Bootdisk provisioning failing with 403 error

I am working on setting up a new foreman environment (I have an existing Satellite environment already stood up) and am having issues with the bootdisk plugin uploading the ISO to our vmware environment. I can say for certain that this is not a credential/permissions issue as our Satellite environment works without issue using the same credentials (unless there were some additional permissions added that are now required by the bootdisk plugin).

When foreman attempts to get the ISO to be uploaded to vsphere, the following error message is displayed and the deployment fails:

2022-05-27T08:34:50 [E|app|ba68a97d] Failed to save: Failed to generate ISO image for instance ERF42-6131 [Foreman::Exception]: Unable to download boot file, HTTP return code 403

When attempting to browse the URL listed above via a web browser, I do get a 403 message as well, but I think this would be expected. In case it is useful though, that error is:

403: A client certificate was not received via the X-CLIENT-CERT header.

The production.log doesn’t yield any additional helpful information as that is the only error that is displayed in the log. There are no SELinux denied messages and nothing is being blocked via the firewall on the server.

Foreman 3.2.1
vSphere 7.0U3
Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:
The foreman server is using the default self-generated certificates, so I’m not sure if that could be causing an issue but wouldn’t think that would be the case.
My bootdisk settings in the foreman UI are (all are identical in my Satellite environment):

iPXE directory						/usr/share/ipxe
ISOLINUX directory					/usr/share/syslinux
SYSLINUX directory					/usr/share/syslinux
Grub2 directory						/var/lib/tftpboot/grub2
Host image template					Boot disk iPXE - host
Generic image template				Boot disk iPXE - generic host
Generic Grub2 EFI image template	Boot disk Grub2 EFI - generic host
ISO generation command				genisoimage
Installation media caching			Yes
Allowed bootdisk types				[subnet, full_host]

All paths listed above do exist and the file contents match what is in my Satellite environment.

So this is odd… I created a new organization as I didn’t like the ‘Default_Organization’ slug that was given and everything is working without issue now. I’m not sure why this is the case, but I guess this issue is resolved.

1 Like