Red Hat Yum proxy support in Nexus?

Hi. I have created CentOS yum repos proxy and it working fine. But when I created for Red Hat yum proxy, it doesn’t work. We have valid Red Hat subscription actually. Is it because Red Hat not allow 3rd party to connect their server or Nexus doesnt support this?

Thank you

From client error message:

[root@uat ~]# yum install nc
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register. [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

Does$releasever/$basearch/scaleablefilesystem/os/repodata/repomd.xml exist? Access to repomd is required and it’s complaining it can’t find it.
I don’t recall any other reports of Redhat not working.

Hi Joe

Im not so sure myself, coz the baseurl i copied from redhat access page.
Also I check again in my /etc/yum.repos.d/redhat.repo, the enabled repo is$releasever/$basearch/os/

and I try curl to that link but returned permission denied.

maybe do you have the baseurl that actually working? can you share if possible?
Thank you

You’d need to expand the variables $releasever and $basearch appropriately for this to work. But I think you’re going to run into another problem. Client side SSL certificates aren’t working in Repo 3, and I believe that will be needed to get access to that repository. We’ve bumped up the priority of this issue in our backlog:

I expand the variable as you suggested

So far I did not getting the ‘handshake-failure’ issue, but HTTP/1.1 403 Forbidden instead.

2019-09-24 19:43:02,072+0800 DEBUG [qtp40223173-152] admin - < HTTP/1.1 403 Forbidden @ 180.3 ms

I am also trying to create a Red Hat yum proxy and have the same problem, where I get a HTTP 403 returned. I am assuming this is because cdn.redhat requires authentication - in particular I think it expects you to pass it sslclientcert, sslclientkey, sslcacert (see How to authenticate to - Red Hat Customer Portal). sslclientkey and sslclientcert are found in /etc/pki/entitlement on your Red Hat system and I believe are generated as part of your RHN subscription.

Presumably, Nexus does not pass these details forward (I have defined these fields in my local nexus.repo file but see no evidence of them being provided to the cdn endpoint).

I’d be interested to know if I’m approaching this the wrong way, or if there is an alternative method that allows you to sync Red Hat repositories with Nexus. I have searched through a lot of articles but haven’t found much to suggest this is possible.

1 Like