KATELLO repos with embedded user:pass in URL's - Cannot combine AUTH argument with credentials encoded in URL

Problem:
We have an internet proxy server that uses a basic auth username/password, AND I have URL’s for some vendor yum repos that have to have a http://key:null@download.hpe… specified.

Katello apparently no longer likes this with 4.x.

Not sure how to get around it. The vendor’s yum repos do not accept setting the “upstream” username/password, it must be passed in the URL like that.

Is there a way to tell Katello to stop being so picky about URL’s for upstream yum repos?

http://key:null@download.hpe/ is just the direct form of specifying http basic auth credentials. You should enter them into the upstream authorization fields for the repository. That’s where they belong. I don’t know why you think you have to pass them in the URL. It shouldn’t make a difference.

The problem is this bug: Bug #32994: Sync of content from an authenticated yum repository fails - Katello - Foreman

See also Katello 4.1: repo sync fails for repository requiring username/password

Basically, authenticated URL access seems to broken at the moment…

Yes that bug looks most likely the problem I ran into when I did try to use the upstream user/pass instead.

Did some more testing.

#32994 was only manifesting on my environment because of the broken proxy handling in pulp3.

Same issue as #32998 - Http Proxy passwords are not making it to candlepin properly, I think, although the pull request in that bug repo does not fix it.

The fix in the pull request listed in this pulp3 team issue does fix the proxy stuff with pulp3 for our use case.
PULP Backport 9024 “Downloads do not use proxy authentication” to 3.14.z

1 Like