我有一个私有和公有子网的VPC – 每个都包含一个相同的RHEL7服务器。 我相信VPC设置正确(见下文)。 但是,公共服务器可以使用yum,而私有服务器则不能。 私人收到错误…
$ yum search apache Failed to set locale, defaulting to C Loaded plugins: amazon-id, rhui-lb Repo rhui-REGION-client-config-server-7 forced skip_if_unavailable=True due to: /etc/pki/rhui/cdn.redhat.com-chain.crt Repo rhui-REGION-client-config-server-7 forced skip_if_unavailable=True due to: /etc/pki/rhui/product/rhui-client-config-server-7.crt Repo rhui-REGION-client-config-server-7 forced skip_if_unavailable=True due to: /etc/pki/rhui/rhui-client-config-server-7.key Repo rhui-REGION-rhel-server-releases forced skip_if_unavailable=True due to: /etc/pki/rhui/cdn.redhat.com-chain.crt Repo rhui-REGION-rhel-server-releases forced skip_if_unavailable=True due to: /etc/pki/rhui/product/content-rhel7.crt Repo rhui-REGION-rhel-server-releases forced skip_if_unavailable=True due to: /etc/pki/rhui/content-rhel7.key Repo rhui-REGION-rhel-server-rh-common forced skip_if_unavailable=True due to: /etc/pki/rhui/cdn.redhat.com-chain.crt Repo rhui-REGION-rhel-server-rh-common forced skip_if_unavailable=True due to: /etc/pki/rhui/product/content-rhel7.crt Repo rhui-REGION-rhel-server-rh-common forced skip_if_unavailable=True due to: /etc/pki/rhui/content-rhel7.key Could not contact CDS load balancer rhui2-cds01.us-east-1.aws.ce.redhat.com, trying others. Could not contact any CDS load balancers: rhui2-cds01.us-east-1.aws.ce.redhat.com, rhui2-cds02.us-east-1.aws.ce.redhat.com. 我有一个使用RHEL7 AMI的AWS VPC。
主要的主要路由表是指向NAT
Destination Target Status Propagated 10.0.0.0/16 local Active No 0.0.0.0/0 eni-xxxxxxxx / i-xxxxxxxx Active No
私有子网与主路由表相关联
第二个(不是主要的)路由表是指向网关
Destination Target Status Propagated 10.0.0.0/16 local Active No 0.0.0.0/0 igw-xxxxxxxx Active No
公共子网与此路由表相关联
我已经启用NAT转发(有时伪装…见下文)
sysctl -q -w net.ipv4.ip_forward=1 net.ipv4.conf.eth0.send_redirects=0 PRIVATE_SUBNETS="10.0.1.0/24" for SUBNET in $PRIVATE_SUBNETS; do iptables -t nat -C POSTROUTING -o eth0 -s $SUBNET -j MASQUERADE 2> /dev/null || iptables -t nat -A POSTROUTING -o eth0 -s $SUBNET -j MASQUERADE done
公共和私有子网中有一台服务器
/etc/yum.repos.d/redhat-rhui.repo和/etc/yum.repos.d/redhat-rhui-client-config.repo设置sslverify=0 ,然后执行yum clean all 。 它没有解决这个问题。 私人和公共服务器似乎都能够看到并触摸以下RPM:
$ rpm -Uvh ftp://ftp.pbone.net/mirror/ftp.sourceforge.net/pub/sourceforge/o/os/osolinux/update/RPMS.e/elinks-0.12-0.32.pre5mgc30.x86_64.rpm Retrieving ftp://ftp.pbone.net/mirror/ftp.sourceforge.net/pub/sourceforge/o/os/osolinux/update/RPMS.e/elinks-0.12-0.32.pre5mgc30.x86_64.rpm error: Failed dependencies: libgc.so.1()(64bit) is needed by elinks-0.12-0.32.pre5mgc30.x86_64 libgpm.so.2()(64bit) is needed by elinks-0.12-0.32.pre5mgc30.x86_64 libmozjs185.so.1.0()(64bit) is needed by elinks-0.12-0.32.pre5mgc30.x86_64 libnss_compat_ossl.so.0()(64bit) is needed by elinks-0.12-0.32.pre5mgc30.x86_64
如果我试图加载一个新的存储库在私人服务器上,我得到一个超时…
$ rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm Retrieving http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm curl: (7) Failed connect to pkgs.repoforge.org:80; Connection timed out error: skipping http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm - transfer failed
===在这里发布其他的电子邮件===
迈克尔。 感谢评论。
我确实使用了traceroute,并且看到数据包正从有问题的私人服务器进入NAT。 我也看到了离开服务器的数据包应该是转发的数据包。 这就是它。 而已。
我得到的印象是这些请求被存储库拒绝,因为ping和互联网远程rpms似乎工作…但我不知道为什么。 我用伪装打开和closures得到相同的结果。
NAT服务器是在创buildVPC的过程中自动build立的。 安全组是使用“scheme2”页面创build的……但目前已经开放。
在与问题描述非常类似的情况下,我可以通过将proxyconfiguration添加到/etc/yum.conf来解决这个问题。
喜欢这个:
echo "proxy=http://my.proxy.internal:3128/" >> /etc/yum.conf
我有同样的问题,并在我使用时解决它
yum install wget
但是当我使用
sudo yum安装wget
一切都好。