Bug #22444

unattended: do not find host by ip when tokens are used

Added by Timo Goebel over 4 years ago. Updated about 4 years ago.

Unattended installations
Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:


When a host accesses unattended controller to retrieve a provisioning template or signal built state, the host is resolved by a token. This token usually has a lifetime. If the lifetime is exceeded, unattended controller falls back to using the hosts mac or ip to resolve the host.

For the unattended/provision call, the host can be retrieved by it's mac address.
For the unattended/built call, the host is resolved the request IP. If the request is proxied through a smart proxy, the smart proxy ip is used to resolve the host. The smart proxy host is not in built mode and the host is in a built loop.

To make matters worst: This causes puppet certificates to pile up and the host cannot be deleted because foreman's call to deactivate the puppet certificate times out.

Associated revisions

Revision 91c553d0 (diff)
Added by Timo Goebel over 4 years ago

fixes #22444 - do not serve templates with expired token


#2 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request added

#3 Updated by Marek Hulán over 4 years ago

  • Legacy Backlogs Release (now unused) set to 330

#4 Updated by Timo Goebel over 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF