Project

General

Profile

Bug #18573

yum fails to pull repo data (pulp: 403 Forbidden)

Added by Karlis Melderis about 5 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Foreman Proxy Content
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

I have central foreman server and capsule registered to it
data sync to capsule works

when I register client to capsule it fails to pull repo data
error looks like
.../repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden

if I edit /etc/pulp/repo_auth.conf
[main]
enabled: false

yum starts to work

History

#1 Updated by Karlis Melderis about 5 years ago

message from foreman-ssl_error_ssl.log in foreman server

[Mon Feb 20 21:48:19.524439 2017] [:error] [pid 5333] [remote 10.11.0.236:4] Request denied to destination [/pulp/content/var/www/pub/yum/https/repos/DEMO/WordPress_AWS_demo/WordPress_AWS_demo_DEFAULT/custom/Centos_7/centos7_x64_base/repodata/repomd.xml]Client certificate failed extension check for destination: /pulp/content/var/www/pub/yum/https/repos/DEMO/WordPress_AWS_demo/WordPress_AWS_demo_DEFAULT/custom/Centos_7/centos7_x64_base/repodata/repomd.xml

message in /var/log/messages in foreman server

Feb 20 22:48:19 demo-amv-auui02 pulp: pulp.server.content.web.views:INFO: Denying demo-amv-auui02.demo.local access to /var/lib/pulp/published/yum/master/yum_distributor/DEMO-WordPress_AWS_demo-WordPress_AWS_demo_DEFAULT-Centos_7-centos7_x64_base/1487605216.52/repodata/repomd.xml because one or more authenticators failed.

IP 10.11.0.236 is capsule
demo-amv-auui02.demo.local - foreman server

if I register directly to foreman server all works as expected

#2 Updated by Karlis Melderis about 5 years ago

we can close the case.

I pulled down certificate RPM via https and it got redirected to central server.
Thus cert for central server got installed not one from capsule.

if I use http to pull down rpm all is good.

#3 Updated by Justin Sherrill about 5 years ago

  • Category set to Foreman Proxy Content
  • Status changed from New to Rejected
  • Legacy Backlogs Release (now unused) set to 166

Also available in: Atom PDF