Problem:
We shut down a data center. It happened 10 days earlier than the date I was given so my smartproxy was yanked out from under my feet. Now, I have lost alot of functionality in Foreman because it can’t contact that Smart Proxy. How can I force remove it?
Expected outcome:
I’d like a way to remove the smart proxy that is no longer accessible.
Foreman and Proxy versions:
1.20.2 - all other Proxies are 1.20.2, the one that is offline was 1.20.2
Foreman and Proxy plugin versions:
Distribution and version:
CentOS 7
Other relevant data:
Anytime I try to make a change, I’m met with messages like:
failed - Remove conflicting IPv4 DNS record for sai.example.com
**Unable to save** * Remove conflicting IPv4 DNS record for sai.example.com task failed with the following error: ERF12-1261 [ProxyAPI::ProxyException]: Unable to delete DNS entry ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://missingsmartproxy.example.com:8443/dns
When I try to remove the smartproxy, it tells me 4 subnets are in use. When I try to remove the subnet it tells me 13 hosts are using subnets. When I try to update the hosts to use a different IP address, it tells me that it can’t connect to the old smart proxy and I’m stuck. All paths forward lead to failures based on not being able to contact the smartproxy. I have no idea where that machine is, I cannot get it back.
What’s the best way forward? I’m sure somebody has lost their smart proxy before and had to convince Foreman that those subnets are no longer in use. There are a handful of machines that have been relocated and are managed by a different smart proxy.
You need to go over all subnets and domains and change the Smart Proxy. For subnets there’s both forward and reverse ones. Domains just have one. You can clear them and no need to actually modify hosts. You should then be able to remove the Smart Proxy.
These subnets for which the missing proxy was authoritative are also gone and no longer need to be managed by my Foreman instance. They’re now completely unused and I’d like to see all traces of them disappear. Should I just switch the subnets over to any ol’ proxy? Does that proxy’s DHCP server need to have those subnets defined in dhcpd.conf?
You can also set it to blank (no proxy). That will mean Foreman doesn’t try to update DNS/DHCP when you change a host. It also means you can remove the Smart Proxy. That gets you out of the problem where you can’t delete it from a host. After you updated all hosts to no longer use it, you can delete the subnets themselves as well.
I have successfully moved the subnets over to have a proxy of <blank>. I then go into one of my hosts that had an interface in that subnet, click Edit > Interfaces and try to update its interface to be in a subnet of an existing subnet and an existing proxy (smartproxy-03). The update says “Record exists, overwrite?” and then I click “Overwrite” and I get this:
Remove IPv4 DNS record for vm01.eng.example.com task failed with the following error: ERF12-1261 [ProxyAPI::ProxyException]: Unable to delete DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://smartproxy-03.eng.example.com:8443/dns
I went over to our Infoblox installation and manually removed that DNS entry. I also checked to be sure that foreman-proxy service was active and running on that smartproxy (there are no signs of a problem with the service or server.) From what you said, it seems like it’s trying to remove the old DNS record even though proxies are defined as for all of the old subnets and for all of the subnets’ proxies entries.
I realize my new issue probably isn’t related to my original question. You answered my original question so I’ll consider this resolved and I’ll investigate the ERD12-1261 error that now has me blocked.
I don’t know when things changed but this was a cert verification issue. Adding the hash per these instructions made everything work for my self-signed cert: Import Self-Signed Cert
