Missing Authorization header, need assistance please.

Buckholz, Zachary Thu, 26 Sep 2013 12:25:54 -0700

I have an issue with an F5 and two backend HAProxy's not working properly
with a commercial version of Yum from Sonatype called Nexus.


I don't have an F5 to test with, so I setup three HAProxy instances in vbox
to simulate the situation and I can reproduce the problem.

What's interesting is that when using traditional apache httpd in-place of
the Nexus YUM repo I can get it to work as shown below. But when using
Nexus YUM it fails with a 401 unauthorized error.

Is there any rewrite or cookie session rules I can implement in HAProxy to
compensate for this?




Working Traditional YUM Session using Apache to serve content with
.htaccess


This is the .htaccess file I am using:

AuthType Basic

AuthName "Restricted Files"

# (Following line optional)

AuthBasicProvider file

AuthUserFile /mnt/local_repo/pearson/passwd

Require valid-user



[root@jira ~]# yum install jira

Loaded plugins: downloadonly, fastestmirror

Loading mirror speeds from cached hostfile

rpm
              | 2.9 kB     00:00

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package jira.x86_64 0:1-6.0.8 will be installed

--> Finished Dependency Resolution


Dependencies Resolved


=================================================================================================================

 Package                  Arch                       Version
        Repository               Size

=================================================================================================================

Installing:

 jira                     x86_64                     1-6.0.8
        rpm                     128 M


Transaction Summary

=================================================================================================================

Install       1 Package(s)


Total download size: 128 M

Installed size: 162 M

Is this ok [y/N]: y

Downloading Packages:

jira-1-6.0.8.x86_64.rpm
              | 128 MB     00:06

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Warning: RPMDB altered outside of yum.

  Installing : jira-1-6.0.8.x86_64
                                  1/1

  Verifying  : jira-1-6.0.8.x86_64
                                  1/1


Installed:

  jira.x86_64 0:1-6.0.8



Complete!




--------- Front End HAProxy log showing above yum command

00000002:haproxy.accept(0003)=0005 from [192.168.50.40:58479]

00000002:haproxy.clireq[0005:ffff]: GET /nexus/repodata/repomd.xml HTTP/1.1

00000002:haproxy.clihdr[0005:ffff]: Authorization: Basic
YWRtaW46YWRtaW4xMjM=

00000002:haproxy.clihdr[0005:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000002:haproxy.clihdr[0005:ffff]: Host: 192.168.50.46

00000002:haproxy.clihdr[0005:ffff]: Accept: */*

00000002:haproxy.srvrep[0005:0006]: HTTP/1.1 200 OK

00000002:haproxy.srvhdr[0005:0006]: Date: Thu, 26 Sep 2013 17:31:29 GMT

00000002:haproxy.srvhdr[0005:0006]: Server: Apache/2.2.15 (CentOS)

00000002:haproxy.srvhdr[0005:0006]: Last-Modified: Thu, 26 Sep 2013
15:51:07 GMT

00000002:haproxy.srvhdr[0005:0006]: ETag: "17f40f-bae-4e74b5687dbfb"

00000002:haproxy.srvhdr[0005:0006]: Accept-Ranges: bytes

00000002:haproxy.srvhdr[0005:0006]: Content-Length: 2990

00000002:haproxy.srvhdr[0005:0006]: Content-Type: text/xml

00000002:haproxy.srvhdr[0005:0006]: Connection: close

Sep 26 10:31:28 puppet haproxy[7025]:
192.168.50.40:58479[26/Sep/2013:10:31:28.714] haproxy~
haproxy/haproxy1 0/0/41 3245 --
1/1/0/0/0 0/0

00000002:haproxy.clicls[0005:ffff]

00000002:haproxy.closed[0005:ffff]

00000003:haproxy.accept(0003)=0005 from [192.168.50.40:58480]

00000003:haproxy.clireq[0005:ffff]: GET /nexus/jira-1-6.0.8.x86_64.rpm
HTTP/1.1

00000003:haproxy.clihdr[0005:ffff]: Authorization: Basic
YWRtaW46YWRtaW4xMjM=

00000003:haproxy.clihdr[0005:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000003:haproxy.clihdr[0005:ffff]: Host: 192.168.50.46

00000003:haproxy.clihdr[0005:ffff]: Accept: */*

00000003:haproxy.srvrep[0005:0006]: HTTP/1.1 200 OK

00000003:haproxy.srvhdr[0005:0006]: Date: Thu, 26 Sep 2013 17:31:39 GMT

00000003:haproxy.srvhdr[0005:0006]: Server: Apache/2.2.15 (CentOS)

00000003:haproxy.srvhdr[0005:0006]: Last-Modified: Thu, 26 Sep 2013
15:50:40 GMT

00000003:haproxy.srvhdr[0005:0006]: ETag: "17f409-7fded8c-4e74b54f5e655"

00000003:haproxy.srvhdr[0005:0006]: Accept-Ranges: bytes

00000003:haproxy.srvhdr[0005:0006]: Content-Length: 134081932

00000003:haproxy.srvhdr[0005:0006]: Content-Type: application/x-rpm

00000003:haproxy.srvhdr[0005:0006]: Connection: close

Sep 26 10:31:45 puppet haproxy[7025]:
192.168.50.40:58480[26/Sep/2013:10:31:39.482] haproxy~
haproxy/haproxy1 0/0/6065 134082205 --
1/1/0/1/0 0/0



-------- Backend HAProxy Log showing above yum command


00000000:nexus.accept(0004)=0007 from [192.168.50.46:49848]

00000000:nexus.clireq[0007:ffff]: GET /nexus/repodata/repomd.xml HTTP/1.1

00000000:nexus.clihdr[0007:ffff]: Authorization: Basic YWRtaW46YWRtaW4xMjM=

00000000:nexus.clihdr[0007:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000000:nexus.clihdr[0007:ffff]: Host: 192.168.50.46

00000000:nexus.clihdr[0007:ffff]: Accept: */*

00000000:nexus.clihdr[0007:ffff]: X-Forwarded-For: 192.168.50.40

00000000:nexus.clihdr[0007:ffff]: Connection: close

00000000:nexus.srvrep[0007:0008]: HTTP/1.1 200 OK

00000000:nexus.srvhdr[0007:0008]: Date: Thu, 26 Sep 2013 17:31:29 GMT

00000000:nexus.srvhdr[0007:0008]: Server: Apache/2.2.15 (CentOS)

00000000:nexus.srvhdr[0007:0008]: Last-Modified: Thu, 26 Sep 2013 15:51:07
GMT

00000000:nexus.srvhdr[0007:0008]: ETag: "17f40f-bae-4e74b5687dbfb"

00000000:nexus.srvhdr[0007:0008]: Accept-Ranges: bytes

00000000:nexus.srvhdr[0007:0008]: Content-Length: 2990

00000000:nexus.srvhdr[0007:0008]: Content-Type: text/xml

00000000:nexus.srvhdr[0007:0008]: Connection: close

00000000:nexus.srvcls[0007:0008]

00000000:nexus.clicls[0007:0008]

00000000:nexus.closed[0007:0008]

00000001:nexus.accept(0004)=0007 from [192.168.50.46:49849]

00000001:nexus.clireq[0007:ffff]: GET /nexus/jira-1-6.0.8.x86_64.rpm
HTTP/1.1

00000001:nexus.clihdr[0007:ffff]: Authorization: Basic YWRtaW46YWRtaW4xMjM=

00000001:nexus.clihdr[0007:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000001:nexus.clihdr[0007:ffff]: Host: 192.168.50.46

00000001:nexus.clihdr[0007:ffff]: Accept: */*

00000001:nexus.clihdr[0007:ffff]: X-Forwarded-For: 192.168.50.40

00000001:nexus.clihdr[0007:ffff]: Connection: close

00000001:nexus.srvrep[0007:0008]: HTTP/1.1 200 OK

00000001:nexus.srvhdr[0007:0008]: Date: Thu, 26 Sep 2013 17:31:39 GMT

00000001:nexus.srvhdr[0007:0008]: Server: Apache/2.2.15 (CentOS)

00000001:nexus.srvhdr[0007:0008]: Last-Modified: Thu, 26 Sep 2013 15:50:40
GMT

00000001:nexus.srvhdr[0007:0008]: ETag: "17f409-7fded8c-4e74b54f5e655"

00000001:nexus.srvhdr[0007:0008]: Accept-Ranges: bytes

00000001:nexus.srvhdr[0007:0008]: Content-Length: 134081932

00000001:nexus.srvhdr[0007:0008]: Content-Type: application/x-rpm

00000001:nexus.srvhdr[0007:0008]: Connection: close

00000001:nexus.srvcls[0007:0008]

00000001:nexus.clicls[0007:0008]

00000001:nexus.closed[0007:0008]






---------- Nexus YUM Plugin Test This is the test that fails at the end
when yum tries to download the RPM.



[root@jira ~]# yum -y install atlassian-stash

Loaded plugins: downloadonly, fastestmirror

Determining fastest mirrors

rpm
              | 3.3 kB     00:00

rpm/primary_db
              | 2.9 kB     00:00

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package atlassian-stash.x86_64 0:2-7.2 will be installed

--> Finished Dependency Resolution


Dependencies Resolved


=================================================================================================================

 Package                           Arch                     Version
          Repository             Size

=================================================================================================================

Installing:

 atlassian-stash                   x86_64                   2-7.2
          rpm                    86 M


Transaction Summary

=================================================================================================================

Install       1 Package(s)


Total download size: 86 M

Installed size: 100 M

Downloading Packages:

http://192.168.50.43:50443/nexus/content/repositories/RPM/Group-Test/Artifact-Test/Version-Test/Artifact-Test-Version-Test.rpm:
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401
Unauthorized"

Trying other mirror.



Error Downloading Packages:

  atlassian-stash-2-7.2.x86_64: failed to retrieve
Group-Test/Artifact-Test/Version-Test/Artifact-Test-Version-Test.rpm from
rpm

error was [Errno 14] PYCURL ERROR 22 - "The requested URL returned error:
401 Unauthorized"





--------- Front End HAProxy log


000000b6:haproxy.accept(0003)=0005 from [192.168.50.40:58487]

000000b6:haproxy.clireq[0005:ffff]: GET
/nexus/content/repositories/RPM/repodata/repomd.xml HTTP/1.1

000000b6:haproxy.clihdr[0005:ffff]: Authorization: Basic
YWRtaW46YWRtaW4xMjM=

000000b6:haproxy.clihdr[0005:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

000000b6:haproxy.clihdr[0005:ffff]: Host: 192.168.50.46

000000b6:haproxy.clihdr[0005:ffff]: Accept: */*

000000b6:haproxy.srvrep[0005:0006]: HTTP/1.1 200 OK

000000b6:haproxy.srvhdr[0005:0006]: Date: Thu, 26 Sep 2013 18:12:01 GMT

000000b6:haproxy.srvhdr[0005:0006]: Server:
Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8

000000b6:haproxy.srvhdr[0005:0006]: Content-Type: application/xml

000000b6:haproxy.srvhdr[0005:0006]: Last-Modified: Tue, 24 Sep 2013
22:35:52 GMT

000000b6:haproxy.srvhdr[0005:0006]: ETag:
"{SHA1{7bbd3fdb734f6127db8c32ab03f556ef5b87de1e}}"

000000b6:haproxy.srvhdr[0005:0006]: Vary:
Accept-Charset,Accept-Encoding,Accept-Language,Accept

000000b6:haproxy.srvhdr[0005:0006]: X-Content-Type-Options: nosniff

000000b6:haproxy.srvhdr[0005:0006]: Content-Length: 3394

000000b6:haproxy.srvhdr[0005:0006]: Set-Cookie: rememberMe=deleteMe;
Path=/nexus; Max-Age=0; Expires=Wed, 25-Sep-2013 18:12:01 GMT

000000b6:haproxy.srvhdr[0005:0006]: Connection: close

Sep 26 11:12:01 puppet haproxy[7025]:
192.168.50.40:58487[26/Sep/2013:11:12:01.311] haproxy~
haproxy/haproxy1 0/0/58 3871 --
1/1/0/0/0 0/0

000000b6:haproxy.clireq[0005:ffff]: GET
/nexus/content/repositories/RPM/repodata/ce555483ad0ba2c3c9c773897a2c0c96886c592e87032ec3dc4c341fd7625af7-primary.sqlite.bz2
HTTP/1.1

000000b6:haproxy.clihdr[0005:ffff]: Authorization: Basic
YWRtaW46YWRtaW4xMjM=

000000b6:haproxy.clihdr[0005:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

000000b6:haproxy.clihdr[0005:ffff]: Host: 192.168.50.46

000000b6:haproxy.clihdr[0005:ffff]: Accept: */*

000000b6:haproxy.srvrep[0005:0006]: HTTP/1.1 200 OK

000000b6:haproxy.srvhdr[0005:0006]: Date: Thu, 26 Sep 2013 18:12:01 GMT

000000b6:haproxy.srvhdr[0005:0006]: Server:
Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8

000000b6:haproxy.srvhdr[0005:0006]: Content-Type: application/x-bzip

000000b6:haproxy.srvhdr[0005:0006]: Last-Modified: Tue, 24 Sep 2013
22:35:52 GMT

000000b6:haproxy.srvhdr[0005:0006]: ETag:
"{SHA1{f5c54ac3b30685fff419d22c22851c06179e07ca}}"

000000b6:haproxy.srvhdr[0005:0006]: Vary:
Accept-Charset,Accept-Encoding,Accept-Language,Accept

000000b6:haproxy.srvhdr[0005:0006]: X-Content-Type-Options: nosniff

000000b6:haproxy.srvhdr[0005:0006]: Content-Length: 2920

000000b6:haproxy.srvhdr[0005:0006]: Set-Cookie: rememberMe=deleteMe;
Path=/nexus; Max-Age=0; Expires=Wed, 25-Sep-2013 18:12:01 GMT

000000b6:haproxy.srvhdr[0005:0006]: Connection: close

Sep 26 11:12:01 puppet haproxy[7025]:
192.168.50.40:58487[26/Sep/2013:11:12:01.370] haproxy~
haproxy/haproxy1 0/1/27 3400 --
1/1/0/0/0 0/0

000000b6:haproxy.clicls[0005:ffff]

000000b6:haproxy.closed[0005:ffff]



-------- Backend HAProxy Log



00000116:nexus.accept(0004)=0007 from [192.168.50.46:50125]

00000116:nexus.clireq[0007:ffff]: GET
/nexus/content/repositories/RPM/repodata/repomd.xml HTTP/1.1

00000116:nexus.clihdr[0007:ffff]: Authorization: Basic YWRtaW46YWRtaW4xMjM=

00000116:nexus.clihdr[0007:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000116:nexus.clihdr[0007:ffff]: Host: 192.168.50.46

00000116:nexus.clihdr[0007:ffff]: Accept: */*

00000116:nexus.clihdr[0007:ffff]: X-Forwarded-For: 192.168.50.40

00000116:nexus.clihdr[0007:ffff]: Connection: close

00000116:nexus.srvrep[0007:0008]: HTTP/1.1 200 OK

00000116:nexus.srvhdr[0007:0008]: Date: Thu, 26 Sep 2013 18:12:01 GMT

00000116:nexus.srvhdr[0007:0008]: Server:
Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8

00000116:nexus.srvhdr[0007:0008]: Content-Type: application/xml

00000116:nexus.srvhdr[0007:0008]: Last-Modified: Tue, 24 Sep 2013 22:35:52
GMT

00000116:nexus.srvhdr[0007:0008]: ETag:
"{SHA1{7bbd3fdb734f6127db8c32ab03f556ef5b87de1e}}"

00000116:nexus.srvhdr[0007:0008]: Vary:
Accept-Charset,Accept-Encoding,Accept-Language,Accept

00000116:nexus.srvhdr[0007:0008]: X-Content-Type-Options: nosniff

00000116:nexus.srvhdr[0007:0008]: Content-Length: 3394

00000116:nexus.srvhdr[0007:0008]: Set-Cookie: rememberMe=deleteMe;
Path=/nexus; Max-Age=0; Expires=Wed, 25-Sep-2013 18:12:01 GMT

00000116:nexus.srvhdr[0007:0008]: Connection: close

00000116:nexus.srvcls[0007:0008]

00000116:nexus.clicls[0007:0008]

00000116:nexus.closed[0007:0008]

00000117:nexus.accept(0004)=0007 from [192.168.50.46:50126]

00000117:nexus.clireq[0007:ffff]: GET
/nexus/content/repositories/RPM/repodata/ce555483ad0ba2c3c9c773897a2c0c96886c592e87032ec3dc4c341fd7625af7-primary.sqlite.bz2
HTTP/1.1

00000117:nexus.clihdr[0007:ffff]: Authorization: Basic YWRtaW46YWRtaW4xMjM=

00000117:nexus.clihdr[0007:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000117:nexus.clihdr[0007:ffff]: Host: 192.168.50.46

00000117:nexus.clihdr[0007:ffff]: Accept: */*

00000117:nexus.clihdr[0007:ffff]: X-Forwarded-For: 192.168.50.40

00000117:nexus.clihdr[0007:ffff]: Connection: close

00000117:nexus.srvrep[0007:0008]: HTTP/1.1 200 OK

00000117:nexus.srvhdr[0007:0008]: Date: Thu, 26 Sep 2013 18:12:01 GMT

00000117:nexus.srvhdr[0007:0008]: Server:
Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8

00000117:nexus.srvhdr[0007:0008]: Content-Type: application/x-bzip

00000117:nexus.srvhdr[0007:0008]: Last-Modified: Tue, 24 Sep 2013 22:35:52
GMT

00000117:nexus.srvhdr[0007:0008]: ETag:
"{SHA1{f5c54ac3b30685fff419d22c22851c06179e07ca}}"

00000117:nexus.srvhdr[0007:0008]: Vary:
Accept-Charset,Accept-Encoding,Accept-Language,Accept

00000117:nexus.srvhdr[0007:0008]: X-Content-Type-Options: nosniff

00000117:nexus.srvhdr[0007:0008]: Content-Length: 2920

00000117:nexus.srvhdr[0007:0008]: Set-Cookie: rememberMe=deleteMe;
Path=/nexus; Max-Age=0; Expires=Wed, 25-Sep-2013 18:12:01 GMT

00000117:nexus.srvhdr[0007:0008]: Connection: close

00000117:nexus.srvcls[0007:0008]

00000117:nexus.clicls[0007:0008]

00000117:nexus.closed[0007:0008]

00000118:nexus.accept(0004)=0007 from [192.168.50.40:42939]

00000118:nexus.clireq[0007:ffff]: GET
/nexus/content/repositories/RPM/Group-Test/Artifact-Test/Version-Test/Artifact-Test-Version-Test.rpm
HTTP/1.1

00000118:nexus.clihdr[0007:ffff]: User-Agent: urlgrabber/3.9.1 yum/3.2.29

00000118:nexus.clihdr[0007:ffff]: Host: 192.168.50.43:50443

00000118:nexus.clihdr[0007:ffff]: Accept: */*

00000118:nexus.srvrep[0007:0008]: HTTP/1.1 401 Unauthorized

00000118:nexus.srvhdr[0007:0008]: Date: Thu, 26 Sep 2013 18:12:02 GMT

00000118:nexus.srvhdr[0007:0008]: Server: Jetty(8.1.11.v20130520)

00000118:nexus.srvhdr[0007:0008]: WWW-Authenticate: BASIC realm="Sonatype
Nexus Repository Manager"

00000118:nexus.srvhdr[0007:0008]: Content-Length: 0

00000118:nexus.srvhdr[0007:0008]: Connection: close

00000118:nexus.srvhdr[0007:0008]: Content-Type: application/x-rpm

00000118:nexus.srvcls[0007:0008]

00000118:nexus.clicls[0007:0008]

00000118:nexus.closed[0007:0008]


Any insight would be appreciated.


Thanks
Zach



-- 
*Zachary Buckholz*
E: [email protected]
T: 480-457-7789

PearsonAlways Learning
Learn more at www.pearson.com

Missing Authorization header, need assistance please.

Reply via email to