Bug #22444
unattended: do not find host by ip when tokens are used
Description
When a host accesses unattended controller to retrieve a provisioning template or signal built state, the host is resolved by a token. This token usually has a lifetime. If the lifetime is exceeded, unattended controller falls back to using the hosts mac or ip to resolve the host.
For the unattended/provision call, the host can be retrieved by it's mac address.
For the unattended/built call, the host is resolved the request IP. If the request is proxied through a smart proxy, the smart proxy ip is used to resolve the host. The smart proxy host is not in built mode and the host is in a built loop.
To make matters worst: This causes puppet certificates to pile up and the host cannot be deleted because foreman's call to deactivate the puppet certificate times out.
Associated revisions
History
#2
Updated by The Foreman Bot over 4 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5225 added
#3
Updated by Marek Hulán over 4 years ago
- Legacy Backlogs Release (now unused) set to 330
#4
Updated by Timo Goebel over 4 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 91c553d00ad497df40ac5bdd28945b5f29f34020.
fixes #22444 - do not serve templates with expired token