Bug #27848
foreman-proxy http port 8000 within katello is enabled while it should be disabled by default
Description
In satellite 6.5 :
------------------
- Port 8000 is enabled and used to get the kickstart files from the satellite server during the provisioning while it should be disabled by default.
- netstat -tulpn | grep 8000
tcp6 0 0 :::8000 :::* LISTEN 16479/ruby
- http is disabled by default. To enable, uncomment 'http_port' setting
- https is enabled if certificate, CA certificate, and private key are present in locations specifed by
- ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
- default values for https_port is 8443
:https_port: 9090
:http_port: 8000
If the http port is disabled , the provisioning process fails because the kickstart template can not be imported from the satellite.
Provisioning templates :
Kickstart default PXELinux
APPEND initrd=<%= @initrd %> ks=<%= foreman_url('provision') %> <%= pxe_kernel_options %> <%= ksoptions %>
APPEND initrd=boot/rhel8-baseos-WcW6Pwor7M-initrd.img ks=http://[SATELLITE FQDN]:8000/unattended/provision?token=0baede19-003c-4f21-82dd-145812e42ab0 network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-94-b6-8e kssendmac ks.sendmac inst.ks.sendmac
In satellite 6.4 :
------------------
- Port 8000 is disabled by default and there is no issues with the provisioning process.
APPEND initrd=boot/RedHat-7.4-x86_64-initrd.img ks=http://[SATELLITE FQDN]/unattended/provision network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-1c-95-58 kssendmac ks.sendmac inst.ks.sendmac
Version-Release number of selected component (if applicable):
Satellite 6.5
How reproducible:
100%
Steps to Reproduce:
1. Check ports on /etc/foreman-proxy/settings.yml
:https_port: 9090
:http_port: 8000
2. Preview the kickstart templates for a provisioned host , all use http://[SATELLITE FQDN]:8000
Actual results:
The http port 8000 is enabled and used by the kickstart templates.
Expected results:
The http port 8000 is disabled by default and not used in foreman_url('provision') as in satellite 6.4
Associated revisions
History
#1
Updated by The Foreman Bot over 1 year ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-installer/pull/390 added
#2
Updated by The Foreman Bot about 1 year ago
- Fixed in Releases 2.1.0 added
#3
Updated by Ewoud Kohl van Wijngaarden about 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset installer|05ad2405e8683767f786e5591ea1d1c9ec5c8b6f.
Fixes #27848 - Disable HTTP by default on Katello's proxy
The HTTP and templates features are useful when a host needs to be
provisioned and can't reach the Foreman server directly. Since this is
by definition the Foreman server, the client should be able to reach it.
The values are dropped since they match the module defaults. It doesn't
implement a migration to not touch existing installations which might
have started to rely on it.
This reverts #19720.