Project

General

Profile

Actions

Bug #1059

closed

Post Centos install build information to foreman not wokring

Added by NoName NoSurname over 13 years ago. Updated over 12 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #1069: Unattended install behind firewall and built statusClosedGreg Sutcliffe07/26/2011Actions
Actions #1

Updated by NoName NoSurname over 13 years ago

I've a problem with the clients inventory for which I always have "No inventory data" after a fresh install. Looking further it seems it's because the host is still in "Build" status.

I verified the KS used during the installation and here's the notification to foreman section :

  1. Inform the build system that we are done.
    echo "Informing Foreman that we are built"
    wget -q -O /dev/null --no-check-certificate http://foremanserver:3000/unattended/built
    exit 0
    %end

so the link is good and I tried to run the command "wget -q -O /dev/null --no-check-certificate http://foremanserver:3000/unattended/built" manually and this has no effect in forman which tell the client still in build mode...

Is there any configuration I missed ?

Thanks in advance

Actions #2

Updated by Ohad Levy over 13 years ago

  • Status changed from New to Feedback

did you try it from the host your tried to build? foreman is auto detecting where the request is coming from...

Actions #3

Updated by NoName NoSurname over 13 years ago

Hi Ohadlevy,

Yes of course I tried to manually run the command directly from the client !

Any idea ?

Thanks

Actions #4

Updated by NoName NoSurname over 13 years ago

Hello,

I found the problem of this case.

To be clear :

Foreman / puppet master are installed on the same machine which is on LAN and WAN (with restrictions).
Now, when I create a new machine into LAN, the notification will be send on the PUBLIC address of foreman. Meaning this new client will use its gateway to access internet and when foreman see the request coming the IP address is not the private one of the new machine of course but the public one of the Gateway / Firewall !!!

This is tricky and I don't know if you will not find another way to advise foreman that the build is done...

Like to hardcode the client IP in the URL...

What do you think ?

Actions #5

Updated by Benjamin Papillon over 12 years ago

Hardcoding the client IP in the URL is really bad in case of unauthentified query.

How about managing this issue the same way it is done for the kickstart query?
It should be possible to spoof the "build done" message only if user is authenticated.
This way, you can pass authentication to wget/curl/whatever and it wont break your security.

Actions #6

Updated by Ohad Levy over 12 years ago

  • Status changed from Feedback to Duplicate
Actions

Also available in: Atom PDF