Problem:
I had issues getting dynflow to work on my smart_proxies. I think that the smart proxy is using the build-in version of dynflow. The requests for the /dynflow api endpoint therefore come directly from my foreman host, not from the smart proxy. From the documentation I made the assumption that is how it used to work.
I disabled this line: https://github.com/theforeman/smart_proxy_dynflow/blob/master/lib/smart_proxy_dynflow_core/helpers.rb#L33
and things work correctly now.
Before this work-around, I tried to set :foreman_ssl_cert: in /etc/foreman-proxy/settings.yml to a copy of the cert from my foreman instance. This worked for submitting jobs, but the callback mechanism from dynflow failed, because :foreman_ssl_key: was not set. Therefore I found disabling the check a better option in my case.
Expected outcome:
The build-in dynflow being aware that is is called directly from foreman, not the proxy.
Foreman and Proxy versions:
foreman 2.1.0-1
foreman-proxy 2.1.0-1
Foreman and Proxy plugin versions:
ruby-foreman-remote-execution-core 1.3.0-1
ruby-foreman-tasks-core 0.3.4-1
Distribution and version:
Debian 10.4
Other relevant data:
/etc/foreman-proxy/settings.d/dynflow.yml:
:enabled: https
:database:
:core_url: https://lnxpupsrvdev01.bk.prodrive.nl:8008