First off, thanks for the hard work that has been put together to document
and create scripts for the process of Windows deployments using DISM and
wimaging.
I've got a fully functional workflow for deploying Windows 2012 R2 boxes,
however, it only works when the WinPE environment can call
/unattended/script directly against foreman.
When a smart-proxy is being used, the call from 10_init.cmd is sent to the
proxy instead and the source IP of the originating host gets lost, so the
template can't be generated.
I'm trying to think of the best way around this when a smart-proxy is
involved.
It's possible that for Windows deploys we will have to allow access to the
foreman master for /unattended/script call so that the source IP is
maintained.
I could disable login and use the spoof parameter to have the PE
environment grab the appropriate template.
I can't use tokens as would normally be recommended in this type of
workflow because I can't figure out a way to get the token into the WinPE
10_init.cmd script or config file as these are built into the DISM created
wimage.
Is there anything I'm missing that would make this work?
the fact you got it working that far is already pretty good! I couldn't get
that setup for the life of me that i just completely gave up and use FOG as
it's way better to provision Windows boxes
Just posting a follow-up to this one, after some digging.
So when a request is forwarded by a smart-proxy, an X-Forwarded-For header
is inserted into the HTTP conversation, with the original client source IP.
When the request is received by the foreman master, a check is done in
unattended_controller.rb:
def ip_from_request_env
ip = request.env['REMOTE_ADDR']
# check if someone is asking on behalf of another system (load balance
etc)
if request.env['HTTP_X_FORWARDED_FOR'].present? and (ip =~
Regexp.new(Setting[:remote_addr]))
if request.env['HTTP_X_FORWARDED_FOR'].present?
ip = request.env['HTTP_X_FORWARDED_FOR']
end
ip
end
However, it seems that in foreman 1.12 (current/latest) the
Regexp.new(Setting[:remote_addr])) check fails, and so the originating IP
is not used, the proxy IP is used instead which causes the request to not
match a host.
Commenting out the check as shown above, and restarting httpd, all is good,
template renders via the smart-proxy.
Will check and file a bug report.
···
On Friday, July 15, 2016 at 12:12:05 PM UTC-4, adrian wrote:
>
> First off, thanks for the hard work that has been put together to document
> and create scripts for the process of Windows deployments using DISM and
> wimaging.
>
> I've got a fully functional workflow for deploying Windows 2012 R2 boxes,
> however, it only works when the WinPE environment can call
> /unattended/script directly against foreman.
>
> When a smart-proxy is being used, the call from 10_init.cmd is sent to the
> proxy instead and the source IP of the originating host gets lost, so the
> template can't be generated.
>
> I'm trying to think of the best way around this when a smart-proxy is
> involved.
>
> It's possible that for Windows deploys we will have to allow access to the
> foreman master for /unattended/script call so that the source IP is
> maintained.
>
> I could disable login and use the spoof parameter to have the PE
> environment grab the appropriate template.
>
> I can't use tokens as would normally be recommended in this type of
> workflow because I can't figure out a way to get the token into the WinPE
> 10_init.cmd script or config file as these are built into the DISM created
> wimage.
>
> Is there anything I'm missing that would make this work?
>
Thanks! Yeah, it's a bit of a learning experience.
···
On Friday, July 15, 2016 at 12:47:38 PM UTC-4, Joey Jojo wrote:
>
> the fact you got it working that far is already pretty good! I couldn't
> get that setup for the life of me that i just completely gave up and use
> FOG as it's way better to provision Windows boxes
>
