Project

General

Profile

Bug #22444

unattended: do not find host by ip when tokens are used

Added by Timo Goebel 8 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Timo Goebel
Category:
Unattended installations
Target version:
1.18.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/5225
Team Backlog:
Fixed in Releases:
Found in Releases:
1.15.6

Description

When a host accesses unattended controller to retrieve a provisioning template or signal built state, the host is resolved by a token. This token usually has a lifetime. If the lifetime is exceeded, unattended controller falls back to using the hosts mac or ip to resolve the host.

For the unattended/provision call, the host can be retrieved by it's mac address.
For the unattended/built call, the host is resolved the request IP. If the request is proxied through a smart proxy, the smart proxy ip is used to resolve the host. The smart proxy host is not in built mode and the host is in a built loop.

To make matters worst: This causes puppet certificates to pile up and the host cannot be deleted because foreman's call to deactivate the puppet certificate times out.

Associated revisions

Revision 91c553d0 (diff)
Added by Timo Goebel 8 months ago

fixes #22444 - do not serve templates with expired token

History

#2 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5225 added

#3 Updated by Marek Hulán 8 months ago

  • Legacy Backlogs Release (now unused) set to 330

#4 Updated by Timo Goebel 7 months ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF