Bug #23291
closed
Proxy template URL not used for kickstart
Description
Steps to reproduce:
1) Have a smart-proxy with templates feature
2) Set template_url to use http in /etc/smart-proxy/settings.d/templates.yml
3) Assign the proxy to a subnet as template proxy
4) Try to provision a host in subnet from step 3
Actual result:
The host tries to access the proxy over the https and fails because CA used to signed the proxy's certificate is not trusted
Expected result:
template_url is honored and provisioning doesn't fail
After observing the log, we noticed that the base url is trying to access the templateServer API on the wrong URL: https://<proxy>:8443/unattended*/unattended* while it should be https://<proxy>:8443/unattended
Updated by Arend Lapere over 6 years ago
- Triaged set to No
Hello,
Could it be that you are running into this on 1.18-RC1/2/3?
I've investigated a bit, and seems this patch-set is the culprit:
https://github.com/theforeman/foreman/commit/009e7bbd29f31c3750a8be47b4aecf5278c0db95#diff-1b99c484fd9f41096d5029e5b20d6165
This creates the Template class twice (and appends the "/unattended" string to the URL):
- Once initiated when retrieving Subnet.template_proxy
- This template_proxy is than passed to the second instantiation, done in foreman_url_rendered, which is needed to retrieve actual templateServer from the proxy.
To validate, I've removed the instance in app/models/subnet.rb:181 and simply returned the template variable, after this, all seems to behave as expected.
Although the latter is probably not the answer, as it seems to be more in line with the rest of the modules (e.g. DNS, BMC, ...).
Updated by Arend Lapere over 6 years ago
- Found in Releases 1.18.0-RC1, 1.18.0-RC2, 1.18.0-RC3 added
Updated by Arend Lapere over 6 years ago
- Description updated (diff)
- Priority changed from Normal to High
Updated by Arend Lapere over 6 years ago
I've found a qualitative fix for this issue, I'm writing a test to make sure this one never comes back on our plate.
Updated by Arend Lapere over 6 years ago
- Assignee set to Aaron Stone
- Pull request https://github.com/theforeman/foreman/pull/5822 added
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
Updated by Anonymous over 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset bfca460de52da0397d22fb1fddc795c2a4184e03.
Updated by Marek Hulán over 6 years ago
- Target version set to 1.20.0
- Fixed in Releases 1.20.0 added
Updated by The Foreman Bot over 6 years ago
- Pull request https://github.com/theforeman/foreman/pull/5852 added
Updated by The Foreman Bot over 6 years ago
- Pull request https://github.com/theforeman/foreman/pull/5853 added
Updated by Arend Lapere over 6 years ago
- Fixed in Releases 1.18.1, 1.19.0-RC1 added
Updated by Tomer Brisker over 6 years ago
- Fixed in Releases 1.19.0 added
- Fixed in Releases deleted (
1.19.0-RC1)
Updated by 
Updated by
Updated by Tomer Brisker about 6 years ago
- Has duplicate Bug #24787: Templates subnet association renders to Capsule URL and not template_url added