Fetch kickstart-file from smart proxy

Support
1

Hello,

I am facing a problem that I need to solve.

My setup is the following:

I got different subnets with different firewall-rules that I can not touch.

Main foreman host

  • Installed: Foreman, Foreman-Proxy, Discovery, Dynflow, HTTPBoot, Logs, Puppet, Puppet CA, SSH, and TFTP
  • FQDN: : foreman.example.com
  • Subnet: 10.10.10.0/16

Smart Proxy for another subnet

  • Installed: Foreman-Proxy, Discovery, Dynflow, HTTPBoot, Logs, Puppet, SSH, and TFTP
  • FQDN: foreman-proxy.example.com
  • Subnet: 10.10.20.0/16

Subnet 10.10.10.0/16 does only allow port 8443 and 443 (only for the smart-proxy-host).

Problem:

If I am using a discovery boot image (fdi 3.5.x) and set up networking, the new host can be discovered and provisioned using the smart proxy.

Unfortunately it’s not possible to fetch the kickstart file:

Warning: anaconda: failed to fetch kickstart from http://foreman.example.com/unattended/provision?token=abc / https://foreman.example.com/unattended/provision?token=abc

Is it possible to provide kickstart files using the smart proxy?

Foreman and Proxy versions:

Foreman Host

Discovery

Version

1.0.5

Dynflow

Version

0.2.4

HTTPBoot

Version

1.24.2

SSH

Version

0.2.1

TFTP

Version

1.24.2

TFTP server

false

Proxy:

Discovery

Version

1.0.5

Dynflow

Version

0.2.4

HTTPBoot

Version

1.24.2

SSH

Version

0.2.1

TFTP

Version

1.24.2

TFTP server

false

2

Hi,

you will probably need the smartproxy templates feature enabled enabled.
Without this, smartproxy can not serve kickstart files. It is part of the core smart-proxy features, but not enabled by default. I cannot check right now, but afaik you will also need to set the smartproxy as template proxy for that subnet.

Regards

1 Like
3

Yeah, investigate smart proxy logs. If that’s 404 the plugin is missing so the endpoint was not enabled yet. If thats 500 it can be communication error between smart proxy and foreman. Etc.

1 Like