Looking in the Katello codebase, it looks like in ManagedContentMediumProvider it puts AppStream repo into Additional Media. That is correct, however it calls content_facet.kickstart_repository method which is a model instance. I think we assumed that an AppStream repository is a kickstart type (not sure how this is called in Katello), meaning it is recognized as kickstart and also published via http alongside https.
However it looks like the repo is not marked as kickstart on CDN, which is correct because it does not contain a kickstart tree. However it is now needed to successfully provision OS (unless it is the minimal installation).
Therefore I think we need to add similar workaround into syncing code - when a repo is recognized as AppStream (I think Katello recognizes it as a “variant repo”), then HTTP must be enabled on the repository as well.
I am not sure I have the know how to do this patch, could you help me with that? I can test the change.
@linuxlad I am assuming that if you go to the RHEL8 Product and find the AppStream repository, Publish HTTP will not be checked only Publish HTTPS. Can you check HTTP and sync? Get back to me if this worked. Another workaround would be changing this line in the kickstart default template: