Summary
If I am using AWS EC2, I can't use my region's local RHUI to populate my Pulp repo.
The remote config allows for most of what I need: the CA, client cert and client key. However, RHUI in EC2 requires additional metadata in the HTTP header to allow the request through. These settings (X-RHUI-ID: and X-RHUI-SIGNATURE:) are specific to an instance, but do not generally change once the instance is created.
There is a way to specify additional HTTP headers in the remote definition but pulp-cli doesn't implement this.
Examples
Working curl:
curl -v -L -H "X-RHUI-ID: $rhui_id" -H "X-RHUI-SIGNATURE: $rhui_signature" --cacert /etc/pki/rhui/cdn.redhat.com-chain.crt --cert /etc/pki/rhui/product/content-rhel9.crt --key /etc/pki/rhui/content-rhel9.key https://rhui.eu-central-1.aws.ce.redhat.com/pulp/content/content/dist/rhel9/rhui/9/x86_64/baseos/os/repodata/repomd.xml
where needed headers are calculated as described in this article:
https://access.redhat.com/solutions/5079081
Summary
If I am using AWS EC2, I can't use my region's local RHUI to populate my Pulp repo.
The remote config allows for most of what I need: the CA, client cert and client key. However, RHUI in EC2 requires additional metadata in the HTTP header to allow the request through. These settings (X-RHUI-ID: and X-RHUI-SIGNATURE:) are specific to an instance, but do not generally change once the instance is created.
There is a way to specify additional HTTP headers in the remote definition but pulp-cli doesn't implement this.
Examples
Working curl:
curl -v -L -H "X-RHUI-ID: $rhui_id" -H "X-RHUI-SIGNATURE: $rhui_signature" --cacert /etc/pki/rhui/cdn.redhat.com-chain.crt --cert /etc/pki/rhui/product/content-rhel9.crt --key /etc/pki/rhui/content-rhel9.key https://rhui.eu-central-1.aws.ce.redhat.com/pulp/content/content/dist/rhel9/rhui/9/x86_64/baseos/os/repodata/repomd.xmlwhere needed headers are calculated as described in this article:
https://access.redhat.com/solutions/5079081