5.1.22 TCP_MISS_ABORTED/000 0 GET http://mirrorlist.centos.org/?release=6 ... nfra=stock - ORIGINAL_DST/216.176.179.218 -
-----------------------------------------------------------------------------------------------

yum check-update also times out:
----------------------------------------------------
[root@daisy etc]# yum check-update
Loaded plugins: fastestmirror
Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Error: Cannot find a valid baseurl for repo: base
-------------

yum repolist (from an openvz host) shows similar results
------------------------------------------------------
[root@daisy etc]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
14: PYCURL ERROR 52 - "Empty reply from server"
epel/metalink | 18 kB 00:00
epel | 5.3 kB 00:00
epel/primary_db | 6.0 MB 00:01
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Could not retrieve mirrorlist http://download.openvz.org/kernel/mirrors-rhel6-2.6.32 error was
12: Timeout on http://download.openvz.org/kernel/mirrors-rhel6-2.6.32: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Could not retrieve mirrorlist http://download.openvz.org/mirrors-current error was
12: Timeout on http://download.openvz.org/mirrors-current: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6 ... nfra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6 ... nfra=stock: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
repo id repo name status
base CentOS-6 - Base 0
epel Extra Packages for Enterprise Linux 6 - x86_64 12,541
extras CentOS-6 - Extras 0
openvz-kernel-rhel6 OpenVZ RHEL6-based stable kernels 0
openvz-utils OpenVZ user-space utilities 0
updates CentOS-6 - Updates 0
repolist: 12,541
[root@daisy etc]#
----------------------------------------------------------

In the process of restarting the proxy, while the yum update command is running, as soon as I hit save and restart, then yum update's commands populate the mirror list and the rest of the process works.

If anyone has any suggestions I would really appreciate it!

JonM
Posts: 141
Joined: August 4th, 2017, 5:49 pm
Location: US

Re: yum update times out after upgrade to 131

Post by JonM » June 5th, 2019, 7:57 pm

I'll add a wild guess. Do you have IPS turned on?

I experienced issues with ET.Policy and apt-get (another installer package). My fault!
viewtopic.php?f=27&t=22848

I noticed there is a YUM component also:
Screen Shot 2019-05-31 at 1.37.16 PM 2.png
Production:
Image

Testing Raspi 3B+:
Image

cwensink
Posts: 25
Joined: August 7th, 2018, 2:18 pm

Re: yum update times out after upgrade to 131

Post by cwensink » June 6th, 2019, 1:52 pm

You are correct sir, IPS is turned on. When I turned off IPS then yum updates with the proxy on works as normal. I then turned IPS back on, ran yum update again then it was back to timing out, so this is definitely the section of software

I then unchecked the emerging-policy.rules, hit apply, and then tried yum update again, and it worked again, so it's one or more rules in this area blocking yum updates.

I found this rule in the list: ET POLICY GNU/Linux YUM User-Agent Outbound likely related to package management Unchecked that, hit Apply, and now yum updates are working great. Thank you very much for your help. This is the solution for anyone else who runs into this.

dnl
Posts: 375
Joined: June 28th, 2013, 11:03 am

Re: yum update times out after upgrade to 131

Post by dnl » June 8th, 2019, 6:44 am

It's my opinion that emerging-policy.rules is probably one of the least useful rulesets. Is there a reason you're using it?

I've had some ideas for how to write a procedure for tuning IPS rules. As non-one else has come up with anything yet, I'll have a try if I have time soon.

EDIT: spent a few hours rewording and expanding on a page "ms" started here: https://wiki.ipfire.org/configuration/f ... -selection
IPFire 2.x (Latest Update) on x86_64 Intel Bay Trail CPU, 4GiB RAM, RED + GREEN + BLUE + ORANGE

fkienker
Posts: 126
Joined: March 3rd, 2011, 4:59 pm

Re: yum update times out after upgrade to 131

Post by fkienker » June 11th, 2019, 5:42 pm

This just points out the care required to use IPS. Indiscriminate application of rules and rule sets can cause more problems than it solves. Worst case is to turn them all of them on and suffer through fixing all of the broken things.

Best regards,
Fred

Post Reply