Project

General

Profile

Bug #1523

http://foreman/unattended/provision should match http://foreman/unattended/provision?spoof=xxx.xxx.xxx.xxx

Added by Trey 85Stang about 9 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

I just spend the last day and half trying to figure out what was wrong with a kick start file for provisioning. In the end the spoof url gave me a working kickstart file, the http://foreman/unattended/provision url gave me the output: "Failed to clean any old certificates or add the autosign entry.
Terminating the build!"

I think it would be better if the two matched, spoof should show the same error.

Also, if possible if any of the smart proxies tasks fail when selecting building a host... That task should fail, but I would settle for the the above two message to match.


Related issues

Related to Foreman - Feature #746: Generate all the Host template when click on Build to avoid errors during installationClosed2011-03-15
Related to Foreman - Feature #1375: Add a test capabilities for smart-proxy to better report proxy configurations errorsNew2011-12-07

History

#1 Updated by Roger K about 9 years ago

I am experiencing this issue on latest "develop".

Accessing http://manage.example.com:3000/unattended/provision/?spoof=IP_ADDR results in the correct output.

attempting to boot with "ks=http://manage.example.com:3000/unattended/provision/" results in a failure.

using `tcpdump`, the following was captured:
..r....)Failed to clean any old certificates or add the autosign entry. Terminating the build!

SELinux is in permissive mode and I have set my file permissions extremely lax to debug.

drwxr-xr-x. 5 root root 4096 Mar 24 14:13 /etc/puppet/
-rwxrwxrwx. 1 foreman-proxy foreman 21 Mar 27 09:28 /etc/puppet/autosign.conf

Here is the smart-proxy object in Foreman:

manage.example.com http://manage.example.com:8443 TFTP, DHCP, Puppet CA, and Puppet

there is an entry for "test1.example.com" both via Foreman and via /etc/puppet/autosign.conf.

#2 Updated by Roger K about 9 years ago

Attempted with latest git version of smart-proxy. No change.

#3 Updated by Ohad Levy about 9 years ago

I'm not sure if what can we do about this one, the main issue, is that there are some operations (such as cert signing) that should happen only when the host is actually getting the KS.

maybe one option would be to have a test function that checks permissions on the proxy or something like that, not 100% sure if we can cover all cases, but it might be a start.

#4 Updated by Roger K about 9 years ago

Yes, a good start would just be to increase the visibility into this problem. I was watching syslog, audit.log, production.log (Foreman) and the foreman-proxy log and saw no indications that there was a problem. my current workaround just comments out the "render" on line 142 in app/controllers/unattended_controller.rb and manage autosigning by hand.

render(:text => "Failed to clean any old certificates or add the autosign entry. Terminating the build!") unless @host.handle_ca

#5 Updated by Trey 85Stang about 9 years ago

I think more visibility on the booting host could be managed by changing the message to perhaps a recuse boot? If your host keeps booting into rescue mode then some part of the provisioning task failed. I'm not a whiz with kickstart but perhaps a custom message can be inserted into the rescue boot somewhere.

#6 Updated by Greg Sutcliffe over 8 years ago

  • Target version set to Bug scrub

#7 Updated by Greg Sutcliffe over 8 years ago

  • Target version deleted (Bug scrub)

#8 Updated by Ohad Levy about 5 years ago

  • Related to Feature #746: Generate all the Host template when click on Build to avoid errors during installation added

#9 Updated by Ohad Levy about 5 years ago

  • Description updated (diff)
  • Category set to Unattended installations

#10 Updated by Ohad Levy about 5 years ago

  • Related to Feature #1375: Add a test capabilities for smart-proxy to better report proxy configurations errors added

Also available in: Atom PDF