Project

General

Profile

Actions

Bug #1523

open

http://foreman/unattended/provision should match http://foreman/unattended/provision?spoof=xxx.xxx.xxx.xxx

Added by Trey 85Stang almost 13 years ago. Updated almost 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

I just spend the last day and half trying to figure out what was wrong with a kick start file for provisioning. In the end the spoof url gave me a working kickstart file, the http://foreman/unattended/provision url gave me the output: "Failed to clean any old certificates or add the autosign entry.
Terminating the build!"

I think it would be better if the two matched, spoof should show the same error.

Also, if possible if any of the smart proxies tasks fail when selecting building a host... That task should fail, but I would settle for the the above two message to match.


Related issues 2 (1 open1 closed)

Related to Foreman - Feature #746: Generate all the Host template when click on Build to avoid errors during installationClosedShlomi Zadok03/15/2011Actions
Related to Foreman - Feature #1375: Add a test capabilities for smart-proxy to better report proxy configurations errorsNew12/07/2011Actions
Actions #1

Updated by Roger K over 12 years ago

I am experiencing this issue on latest "develop".

Accessing http://manage.example.com:3000/unattended/provision/?spoof=IP_ADDR results in the correct output.

attempting to boot with "ks=http://manage.example.com:3000/unattended/provision/" results in a failure.

using `tcpdump`, the following was captured:
..r....)Failed to clean any old certificates or add the autosign entry. Terminating the build!

SELinux is in permissive mode and I have set my file permissions extremely lax to debug.

drwxr-xr-x. 5 root root 4096 Mar 24 14:13 /etc/puppet/
-rwxrwxrwx. 1 foreman-proxy foreman 21 Mar 27 09:28 /etc/puppet/autosign.conf

Here is the smart-proxy object in Foreman:

manage.example.com http://manage.example.com:8443 TFTP, DHCP, Puppet CA, and Puppet

there is an entry for "test1.example.com" both via Foreman and via /etc/puppet/autosign.conf.

Actions #2

Updated by Roger K over 12 years ago

Attempted with latest git version of smart-proxy. No change.

Actions #3

Updated by Ohad Levy over 12 years ago

I'm not sure if what can we do about this one, the main issue, is that there are some operations (such as cert signing) that should happen only when the host is actually getting the KS.

maybe one option would be to have a test function that checks permissions on the proxy or something like that, not 100% sure if we can cover all cases, but it might be a start.

Actions #4

Updated by Roger K over 12 years ago

Yes, a good start would just be to increase the visibility into this problem. I was watching syslog, audit.log, production.log (Foreman) and the foreman-proxy log and saw no indications that there was a problem. my current workaround just comments out the "render" on line 142 in app/controllers/unattended_controller.rb and manage autosigning by hand.

render(:text => "Failed to clean any old certificates or add the autosign entry. Terminating the build!") unless @host.handle_ca

Actions #5

Updated by Trey 85Stang over 12 years ago

I think more visibility on the booting host could be managed by changing the message to perhaps a recuse boot? If your host keeps booting into rescue mode then some part of the provisioning task failed. I'm not a whiz with kickstart but perhaps a custom message can be inserted into the rescue boot somewhere.

Actions #6

Updated by Greg Sutcliffe about 12 years ago

  • Target version set to Bug scrub
Actions #7

Updated by Greg Sutcliffe about 12 years ago

  • Target version deleted (Bug scrub)
Actions #8

Updated by Ohad Levy almost 9 years ago

  • Related to Feature #746: Generate all the Host template when click on Build to avoid errors during installation added
Actions #9

Updated by Ohad Levy almost 9 years ago

  • Description updated (diff)
  • Category set to Unattended installations
Actions #10

Updated by Ohad Levy almost 9 years ago

  • Related to Feature #1375: Add a test capabilities for smart-proxy to better report proxy configurations errors added
Actions

Also available in: Atom PDF