Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1502752

Summary: refresh manifest - proxy password with special character
Product: Red Hat Satellite Reporter: Rainer Beyel <rbeyel>
Component: Subscription ManagementAssignee: Justin Sherrill <jsherril>
Status: CLOSED ERRATA QA Contact: jcallaha
Severity: medium Docs Contact:
Priority: high    
Version: 6.2.12CC: aagrawal, ajoseph, akarsale, asamad, bkearney, bmidwood, bscalio, dhlavacd, ehelms, hmore, kgaikwad, kkohli, ktordeur, mshimura, phess, rabajaj, suarora, takirby, will_darton, wpinheir
Target Milestone: 6.5.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tfm-rubygem-katello-3.10.0.24-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:36:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rainer Beyel 2017-10-16 15:15:42 UTC 
Description of problem:

The customers Satellite depends on a proxy (with authentication) to connect to the internet. The proxy password contains a '?' (question mark) which leads to an issue when refreshing the manifest. Same error when executed from Web-UI.

# hammer subscription refresh-manifest --organization org01
[Foreman] Password for admin: 
[............................................................................................................] [100%]
Error: bad component(expected user component): red?hat

production.log
...
2017-10-16 14:19:48  [app] [E] Error during manifest refresh: {"displayMessage"=>"bad component(expected user component): red?hat", "conflicts"=>["UNKNOWN"]}
...

The credentials were set with the following command - example from my test-environment:

# satellite-installer --katello-proxy-url http://192.168.81.74 --katello-proxy-port 3128 --katello-proxy-username rainer2 --katello-proxy-password "red?hat"

Steps to Reproduce:
1. Proxy password contains a '?' (question mark)
2. Configure Satellite with the proxy credentials
3. Try to refresh the manifest (CLI, Web-UI)

Actual results:
"...Error: bad component(expected user component):..."

Expected results:
Username/password is send to proxy, proxy authentication succeeds and manifest is refreshed.

Additional info:
Looking at the proxy (squid) debug logs, it seems the username/password is not transmitted to the proxy in this case. Passwords without special characters (e.g. '?) work as expected.
Comment 5 asamad 2017-12-13 21:32:30 UTC 
Customer needs an update or fix for the issue.
Comment 16 Bryan Kearney 2019-02-12 19:02:58 UTC 
Upstream bug assigned to jsherril
Comment 17 Bryan Kearney 2019-02-12 19:03:00 UTC 
Upstream bug assigned to jsherril
Comment 18 Bryan Kearney 2019-02-13 19:02:00 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/16909 has been resolved.
Comment 21 jcallaha 2019-03-06 15:52:24 UTC 
Test results in Satellite 6.5.0 Snap 18

-bash-4.2# satellite-installer --katello-proxy-url http://localhost --katello-proxy-port 50123 --katello-proxy-username jake --katello-proxy-password "Red@Hat"
Resetting puppet server version param...
Installing             Done                                               [100%] [...........................................................................................................]
  Success!
  * Satellite is running at https://my.sat.com

  * To install an additional Capsule on separate machine continue by running:

      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"

  * To upgrade an existing 6.4 Capsule to 6.5:
      Please see official documentation for steps and parameters to use when upgrading a 6.4 Capsule to 6.5.

  The full log is at /var/log/foreman-installer/satellite.log


-bash-4.2# view /etc/foreman/plugins/katello.yaml
...
  :cdn_proxy:
    :host: http://localhost
    :port: 50123
    :user: jake
    :password: Red@Hat
Comment 22 jcallaha 2019-03-07 19:43:04 UTC 
Verified in Satellite 6.5.0 Snap 18

The manifest refresh completed successfully.

Additionally, the squid proxy's (non-satellite) access log shows good connections.

-bash-4.2# tail -f /var/log/squid/access.log 
1551987430.790    596 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987451.086    559 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987558.638    491 10.16.210.57 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987578.537    423 10.16.210.57 TCP_TUNNEL/200 9253 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987578.853    483 10.16.210.57 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987591.287    427 10.16.210.57 TCP_TUNNEL/200 2732 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987598.946   4084 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 741458 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987622.442    424 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
1551987622.964    511 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
Comment 25 errata-xmlrpc 2019-05-14 12:36:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222