Add grafana repo to Foreman

I guess it’s a bug then, but I am not the right person to tell…

I still have pulp2 and it shows yum under supported content types but as “yum (supported, but overridden to use Pulp 2)”.

1 Like

It’s look pulp3 for me, is that correct?


Yes, that confirms you’re using Pulp 3.

Do you still get the authentication error after removing the unnecessary content credentials from the repo?

Yes, it still get authentication error.

gpg key

If that repo doesn’t require authentication, why do you have an upstream username and password set? Should that be removed?

This is default for all repsitory, and I can’t remove it.

But I can sync grafana with reposync --repoid=grafana --download_path=/var/www/grafana on other linux

You have set upstream authorization to user admin with password. That’s the problem. If I use authorization with curl I also get an 401:

curl -v --user admin:test ''
< HTTP/1.1 401 Unauthorized

You should remove that from all repositories. These entries come from the autofill from your browser which enters the foreman admin credentials into those fields. As it is usually using basic auth which transmits the plaintext password you’ll tell anyone your foreman admin password.

Repositories don’t require authorization unless it’s really required. For grafana, they probably offer some additional content for paid customers and if you go there with invalid credentials it gets blocked even if you are accessing only public content.

Remove the authorization from all repositories (where not required). Why can’t you remove it?

1 Like

is there some hammer CLI for removing authorization for all repos?

hammer repository update has two options for upstream-password and upstream-username. But I am not sure if it’s enough to pass an empty string "" in both places to clear the setting… You can try.

Did you remove the credentials for the grafana repository in the web frontend and does it work then?

Sorry for a delay answer. Yes it’s working now. I have one new problem with repository that have password protection. I have configure username and password, but I get this error:


2021-04-02T12:09:23 [E|bac|] XML file(s): filelists not found (Katello::Errors::Pulp3Error)
| /opt/theforeman/tfm/root/usr/share/gems/gems/katello- block in check_for_errors' | /opt/theforeman/tfm/root/usr/share/gems/gems/katello- each’

and /var/log/message

Apr 2 12:09:22 fore-1 pulpcore-worker-1: await self.parse_repository_metadata()
Apr 2 12:09:22 fore-1 pulpcore-worker-1: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/”, line 485, in parse_repository_metadata
Apr 2 12:09:22 fore-1 pulpcore-worker-1: repository_metadata_parser.parse()
Apr 2 12:09:22 fore-1 pulpcore-worker-1: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/”, line 717, in parse
Apr 2 12:09:22 fore-1 pulpcore-worker-1: _(“XML file(s): {filenames} not found”).format(filenames=", ".join(missing_types))
Apr 2 12:09:22 fore-1 pulpcore-worker-1: FileNotFoundError: XML file(s): filelists not found

and I can do curl

for remove authorization I have use

foreman-rake console

Loading production environment (Rails 5.2.1)
irb(main):001:0> Katello::RootRepository.find_by_name(‘EPEL8’).update_columns(:upstream_username => nil, :upstream_password => nil)
=> true

That sounds to me as if the repository doesn’t have a filelists file or that the repomd.xml is missing it’s definition. I’d suggest you check the repomd.xml if it contains a data entry of type “filelists”. If it does check the location entity. It should contain a relative href pointer to the filelists.xml file. If not, it seems like a broken or incomplete repository.

Yes, repo doesn’t’ have filelist.xml. So, should they run createrepo and the repodata will be created as it should be with filelist and other necessary files?

If it’s your own repository then running ‘createrepo’ in the directory of the repository should create all necessary files in the repodata subdirectory (repomd.xml and those filelists,other,primary files as compressed xml and sqlite).