Bug #4463
closed
Default profiles templates default to https:// connection for kickstart
Description
the default pxe template in foreman 1.4 creates the boot profiles URL based upon the state of the actual web interface page used to generate it,
eg:
if the user is viewing
https://foreman-host/config_templates then the default pxe parameters are generated in the pxelinux default config as
LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=https://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac
which doesn't work as the kickstart connection will try to be made on https, which requires a valid SSL certificate.
if the user generates the pxe menu with the web url
http://foreman-host/config_templates
then the pxe menu will be generated thus
LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=http://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac
to get the kickstart functioning on http - not https I have to set " :require_ssl: false " in /etc/foreman/settings.yaml
which is a security risk and a bit of a dirty hack.
the functionality should be that kickstart/build process is always done over http, unless https is configured for build operations in the unattended_url parameter.
Updated by Dominic Cleal almost 11 years ago
- Subject changed from kickstart templates default to https:// connection to Default profiles templates default to https:// connection for kickstart
- Translation missing: en.field_release deleted (
7)
Note, this is the PXE default menu list of hostgroup profiles, not the usual per-host templates.
Updated by Greg Sutcliffe almost 11 years ago
The profile code is very old, and pretty unmaintained. Should we consider removing it? I think it's main application could be adequately handled by Discovery these days...
Failing that, it seems default_pxe_template() is a pretty old helper. Given we already have two copies of foreman_url(), I think we should merge all of this into one url-writer for templates that takes a variety of options.
Updated by Dominic Cleal almost 11 years ago
I think it should be fixed, not removed.
Updated by Dominic Cleal over 10 years ago
- Has duplicate Bug #6833: PXE default menu doesn't honour unattended_url setting added
Updated by Dominic Cleal over 10 years ago
- Has duplicate Bug #7318: Hostgroup provisioning provides HTTPS URL added
Updated by The Foreman Bot about 10 years ago
- Status changed from New to Ready For Testing
- Target version set to 1.7.2
- Pull request https://github.com/theforeman/foreman/pull/1859 added
Updated by Anonymous about 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 0e3d065853992a67ab35f3d0a2747d36a766ab24.
Updated by Dominic Cleal about 10 years ago
- Related to Bug #8228: default_template_url removed from API controllers, causes PXE menu build failure added
Updated by Dominic Cleal about 10 years ago
- Assignee set to Stephen Benjamin
- Translation missing: en.field_release set to 28
More likely in 1.7.x subject to #8228 being resolved.
Updated by Dominic Cleal almost 10 years ago
- Translation missing: en.field_release changed from 28 to 29
Updated by Stephen Benjamin over 9 years ago
- Related to Bug #9773: Default profiles templates create invalid URL's added