so I am trying to setup up a ssh bastion server, but I have problem setting up EPEL in order to install Python3.6.

I am using CentOS Linux release 7.4.1708 (Core)

So I am trying to install EPEL first by using sudo yum -y install epel-release (I did of course sudo yum -y update before and it worked fine), but it told me Package 'epel-release' not found

Therefore I tried different approach using RedHat Package Manager:

sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

This installs package succesfully and I can see both epel.repo and epel-testing.repo in etc/yum.repos.d (I copy their contains at the end of post)

However, now, whenever I try to do something with yum, whether it is update or install of some package it gives me the following error (for example I used yum -y install Python3.6 or I have also tried installing tsclient or python-pip):

[root@scw-39016b yum.repos.d]# yum install -y Python3.6
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
centos-kernel                                            | 2.9 kB     00:00
epel/armhfp/metalink                                     |  42 kB     00:00
Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=armhfp error was
No repomd file


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

File /var/cache/yum/armhfp/7/epel/metalink.xml does not exist

I have tried million ways going around this already and nothing seems to help :(

I reinstalled it like 5 times, I have done sudo yum clean all, I have tried uncommenting baseurl and commenting metalink in repo files and other way too, etc..., but nothing helps :(

Can someone let me know, please, what is causing this error?

I read somewhere that it might do with enabling / disabling certain repositories, but I don't understand how to cope with it..

Many thanks !!!

epel.repo

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

epel-testing.repo

[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/testing/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Debug
baseurl=http://download.fedoraproject.org/pub/epel/testing/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-testing-source]
name=Extra Packages for Enterprise Linux 7 - Testing - $basearch - Source
baseurl=http://download.fedoraproject.org/pub/epel/testing/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

We fixed this by updating curl. I believe yum uses libcurl under the hood, and it seems that older versions of curl cannot negotiate the TLS connection to the epel repo.

yum update curl --disablerepo=epel

You are using armhfp as your arch and there is no repo for it in the epel metalink you are looking at.

If you download the link below, you would get a file named, metalink. You will see that there is no repo that matches repo=epel-7&arch=armhfp. This is the source of your problem.

https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=armhfp

You need to use some other mirror that provides CentOS-7 support for armhfp arch.

e.g., http://mirror.centos.org/altarch/7/os/armhfp/

In order to use it, you need to remove epel-release RPM and install the following:

rpm -ivh http://mirror.centos.org/altarch/7/os/armhfp/Packages/centos-userland-release-7-4.1708.el7.centos.0.1.armv7hl.rpm

Then do a yum install for your package.

I had this issue on a VM. I just changed the metalink https access and set it at standard http like this : metalink=http://mirrors.fedoraproject.org....

I came across your question when I was trying to install Python3 on my Raspberry Pi 3 (which is newly running CentOS 7). After some google-fu, I came across this site, which helped me get EPEL installed on armhfp. This is what it says:

How can I enable EPEL 7 on armhfp ?

The answer is easy in a sense that there is no official EPEL repository for armfhp. But because lot of users were asking for this, we decided to use the centos armhfp builders to (re)build Source packages from EPEL 7 (and try to track those automatically) when they're idle. Please note that it's just an automatic rebuild without any QA/test, and also resulting pkgs aren't signed either. To use that repository, proceed like this :

cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0

EOF

After following these steps I was able to run sudo yum install epel-release successfully, and then install python3 on my raspberry pi.

Before you do this, however, you need to get yum working. I'm not sure I am the best help for that, but I would recommend removing (or at least disabling) the current versions of epel repos that you have.

yum remove epel
yum remove epel-release
yum remove epel-testing

It seems that you have a 3rd party repo enabled that is broken. This is causing your issues with yum and it's why you need to remove or disable the repos.

We have a very similar problem and I've seen several pleas for help with the most common response being "don't use 'https' but that exposes you to MITM attacks". There has to be a better answer.

We just did a fresh install of CentOS Linux release 7.7.1908 (Core) on a server and like the OP whenever we attempt sudo yum install epel-release, we break yum.

Here is the install:

-bash-4.2$ sudo yum install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.sonic.net
 * extras: mirror.fileplanet.com
 * updates: mirror.fileplanet.com
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================================
 Package                                                     Arch                                                  Version                                             Repository                                             Size
===================================================================================================================================================================================================================================
Installing:
 epel-release                                                noarch                                                7-11                                                extras                                                 15 k

Transaction Summary
===================================================================================================================================================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-11.noarch.rpm                                                                                                                                                                                |  15 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                                                                                                                        1/1 
  Verifying  : epel-release-7-11.noarch                                                                                                                                                                                        1/1 

Installed:
  epel-release.noarch 0:7-11                                                                                                                                                                                                       

Complete!

Now if we even just try to run yum list it fails:

-bash-4.2$ yum list
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot retrieve metalink for repository: epel/x86_64. Please verify its path and try again

And here is /etc/yum.repos.d/epel.repo:

-bash-4.2$ cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

So is the problem with the repository we're trying access or the fact that we are trying to access using the "https" protocol? If the former, how do I find the right repository? If the latter, how do we go about diagnosing the underlying problem? This is a pretty fresh install -- all we've really done is installed autos and mounted the home directory, installed rvm and created some users and groups.

FWIW, yum check-update doesn't report anything and yum update curl (with or without "--disablerepo=epel") didn't do anything either.

I've been banging my head against this for a day now and need professional help. ;-/

There is another piece to this puzzle, which is why I suspect the underlying problem has to do with "https". We ran into this problem why trying to install MongoDB using these instructions: https://docs.mongodb.com/v4.0/tutorial/install-mongodb-on-red-hat/#using-rpm-packages-recommended

We created /etc/yum.repos.d/mongodb-org-4.0.repo with the contents:

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

and then tried to install MongoDB and got a somewhat different error:

-bash-4.2$ sudo vi /etc/yum.repos.d/mongodb-org-4.0.repo
-bash-4.2$ sudo yum install -y mongodb-org
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.keystealth.org
 * extras: mirror.fileplanet.com
 * updates: mirrors.sonic.net
https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.



 One of the configured repositories failed (MongoDB Repository),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=mongodb-org-4.0 ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable mongodb-org-4.0
        or
            subscription-manager repos --disable=mongodb-org-4.0

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=mongodb-org-4.0.skip_if_unavailable=true

failure: repodata/repomd.xml from mongodb-org-4.0: [Errno 256] No more mirrors to try.
https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized.”

However, now if I try this I get the "(Unknown)" error.

It's very confusing.

I had the same problem and in order to fix it I did the following:

$ yum install epel-release
$ cd /etc/yum.repos.d
$ rm epel-testing.repo
$ yum clean all
$ yum update -

It worked for me!

The problem is, even if we are installing epel via rpm, the path of baseurl configured in epel.repo and epel-testing.repo files are not valid because https://download.fedoraproject.org/ doesn’t exist.
Valid path is : https://dl.fedoraproject.org/pub/

So amend the base url in /etc/yum.repos.d/epel.repo from this : baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch

to this :
baseurl=http://dl.fedoraproject.org/pub/epel/7/$basearch

Here's what I did

sudo nano /etc/yum.repos.d/epel.repo

Comment out the metalink and leave the existing baseurl commented out.

name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

CAN BE REMOVED {

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

}

Add a new baseurl

baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/

save the file sudo yum update

I was able to get the epel repos to update and download and in checking if epel-release was installed with yum install epel-release I got an already installed package message. UPDATE:change gpgcheck=1 to 0 and should be fine. I also removed the gpgkey= line.

Let me know if it helps!

[cont] When I installed htop.armv7h1 I had to do the --nogpgcheck with yum and it installed fine.