Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23551

Yum Authenticating against RHEL servers in AWS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.22.0
    • Fix Version/s: 3.24.0
    • Component/s: Yum
    • Labels:

      Description

      Yum proxy to the following location:

      https://rhui2-cds01.eu-west-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/

      The following steps have been followed

      https://help.sonatype.com/repomanager3/formats/yum-repositories/proxying-rhel-yum-repositories

       

      The Nexus logs show that it is failing due to 401 Authorization Required

      2020-04-15 13:20:40,979+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 >> GET /pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml HTTP/1.1

      2020-04-15 13:20:40,979+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 >> Host: rhui2-cds01.eu-west-1.aws.ce.redhat.com

      2020-04-15 13:20:40,980+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 >> Connection: Keep-Alive

      2020-04-15 13:20:40,980+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 >> User-Agent: Nexus/3.22.0-02 (OSS; Linux; 3.10.0-1062.9.1.el7.x86_64; amd64; 1.8.0_221)

      2020-04-15 13:20:40,980+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 >> Accept-Encoding: gzip,deflate

      2020-04-15 13:20:41,011+0100 DEBUG [qtp1853380911-48]  UNKNOWN org.apache.http.headers - http-outgoing-1 << HTTP/1.1 *401 Authorization Required

      2020-04-15 13:20:41,011+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << Date: Wed, 15 Apr 2020 12:20:40 GMT

      2020-04-15 13:20:41,011+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << Server: Apache/2.2.15 (Red Hat)

      2020-04-15 13:20:41,012+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << WWW-Authenticate: Basic realm="Pulp"

      2020-04-15 13:20:41,012+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << Content-Length: 508

      2020-04-15 13:20:41,012+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << Connection: close

      2020-04-15 13:20:41,012+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.headers - http-outgoing-1 << Content-Type: text/html; charset=iso-8859-1

      2020-04-15 13:20:41,013+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.auth.HttpAuthenticator - Authentication required

      2020-04-15 13:20:41,013+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.auth.HttpAuthenticator - rhui2-cds01.eu-west-1.aws.ce.redhat.com:443 requested authentication

      2020-04-15 13:20:41,014+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]

      2020-04-15 13:20:41,014+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available

      2020-04-15 13:20:41,015+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available

      2020-04-15 13:20:41,015+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available

      2020-04-15 13:20:41,015+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available

      2020-04-15 13:20:41,016+0100 DEBUG [qtp1853380911-48]  *UNKNOWN org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available

      2020-04-15 13:20:41,022+0100 INFO  [qtp1853380911-48]  *UNKNOWN org.sonatype.nexus.repository.httpclient.internal.HttpClientFacetImpl - Repository status for rhel-rhui changed from READY to AUTO_BLOCKED_UNAVAILABLE until 2020-04-15T13:21:21.021+01:00 - reason Unauthorized for https://rhui2-cds01.eu-west-1.aws.ce.redhat.com

       

      Customer is able to authenticate successfully using this URL and the certs we have used in the key store via yum directly without passing any username/password.

        Attachments

          Activity

            People

            Assignee:
            mjohnson Matt Johnson
            Reporter:
            msurani Mahendra Surani
            Last Updated By:
            Ophelia Hernandez
            Team:
            NXRM - Trinity
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title