Description of problem: The customers Satellite depends on a proxy (with authentication) to connect to the internet. The proxy password contains a '?' (question mark) which leads to an issue when refreshing the manifest. Same error when executed from Web-UI. # hammer subscription refresh-manifest --organization org01 [Foreman] Password for admin: [............................................................................................................] [100%] Error: bad component(expected user component): red?hat production.log ... 2017-10-16 14:19:48 [app] [E] Error during manifest refresh: {"displayMessage"=>"bad component(expected user component): red?hat", "conflicts"=>["UNKNOWN"]} ... The credentials were set with the following command - example from my test-environment: # satellite-installer --katello-proxy-url http://192.168.81.74 --katello-proxy-port 3128 --katello-proxy-username rainer2 --katello-proxy-password "red?hat" Steps to Reproduce: 1. Proxy password contains a '?' (question mark) 2. Configure Satellite with the proxy credentials 3. Try to refresh the manifest (CLI, Web-UI) Actual results: "...Error: bad component(expected user component):..." Expected results: Username/password is send to proxy, proxy authentication succeeds and manifest is refreshed. Additional info: Looking at the proxy (squid) debug logs, it seems the username/password is not transmitted to the proxy in this case. Passwords without special characters (e.g. '?) work as expected.
Customer needs an update or fix for the issue.
Upstream bug assigned to jsherril
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/16909 has been resolved.
Test results in Satellite 6.5.0 Snap 18 -bash-4.2# satellite-installer --katello-proxy-url http://localhost --katello-proxy-port 50123 --katello-proxy-username jake --katello-proxy-password "Red@Hat" Resetting puppet server version param... Installing Done [100%] [...........................................................................................................] Success! * Satellite is running at https://my.sat.com * To install an additional Capsule on separate machine continue by running: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar" * To upgrade an existing 6.4 Capsule to 6.5: Please see official documentation for steps and parameters to use when upgrading a 6.4 Capsule to 6.5. The full log is at /var/log/foreman-installer/satellite.log -bash-4.2# view /etc/foreman/plugins/katello.yaml ... :cdn_proxy: :host: http://localhost :port: 50123 :user: jake :password: Red@Hat
Verified in Satellite 6.5.0 Snap 18 The manifest refresh completed successfully. Additionally, the squid proxy's (non-satellite) access log shows good connections. -bash-4.2# tail -f /var/log/squid/access.log 1551987430.790 596 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987451.086 559 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987558.638 491 10.16.210.57 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987578.537 423 10.16.210.57 TCP_TUNNEL/200 9253 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987578.853 483 10.16.210.57 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987591.287 427 10.16.210.57 TCP_TUNNEL/200 2732 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987598.946 4084 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 741458 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987622.442 424 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 9224 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 - 1551987622.964 511 2620:52:0:10d2:21e:67ff:fe65:8b81 TCP_TUNNEL/200 4117 CONNECT subscription.rhsm.redhat.com:443 jake HIER_DIRECT/10.4.204.72 -
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222