Bug #22444

unattended: do not find host by ip when tokens are used

Added by Timo Goebel 5 months ago. Updated 4 months ago.

Assigned To:Timo Goebel
Category:Unattended installations
Target version:-
Difficulty: Bugzilla link:
Found in release:1.15.6 Pull request:https://github.com/theforeman/foreman/pull/5225
Story points-
Velocity based estimate-
Release1.18.0Release relationshipAuto


When a host accesses unattended controller to retrieve a provisioning template or signal built state, the host is resolved by a token. This token usually has a lifetime. If the lifetime is exceeded, unattended controller falls back to using the hosts mac or ip to resolve the host.

For the unattended/provision call, the host can be retrieved by it's mac address.
For the unattended/built call, the host is resolved the request IP. If the request is proxied through a smart proxy, the smart proxy ip is used to resolve the host. The smart proxy host is not in built mode and the host is in a built loop.

To make matters worst: This causes puppet certificates to pile up and the host cannot be deleted because foreman's call to deactivate the puppet certificate times out.

Associated revisions

Revision 91c553d0
Added by Timo Goebel 5 months ago

fixes #22444 - do not serve templates with expired token


#1 Updated by Timo Goebel 5 months ago

  • Found in release set to 1.15.6

#2 Updated by The Foreman Bot 5 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5225 added

#3 Updated by Marek Hulán 5 months ago

  • Release set to 1.18.0

#4 Updated by Timo Goebel 4 months ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF