字體:  

解決AWS EC2 上RHEL7 使用 yum 出現403 Forbidden

Alex_Chang 發表於: 2021-3-21 22:36 來源: ADJ網路控股集團



在2017年在AWS EC2上開的一台RHRL7的主機,因為最近要用yum安裝一些套件時,忽然發現會出錯,錯誤如下 [Errno 14] HTTPS Error 403 - Forbidden:

QUOTE:


Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
epel/x86_64/metalink                                                                                                                                                                               | 6.9 kB  00:00:00     
mariadb                                                                                                                                                                                            | 2.9 kB  00:00:00     
rhui-REGION-client-config-server-7                                                                                                                                                                 | 2.1 kB  00:00:00     
https://rhui3.ap-northeast-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/extras/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/solutions/69319

If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.

https://rhui3.ap-northeast-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/optional/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
https://rhui3.ap-northeast-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
https://rhui3.ap-northeast-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/rh-common/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.


才知道自從RedHat採取要收費的政策後, 要使用yum 去更新系統也無法使用了.
這個時候除了去註冊外, 另外的選擇就是使用CentOS 的repos 來更新系統.

步驟如下:
(1) 移除原先的更新程式
# rpm -qa | grep yum | xargs rpm -e --nodeps
# rpm -qa | grep python-iniparse | xargs rpm -e --nodeps

(2) 安裝CentOS 更新程式,走Hinet 的Repo

QUOTE:


# cd /tmp
# wget http://mirror01.idc.hinet.net/CentOS/7/os/x86_64/Packages/yum-3.4.3-168.el7.centos.noarch.rpm
# wget http://mirror01.idc.hinet.net/CentOS/7/os/x86_64/Packages/python-iniparse-0.4-9.el7.noarch.rpm
# wget http://mirror01.idc.hinet.net/CentOS/7/os/x86_64/Packages/yum-metadata-parser-1.1.4-10.el7.x86_64.rpm
# wget http://mirror01.idc.hinet.net/CentOS/7/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.31-54.el7_8.noarch.rpm

PS: 注意 yum-3.4.3 跟 yum-plugin-fastestmirror 會更新版號..如果 wget 下載不到..請連到
http://mirror01.idc.hinet.net/CentOS/7/os/x86_64/Packages/ 找到最新的套件名稱即可


(3) 安裝相關RPM
# rpm -Uvh *.rpm

(4) 建立新的 repo file
這裡要注意, 檔名可以任意, 但一定要有 .repo 結尾
# vi /etc/yum.repos.d/hinet.repo

內容如下, 這裡我使用 Hinet IDC 的 repo, 在台灣的速度還滿快的, 若有需求請自行更改內容

QUOTE:


# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever – Base
baseurl=http://mirror01.idc.hinet.net/CentOS/7/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever – Updates
baseurl=http://mirror01.idc.hinet.net/CentOS/7/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever – Extras
baseurl=http://mirror01.idc.hinet.net/CentOS/7/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever – Plus
baseurl=http://mirror01.idc.hinet.net/CentOS/7/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#contrib – packages by Centos Users
[contrib]
name=CentOS-$releasever – Contrib
baseurl=http://mirror01.idc.hinet.net/CentOS/7/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7


(5) 完成後更新資料
# yum clean all
# yum update


意外插曲:
在使用yum install的時候,如果碰見這樣的錯誤:Couldn’t open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

這是因為在你的 /etc/yum.repos.d 目錄下有關於yum repository的配置文件中列有如下的GPG key:

    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

這個配置告訴YUM,這個repository的GPG key存在於磁盤上。而當YUM在路徑 /etc/pki/rpm-gpg 下找不到這個GPG key的時候,就會報如上的錯誤了。

解決方案:

# cd /etc/pki/rpm-gpg
# wget http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

然後再次運行 yum 命令就可以成功了。


參考資料:
https://tkunlin.medium.com/%E8%A7%A3%E6%B1%BArhel-7-%E7%84%A1%E6%B3%95%E4%BD%BF%E7%94%A8-rhel-repos-fbf79e2d25f0
https://www.bbsmax.com/A/RnJWe3ogdq/