ERF42-9666 [Foreman::Exception]: HTTP boot requires proxy with httpboot feature and http_port exposed setting

Problem:
I use discovery for new hosts. The hosts gets discovered. I can configure it. When I click on submit, I get:
ERF42-9666 [Foreman::Exception]: HTTP boot requires proxy with httpboot feature and http_port exposed setting

Expected outcome:
The new host is rebootet and installed.

Foreman and Proxy versions:
Foreman: 2.0.0

Foreman and Proxy plugin versions:
foreman_discovery: 16.0.1
foreman_remote_execution: 3.0.3
foreman-tasks: 1.1.0
foreman_ansible: 5.0.1

Distribution and version:
Debian 10.3

Other relevant data:
I used
foreman-installer --full-help
to print my current settings and uploaded them to pastebin: https://pastebin.com/j79Zs2b7
I hope this helps, if you prefer to have them here in the board, please tell me.

When I got the error the first time I found: Cannot create host : ERF42-9666 with Foreman 1.24RC2
But running
foreman-installer --foreman-proxy-httpboot true
did not fix it, though it was false before. The setting --foreman-proxy-httpboot-listen-on is “both” by default.

Thank you for your help!

1 Like

You also need to make sure that proxy also listens on HTTP endpoint (8448/8000) using --foreman-proxy-http true. Then refresh proxy features to recognize endpoints.

1 Like

Thank you so much! I spent to whole weekend trying to figure this out!

2 Likes

You’re not the first who has a problem with this and I think we should somehow improve this flow. How to phrase the error message so it becomes clear how to fix it? Any suggestions?

The default HTTPS port is 8443, not 8448.

1 Like

I can confirm. That’s why I am telling the user to enable HTTP :slight_smile:

For starters, I have created ERF42-9666 - Foreman

We should probably have switched all the services to listen only on HTTPS instead disabling HTTP endpoint globally if that was what we were aiming for from the security standpoint. This way HTTP Boot could have been set to both and when enabled it would work normally. Or make puppet changes in a way that if there is no both/http settings, http would have been disabled.

That page says to use --foreman-proxy-https true:

foreman-installer \
 --foreman-proxy-http true \
 --foreman-proxy-https true

But that is not a valid flag for foreman-installer. Should this say --foreman-proxy-ssl true instead?

To clarify, foreman-proxy-https is not a valid flag for foreman-installer.

I believe this has been fixed, @ekohl ?

At least in our final documentation we do not require this option: https://docs.theforeman.org/master/Provisioning_Guide/index-foreman.html#creating-hosts-with-uefi-http-boot-provisioning_provisioning

1 Like

I slightly rephrased it to leave out HTTPS enablement since that’s on by default.

1 Like

@Stefan_Lasiewski in other words, you do not need to use foreman-proxy-https at all, it is always on.

1 Like

I also encountered the same problem. I set foreman-proxy-http to true but it still didn’t solve the problem.

Then make sure that your host has a Subnet associated with HTTPProxy feature turned on. Refresh features.

Sorry I didn’t understand what you mean .How to see if the host’s subnet is associated with httpboot

Sorry, I didn’t understand what you meant. How to check if the host’s subnet is associated with httpproxy

Every host must have a Subnet associated on the provision interface. Find that subnet, go to the detail page and there is a tab called Proxies. Find HTTPBoot one and it must be set to an existing proxy. If you do not see any HTTPBoot dropdown, refresh features of a smart proxy which you enabled HTTPBoot feature on via Infrastructure - Smart proxies - Refresh features.

Thank you !The problem is solved .

1 Like