Project

General

Profile

Bug #27848

foreman-proxy http port 8000 within katello is enabled while it should be disabled by default

Added by Ewoud Kohl van Wijngaarden about 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
1743254
Pull request:
https://github.com/theforeman/foreman-installer/pull/390
Fixed in Releases:
Foreman - 2.1.0
Found in Releases:

Description

In satellite 6.5 :
------------------

- Port 8000 is enabled and used to get the kickstart files from the satellite server during the provisioning while it should be disabled by default.

  1. netstat -tulpn | grep 8000
    tcp6 0 0 :::8000 :::* LISTEN 16479/ruby
/etc/foreman-proxy/settings.yml
  1. http is disabled by default. To enable, uncomment 'http_port' setting
  2. https is enabled if certificate, CA certificate, and private key are present in locations specifed by
  3. ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
  4. default values for https_port is 8443
    :https_port: 9090
    :http_port: 8000

If the http port is disabled , the provisioning process fails because the kickstart template can not be imported from the satellite.

Provisioning templates :
Kickstart default PXELinux
APPEND initrd=<%= @initrd %> ks=<%= foreman_url('provision') %> <%= pxe_kernel_options %> <%= ksoptions %>
APPEND initrd=boot/rhel8-baseos-WcW6Pwor7M-initrd.img ks=http://[SATELLITE FQDN]:8000/unattended/provision?token=0baede19-003c-4f21-82dd-145812e42ab0 network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-94-b6-8e kssendmac ks.sendmac inst.ks.sendmac

In satellite 6.4 :
------------------
- Port 8000 is disabled by default and there is no issues with the provisioning process.

APPEND initrd=boot/RedHat-7.4-x86_64-initrd.img ks=http://[SATELLITE FQDN]/unattended/provision  network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-1c-95-58 kssendmac ks.sendmac inst.ks.sendmac

Version-Release number of selected component (if applicable):

Satellite 6.5

How reproducible:
100%

Steps to Reproduce:
1. Check ports on /etc/foreman-proxy/settings.yml

:https_port: 9090
:http_port: 8000

2. Preview the kickstart templates for a provisioned host , all use http://[SATELLITE FQDN]:8000

Actual results:
The http port 8000 is enabled and used by the kickstart templates.

Expected results:

The http port 8000 is disabled by default and not used in foreman_url('provision') as in satellite 6.4

Associated revisions

Revision 05ad2405 (diff)
Added by Ewoud Kohl van Wijngaarden 9 months ago

Fixes #27848 - Disable HTTP by default on Katello's proxy

The HTTP and templates features are useful when a host needs to be
provisioned and can't reach the Foreman server directly. Since this is
by definition the Foreman server, the client should be able to reach it.

The values are dropped since they match the module defaults. It doesn't
implement a migration to not touch existing installations which might
have started to rely on it.

This reverts #19720.

History

#1 Updated by The Foreman Bot about 1 year ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-installer/pull/390 added

#2 Updated by The Foreman Bot 9 months ago

  • Fixed in Releases 2.1.0 added

#3 Updated by Ewoud Kohl van Wijngaarden 9 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF