This is an old revision of the document!


How To Fix Yum Basic HTTP Authentication Behind a Proxy

Problem

When configuring a yum proxy via /etc/yum.conf a “yum check-update” fails on the rhel6-some-repo-x.y repository with:

[root@myhost yum.repos.d]# yum check-update
Loaded plugins: priorities, refresh-packagekit, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
http://REDACTED:REDACTED@yum.whatever.com/yum/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 400 Bad request"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel6-some-repo-x.y. Please verify its path and try again

Additional Information

The customer used a cloud-based proxy service (ZScaler) but has NOT implemented proxy authentication. The proxy is configured correctly in /etc/yum.conf

Troubleshooting

A packet capture indicated the following HTTP header when requesting the repository information:

GET http://REDACTED:REDACTED@yum.whatever.com/yum/base/repodata/repomd.xml HTTP/1.1
Authorization: Basic Y203MHVzZXI6bmtsMzJhOGtwMWNudw==
User-Agent: urlgrabber/3.9.1 yum/3.2.29
Host: yum.whatever.com
Accept: */*
Proxy-Connection: Keep-Alive

A GET HTTP request in this format is malformed and therefore return a “400 Bad request” Further investigation revealed Yum's documentation recommends the following configuration when implementing HTTP authentication for a yum repository:

baseurl=http://yum.whatever.com/yum/base/
username=REDACTED
password=REDACTED

Running the “yum check-update” command again reveals a different error:

[root@myhost yum.repos.d]# yum check-update
Loaded plugins: priorities, refresh-packagekit, rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
http://yum.whatever.com/yum/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401 Authorization Required"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel6-some-repo-x.y. Please verify its path and try again

A packet capture shows the following HTTP request:

GET http://REDACTED:REDACTED@yum.whatever.com/yum/base/repodata/repomd.xml HTTP/1.1
Authorization: Basic Y203MHVzZXI6bmtsMzJhOGtwMWNudw==
User-Agent: urlgrabber/3.9.1 yum/3.2.29
Host: yum.whatever.com
Accept: */*
Proxy-Connection: Keep-Alive
Resolution:

Because there is “Basic” authentication but no credentials supplied, the web server responds with “401 Authorization Required”. The problem was tracked to an incompatibility with yum-3.2.29-60 and python-urlgrabber-3.9.1-9. More information:

This problem currently exists in RHEL 6.6 but may be resolved in a future version. It likely exists on any system with the python-urlgrabber-3.9.1-9 package.

Resolution

Modify /etc/yum.repos.d/rhel6-some-repo-x.y.repo to conform to yum's recommended standard of baseurl/username/password for both contained repositories. Apply the patch as documented in the NEXUS URL.

Copy the file urlgrabber.patch to the /root/ directory.
Back up the existing grabber.py file:
	cp /usr/lib/python2.6/site-packages/urlgrabber/grabber.py /root/urlgrabber_backup/head_node/grabber.py
Patch the file:
	patch /usr/lib/python2.6/site-packages/urlgrabber/grabber.py < /root/urlgrabber.patch
Each command should return an output similar to below:
	patching file /usr/lib/python2.6/site-packages/urlgrabber/grabber.py
	Hunk #2 succeeded at 426 (offset -5 lines).
	Hunk #3 succeeded at 828 (offset -6 lines).
	Hunk #4 succeeded at 1253 (offset -9 lines).
	Hunk #5 succeeded at 1349 (offset -9 lines).

Re-run the “yum check-update” command. It should complete successfully.

howto/how_to_fix_yum_basic_auth_behind_a_proxy.1427232371.txt.gz · Last modified: 2015/03/24 21:26 by smark
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0