14

When I try to install something via yum (e.g., yum install java), I get the following:

Could not contact CDS load balancer rhui2-cds01.us-west-2.aws.ce.redhat.com, trying others.

Could not contact any CDS load balancers: rhui2-cds01.us-west-2.aws.ce.redhat.com, rhui2-cds02.us-west-2.aws.ce.redhat.com.

Earlier today I installed various yum packages. This evening I tried several, but none worked.

This link explains that certain firewall rules need to be made: https://access.redhat.com/solutions/11214

I don't have an explanation why all Yum install commands were working earlier today. Several different ones later stopped working. Here is the solution: via the AWS console, I opened all traffic over port 443 (inbound and outbound traffic).

This isn't an ideal solution or a permanent solution. The security groups in the AWS console only permit filtering based on IP addresses and IP address ranges. DNS names aren't part of the filtering.

Using AWS, how can I open port 443 and port 80 to specific DNS names?

Propulsion
  • 503
  • 2
  • 4
  • 14

5 Answers5

31

On AWS Amazon Web Services, make sure you are the 'root' user and not ec2-user.

Type:

sudo su - root

This fixed my problem.

Basil Musa
  • 8,198
  • 6
  • 64
  • 63
  • 1
    [root@usvacdhprd60 ~]# sudo su - root [root@usvacdhprd60 ~]# yum install htop Loaded plugins: amazon-id, rhui-lb, security Could not contact CDS load balancer rhui2-cds01.us-east-1.aws.ce.redhat.com, tring others. Setting up Install Process Package htop-1.0.1-2.el6.x86_64 already installed and latest version Nothing to do [root@usvacdhprd60 ~]# – Ilja Feb 19 '16 at 16:47
  • I deployed the Amazon AMI RHEL-7.2_HVM_GA-20151112-x86_64, which is essentially their "stock" RHEL image, and I honestly did not know that you could not even search yum repositories without being root (and trying to resolve this issue is what brought me here, lol). So...I think you have to be root to use yum at all on AWS RHEL AMIs. – Digital Impermanence Sep 19 '16 at 18:24
  • 1
    It's super weird that you can't do a simple `yum search` command, as a non-root user. –  Nov 12 '16 at 00:14
  • @Ilya - agreed. I had this after I went to http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_NACLs.html and added ephemeral 49152-65535 instead of 1024-65535 inbound to my ACLs, the former of which blocks yum from working (dunno which port yum comes back on). – volvox Apr 11 '17 at 10:45
  • You save me even in 2019 – rj487 May 30 '19 at 18:41
  • You don't need to sudo to "root". At least when I tried it, all you needed was elevated privilege. E.g., "sudo yum etc" appears to be sufficient. – UncaAlby Aug 12 '19 at 20:07
  • @UncaAlby Yes, I'm aware of that. The answer conveys that root escalation is needed, whether its a sudo or su - root, I think the readers got that too. – Basil Musa Aug 13 '19 at 13:53
8

Try sudo yum install ...

That worked for me without doing any extra firewall changes.

wisbucky
  • 33,218
  • 10
  • 150
  • 101
3

You want to defend against INBOUND traffic and can generally leave your OUTBOUND rules open. AWS Security Groups are a stateful firewall, so if a VM establishes a connection (e.g. to a yum repo), the return traffic will be automatically allowed.

You can test this by opening up your OUTBOUND rules and closing off your INBOUND rules to only allow your SSH connection. The yum commands will work assuming you're not being blocked by a VPC Network ACL.

scubadev
  • 1,072
  • 9
  • 20
2

On AWS Amazon Web Services , can you try to ping yahoo.com ? if you get unknown hosts.

I got the same issue,i resolved it as follow , you can have a try.

you need config the dns resolver. 1.vi /etc/resolv.conf; 2.add one row nameserver 8.8.8.8

Hao Kang
  • 474
  • 5
  • 5
0

I was getting:

Could not contact CDS load balancer rhui2-cds01.us-west-2.aws.ce.redhat.com, trying others.

I could not resolve name rhui2-cds01.us-west-2.aws.ce.redhat.com (using ping or nslookup, for example).

I tried: - creating more than one EC2 instance. - creating another VPC and an EC2 there.

Later in the day, the problem cleared on its own.

Brian Fitzgerald
  • 634
  • 7
  • 14