Project

General

Profile

Bug #4463

Default profiles templates default to https:// connection for kickstart

Added by Matt Darcy over 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Templates
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

the default pxe template in foreman 1.4 creates the boot profiles URL based upon the state of the actual web interface page used to generate it,

eg:

if the user is viewing

https://foreman-host/config_templates then the default pxe parameters are generated in the pxelinux default config as

LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=https://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac

which doesn't work as the kickstart connection will try to be made on https, which requires a valid SSL certificate.

if the user generates the pxe menu with the web url

http://foreman-host/config_templates

then the pxe menu will be generated thus
LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=http://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac

to get the kickstart functioning on http - not https I have to set " :require_ssl: false " in /etc/foreman/settings.yaml

which is a security risk and a bit of a dirty hack.

the functionality should be that kickstart/build process is always done over http, unless https is configured for build operations in the unattended_url parameter.


Related issues

Related to Foreman - Bug #8228: default_template_url removed from API controllers, causes PXE menu build failureClosed2014-10-31
Related to Foreman - Bug #9773: Default profiles templates create invalid URL'sClosed2015-03-16
Has duplicate Foreman - Bug #6833: PXE default menu doesn't honour unattended_url settingDuplicate2014-07-30
Has duplicate Foreman - Bug #7318: Hostgroup provisioning provides HTTPS URLDuplicate2014-09-01

Associated revisions

Revision 0e3d0658 (diff)
Added by Stephen Benjamin over 4 years ago

fixes #4463 - use unattended URL for hostgroup provisioning

Revision 92ba1087 (diff)
Added by Stephen Benjamin over 4 years ago

fixes #4463 - use unattended URL for hostgroup provisioning

(cherry picked from commit 0e3d065853992a67ab35f3d0a2747d36a766ab24)

History

#1 Updated by Dominic Cleal over 5 years ago

  • Subject changed from kickstart templates default to https:// connection to Default profiles templates default to https:// connection for kickstart
  • Legacy Backlogs Release (now unused) deleted (7)

Note, this is the PXE default menu list of hostgroup profiles, not the usual per-host templates.

#2 Updated by Greg Sutcliffe over 5 years ago

The profile code is very old, and pretty unmaintained. Should we consider removing it? I think it's main application could be adequately handled by Discovery these days...

Failing that, it seems default_pxe_template() is a pretty old helper. Given we already have two copies of foreman_url(), I think we should merge all of this into one url-writer for templates that takes a variety of options.

#3 Updated by Dominic Cleal over 5 years ago

I think it should be fixed, not removed.

#4 Updated by Dominic Cleal almost 5 years ago

  • Has duplicate Bug #6833: PXE default menu doesn't honour unattended_url setting added

#5 Updated by Dominic Cleal almost 5 years ago

  • Bugzilla link set to 1124386

#6 Updated by Dominic Cleal almost 5 years ago

  • Has duplicate Bug #7318: Hostgroup provisioning provides HTTPS URL added

#7 Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.2
  • Pull request https://github.com/theforeman/foreman/pull/1859 added

#8 Updated by Anonymous over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #8228: default_template_url removed from API controllers, causes PXE menu build failure added

#10 Updated by Dominic Cleal over 4 years ago

  • Assignee set to Stephen Benjamin
  • Legacy Backlogs Release (now unused) set to 28

More likely in 1.7.x subject to #8228 being resolved.

#11 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) changed from 28 to 29

#12 Updated by Stephen Benjamin over 4 years ago

  • Bugzilla link deleted (1124386)

#13 Updated by Stephen Benjamin over 4 years ago

  • Related to Bug #9773: Default profiles templates create invalid URL's added

Also available in: Atom PDF