Forgot to mention that this is about foreman 1.2 and 1.2.1 but I assume that it is valid for older releases as well.

The following macro's also only work if savemode_render is set to false which I would like to have white-listed so I they can be used with savemode_render is true.

@host.interfaces.bmc.first
@host.interfaces.bmc.first.username
@host.interfaces.bmc.first.password
@host.sp_ip
@host.sp_subnet
@host.sp_subnet.mask
@host.sp_subnet.gateway

Ok, I will do that and test it.

In my wiki updates there is a note that savemode_render should be set to false for it to work. :)
But I can remove the updates if you wish?
But then the entries about bmc (not made by me) in the wiki should probably also be removed, because they also only work if savemode_render is disabled.

Right I missed the note on the wiki, this is fine. Right. If you need assistance with your contribution, dont hesitate to ping me on IRC! Thank you.

For some reason I keep getting "http 500 errors" when viewing a template if I try to white-list methods in /usr/share/foreman/lib/foreman/renderer.rb and use them in my provisioning templates.

What I did:

With safemode_render set to false:

Added for example ", :sp_ip" to allowed_helpers as shown below:

allowed_helpers = [ :foreman_url, :grub_pass, :snippet, :snippets, :ks_console, :root_pass, :multiboot, :jumpstart_path, :install_path, :miniroot, :media_path, :sp_ip ]

Restarted everything to make sure changes are effective, also tried a reboot.

Viewing a template is now still ok.

Then added the following line using the template edit button for my host.

1. <%= @host.sp_ip %>

Viewing the template still ok.

Then set safemode_render to true:

Error 500 when trying to view template and in logging.

Unfortunately no extra information in foreman debug log the explains what went wrong.

Any Ideas what is going wrong?

The 1. before <%= @host.sp_ip %> is a hash but replaced by the wiki with .1, and forgot to mention that the right ip address is shown in the template with safemode_render set to false.

The bootdisk iPXE example templates also have Safemode problems. Specifically the methods

Redhat.url_for_boot()
Debian.boot_files_uri()

which are used to get direct download links for the kernel/initrd from the install media. Neither work correctly in Safemode. In addtion, Debian.boot_files_uri requires @host.medium as an argument, which also cannot be rendered.

host.facts_hash, host.facts_hash['foo'] should also be available.

There I some I use in bootdisk too, see #4184.

puppet_ca_server on hostgroups will also need whitelisting, I'd expect also

ca_server = <%= @host.puppet_ca_server >
certname = <= @host.certname >
environment = <= @host.environment >
server = <= @host.puppetmaster %>

will need to be updated in hostgroups as I believe I'm only getting the error on puppet_ca_server is it's the first one in the list of the puppet.conf snippet.

@host.token.nil? in the default iPXE template fails too:

There was an error rendering the Kickstart default iPXE template: undefined method 'nil?' for Safemode::Jail (Token)

Dominic Cleal wrote:

@host.token.nil? in the default iPXE template fails too:

There was an error rendering the Kickstart default iPXE template: undefined method 'nil?' for Safemode::Jail (Token)

Fixed in #5708.