yum with authentication doesn't work in OSS > than 2.6.0
77 views
Skip to first unread message
AlexT
Dec 31, 2013, 1:36:37 PM12/31/13
to nexus-yu...@googlegroups.com
Hello,
We've been using the Nexus OSS yum plugin with authentication and it worked fine up to version 2.6.0 but with later versions rpms can't be pulled down anymore, yum gets a 401. Nexus is behind Apache and this what's in the Apache logs:
IP_ADDR - - [31/Dec/2013:18:04:28 +0000] "GET /content/repositories/snapshots/(...)/0.1.56-SNAPSHOT/(...)-0.1.56-20131231.163133-4-rpm.rpm HTTP/1.1" 401 -
On the client server this is what yum sees:
Downloading Packages:
http://nexus01(...)/content/repositories/snapshots/(...)/0.1.56-SNAPSHOT/(...)-0.1.56-20131231.163133-4-rpm.rpm: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
This happened with 2.6.1, I rolled back to 2.6.0 and it worked. Now I upgraded to the latest, 2.7.0 and I get the same error but rolling back triggers other errors because I didn't back up my 'sonatype-work/nexus/conf"' so that's not an option anymore.
I do a 'yum clean all && yum makecache' which are successful and this is what I see in the Apache logs (HTTP 200s):
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/repomd.xml HTTP/1.1" 200 3458
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/b6439d9fe96c8361463ed09138e4fe9424ea80cf23d3e363038045ca9378f76e-filelists.sqlite.bz2 HTTP/1.1" 200 9485
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/40e7b99a615d969132ef805b7ce04cd1bf786c563813128e1b541ea52b679c6e-primary.sqlite.bz2 HTTP/1.1" 200 16084
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/211ed80de294cb7518f1cd8bcd36bb0ddd9f5a3719aa38a9e533c63c9f879cff-other.sqlite.bz2 HTTP/1.1" 200 3849
But then yum install gets a 401...
The repo definition is the one suggested in Nexus with baseurl being: baseurl=http://nexus_user:pass...@nexus.server/path/to/snapshots. If I remove the credentials from the baseurl yum makecache gets a 401 trying to pull down the repo metadata, so it fails even sooner.
To conclude Nexus is able to serve the repo metadata using the credentials but not the rpm. I'm kind of at a loss here, any help is greatly appreciated.
Thanks,
Alex
We've been using the Nexus OSS yum plugin with authentication and it worked fine up to version 2.6.0 but with later versions rpms can't be pulled down anymore, yum gets a 401. Nexus is behind Apache and this what's in the Apache logs:
IP_ADDR - - [31/Dec/2013:18:04:28 +0000] "GET /content/repositories/snapshots/(...)/0.1.56-SNAPSHOT/(...)-0.1.56-20131231.163133-4-rpm.rpm HTTP/1.1" 401 -
On the client server this is what yum sees:
Downloading Packages:
http://nexus01(...)/content/repositories/snapshots/(...)/0.1.56-SNAPSHOT/(...)-0.1.56-20131231.163133-4-rpm.rpm: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
This happened with 2.6.1, I rolled back to 2.6.0 and it worked. Now I upgraded to the latest, 2.7.0 and I get the same error but rolling back triggers other errors because I didn't back up my 'sonatype-work/nexus/conf"' so that's not an option anymore.
I do a 'yum clean all && yum makecache' which are successful and this is what I see in the Apache logs (HTTP 200s):
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/repomd.xml HTTP/1.1" 200 3458
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/b6439d9fe96c8361463ed09138e4fe9424ea80cf23d3e363038045ca9378f76e-filelists.sqlite.bz2 HTTP/1.1" 200 9485
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/40e7b99a615d969132ef805b7ce04cd1bf786c563813128e1b541ea52b679c6e-primary.sqlite.bz2 HTTP/1.1" 200 16084
IP_ADDR - - [31/Dec/2013:18:12:22 +0000] "GET /content/repositories/snapshots/repodata/211ed80de294cb7518f1cd8bcd36bb0ddd9f5a3719aa38a9e533c63c9f879cff-other.sqlite.bz2 HTTP/1.1" 200 3849
But then yum install gets a 401...
The repo definition is the one suggested in Nexus with baseurl being: baseurl=http://nexus_user:pass...@nexus.server/path/to/snapshots. If I remove the credentials from the baseurl yum makecache gets a 401 trying to pull down the repo metadata, so it fails even sooner.
To conclude Nexus is able to serve the repo metadata using the credentials but not the rpm. I'm kind of at a loss here, any help is greatly appreciated.
Thanks,
Alex
AlexT
Dec 31, 2013, 1:44:17 PM12/31/13
to nexus-yu...@googlegroups.com
Forgot to add that if I pull the rpm down with wget from the URL yum gets a 401 to but adding the credentials, it works: wget http://nexus_user:password@nexus01(...)/content/repositories/snapshots/(...)/0.1.56-SNAPSHOT/(...)-0.1.56-20131231.163133-4-rpm.rpm
AlexT
Dec 31, 2013, 2:28:50 PM12/31/13
to nexus-yu...@googlegroups.com
Did a tcpdump and authorization is sent for the metadata pull but not for the rpm pull. Also, more digging through the internets showed this: https://issues.sonatype.org/browse/NEXUS-6007.
Also forgot to add that this is happening on a CentOS 6.3 box.
Still looking for a solution, worst case scenario I'll just do a fresh 2.6.0 install where I know this was somehow working...
Also forgot to add that this is happening on a CentOS 6.3 box.
Still looking for a solution, worst case scenario I'll just do a fresh 2.6.0 install where I know this was somehow working...
On Tuesday, December 31, 2013 1:36:37 PM UTC-5, AlexT wrote:
AlexT
Jan 2, 2014, 4:00:23 PM1/2/14
to nexus-yu...@googlegroups.com
For who's interested in this, see https://issues.sonatype.org/browse/NEXUS-6007
On Tuesday, December 31, 2013 1:36:37 PM UTC-5, AlexT wrote:
Timothy Perrett
Jan 9, 2014, 4:56:50 PM1/9/14
to nexus-yu...@googlegroups.com
We are also seeing this issue - is there any news on a fix? The ticket linked below has been inactive for several days it seems. Is the solution to downgrade to a working version?
Thanks, Tim
Reply all
Reply to author
Forward
0 new messages