Problem:
I have one forman and 2 proxies (called kforeman - main foreman in “K” site, aforeman - proxy in “A” site, tforeman - proxy in “T” site).
Additionally 3 hosts are registed using specific foreman - khost → kforeman, ahost → aforeman, thost → tforeman.
foreman and proxies were installed using --enable-foreman-proxy-plugin-remote-execution-script parameter.
I added foreman-proxy pubkey of specific instance to specific host. (kforeman → khost, aforeman → ahost, tforeman → thost. proxies (aforeman and tforeman have kforeman key imporded as there are registred to it).
I am able to manually ssh using private key from specific forman to specific host in the same site. SSH access to other sites is denied.
Hosts and proxies are assigned the same organization and specific location (site).
When I want to schedule remote job, for one hosts it works like a charm (for example thost, which is executed by tforeman).
But others are not working, I can see in failed job that job on ahost was executed by kforeman. 1. no ssh access is open betwen kforeman and ahost, 2. ahost has only ssh pubkey from aforeman not kforeman.
How foreman determines which proxy use to execute command? can this be configured?
My assumption was that remote job would be invoked by smart proxy used for the registration.
Foreman and Proxy versions:
3.12
Foreman and Proxy plugin versions:
3.12
Distribution and version:
RHEL8.10
Other relevant data:
