Login/Register
Yum repositories don't work unless there are exceptions in the AWS firewall. How do I make the exceptions based on a DNS name?
Asked Answered
amazon-web-servicesredhatyum
V

5

14

When I try to install something via yum (e.g., yum install java), I get the following:

Could not contact CDS load balancer rhui2-cds01.us-west-2.aws.ce.redhat.com, trying others.

Could not contact any CDS load balancers: rhui2-cds01.us-west-2.aws.ce.redhat.com, rhui2-cds02.us-west-2.aws.ce.redhat.com.

Earlier today I installed various yum packages. This evening I tried several, but none worked.

This link explains that certain firewall rules need to be made: https://access.redhat.com/solutions/11214

I don't have an explanation why all Yum install commands were working earlier today. Several different ones later stopped working. Here is the solution: via the AWS console, I opened all traffic over port 443 (inbound and outbound traffic).

This isn't an ideal solution or a permanent solution. The security groups in the AWS console only permit filtering based on IP addresses and IP address ranges. DNS names aren't part of the filtering.

Using AWS, how can I open port 443 and port 80 to specific DNS names?

Valedictorian answered 2/3, 2015 at 3:34 Comment(0)
M
31

On AWS Amazon Web Services, make sure you are the 'root' user and not ec2-user.

Type:

sudo su - root

This fixed my problem.

Mader answered 26/4, 2015 at 15:9 Comment(7)
[root@usvacdhprd60 ~]# sudo su - root [root@usvacdhprd60 ~]# yum install htop Loaded plugins: amazon-id, rhui-lb, security Could not contact CDS load balancer rhui2-cds01.us-east-1.aws.ce.redhat.com, tring others. Setting up Install Process Package htop-1.0.1-2.el6.x86_64 already installed and latest version Nothing to do [root@usvacdhprd60 ~]#Scarabaeoid
I deployed the Amazon AMI RHEL-7.2_HVM_GA-20151112-x86_64, which is essentially their "stock" RHEL image, and I honestly did not know that you could not even search yum repositories without being root (and trying to resolve this issue is what brought me here, lol). So...I think you have to be root to use yum at all on AWS RHEL AMIs.Markswoman
It's super weird that you can't do a simple yum search command, as a non-root user.Chak
@Ilya - agreed. I had this after I went to docs.aws.amazon.com/AmazonVPC/latest/UserGuide/… and added ephemeral 49152-65535 instead of 1024-65535 inbound to my ACLs, the former of which blocks yum from working (dunno which port yum comes back on).Kerstin
You save me even in 2019Cockeye
You don't need to sudo to "root". At least when I tried it, all you needed was elevated privilege. E.g., "sudo yum etc" appears to be sufficient.Lithosphere
@Lithosphere Yes, I'm aware of that. The answer conveys that root escalation is needed, whether its a sudo or su - root, I think the readers got that too.Mader
T
8

Try sudo yum install ...

That worked for me without doing any extra firewall changes.

Taurus answered 15/5, 2015 at 23:16 Comment(0)
C
3

You want to defend against INBOUND traffic and can generally leave your OUTBOUND rules open. AWS Security Groups are a stateful firewall, so if a VM establishes a connection (e.g. to a yum repo), the return traffic will be automatically allowed.

You can test this by opening up your OUTBOUND rules and closing off your INBOUND rules to only allow your SSH connection. The yum commands will work assuming you're not being blocked by a VPC Network ACL.

Chaetopod answered 2/3, 2015 at 13:43 Comment(0)
T
2

On AWS Amazon Web Services , can you try to ping yahoo.com ? if you get unknown hosts.

I got the same issue,i resolved it as follow , you can have a try.

you need config the dns resolver. 1.vi /etc/resolv.conf; 2.add one row nameserver 8.8.8.8

Tanyatanzania answered 6/5, 2016 at 9:38 Comment(0)
M
0

I was getting:

Could not contact CDS load balancer rhui2-cds01.us-west-2.aws.ce.redhat.com, trying others.

I could not resolve name rhui2-cds01.us-west-2.aws.ce.redhat.com (using ping or nslookup, for example).

I tried: - creating more than one EC2 instance. - creating another VPC and an EC2 there.

Later in the day, the problem cleared on its own.

Meany answered 20/6, 2019 at 19:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.