[lmi] yum: "Multilib version problems found."

[Greg Chicares]

It's a new year, so I'm trying again to build lmi on a redhat server.
The steps are simple--just run the latest script in git as root:

$cd /opt/lmi/src/lmi
$sudo sh
$git pull
$ ./install_redhat.sh >/home/mm53451/rhlog_$(date -u +%Y%m%dT%H%MZ) 2>&1

...but I quickly encounter the problem below: the command
  yum --assumeyes install ca-certificates curl nss-pem
fails, apparently because I have multiple architectures installed.

It seemed that running 'yum check' would be a good idea, or at
least harmless, but after fifteen minutes it said nothing much:

$ time yum check
Loaded plugins: enabled_repos_upload, langpacks, package_upload, product-id,
              : search-disabled-repos, subscription-manager
check all
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager

real    15m26.591s
user    13m51.752s
sys     1m34.343s

Then I tried
  package-cleanup --cleandupes
but it said "No duplicates to remove".

And 'yum list installed' says I have:

nss-pem.i686                        1.0.3-5.el7_6.1          @rhel-7-server-rpms
nss-pem.x86_64                      1.0.3-5.el7_6.1          @rhel-7-server-rpms

which seem to be the same version. This line:
  Protected multilib versions: nss-pem-1.0.3-7.el7.x86_64 != 
nss-pem-1.0.3-5.el7_6.1.i686
in the error message seems to suggest that there's a
  1.0.3-7 upgrade available for x86_64, but only a
  1.0.3-5 upgrade for i686

I tried
  yum --assumeyes --exclude nss-pem.i686 install ca-certificates curl nss-pem
but that gives the same sort of error message as without '--exclude'.

Vadim--Are you familiar enough with rhel that you can immediately
see how to fix this? If not, I'll go through the advice that's
readily found with a web search.

Here's the output of the original command:

# Fix weird errors like "Problem with the SSL CA cert (path? access rights?)".
yum --assumeyes install ca-certificates curl nss-pem
+ yum --assumeyes install ca-certificates curl nss-pem
Loaded plugins: enabled_repos_upload, langpacks, package_upload, product-id,
              : search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2018.2.22-70.0.el7_5 will be updated
---> Package ca-certificates.noarch 0:2019.2.32-76.el7_7 will be an update
---> Package curl.x86_64 0:7.29.0-51.el7 will be updated
---> Package curl.x86_64 0:7.29.0-54.el7_7.1 will be an update
--> Processing Dependency: libcurl = 7.29.0-54.el7_7.1 for package: 
curl-7.29.0-54.el7_7.1.x86_64
---> Package nss-pem.x86_64 0:1.0.3-5.el7_6.1 will be updated
---> Package nss-pem.x86_64 0:1.0.3-7.el7 will be an update
--> Running transaction check
---> Package libcurl.x86_64 0:7.29.0-51.el7 will be updated
--> Processing Dependency: libcurl = 7.29.0-51.el7 for package: 
libcurl-devel-7.29.0-51.el7.x86_64
---> Package libcurl.x86_64 0:7.29.0-54.el7_7.1 will be an update
--> Processing Dependency: libssh2(x86-64) >= 1.8.0 for package: 
libcurl-7.29.0-54.el7_7.1.x86_64
--> Running transaction check
---> Package libcurl-devel.x86_64 0:7.29.0-51.el7 will be updated
---> Package libcurl-devel.x86_64 0:7.29.0-54.el7_7.1 will be an update
---> Package libssh2.x86_64 0:1.4.3-12.el7_6.2 will be updated
---> Package libssh2.x86_64 0:1.8.0-3.el7 will be an update
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:
       
         1. You have an upgrade for nss-pem which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of nss-pem of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude nss-pem.otherarch ... this should give you an error
            message showing the root cause of the problem.
       
         2. You have multiple architectures of nss-pem installed, but
            yum can only see an upgrade for one of those architectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.
       
         3. You have duplicate versions of nss-pem installed already.
            You can use "yum check" to get yum show these errors.
       
       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).
       
       Protected multilib versions: nss-pem-1.0.3-7.el7.x86_64 != 
nss-pem-1.0.3-5.el7_6.1.i686
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager