Katello-4.2.0.rc1-1.el8 failed to fetch kickstart


Stood up a new Foreman server and a new Smart Proxy, SELinux Permissive, required firewall ports opened.

Synced BaseOs and AppStream for CentOS 8-Stream, built them into an LCE and synced them to the smart proxy.

Created a host and attempted to kickstart it via PXE.

PXE worked but at the point where the new host is trying to fetch the kickstart it fails with this message.

“curl: (22) The requested URL returned error: 404 Not Found”
“Warning: anaconda: failed to fetch kickstart from http://mysmartproxy.virtual.home.arpa:8000/unattended/provision?token=(A VALID TOKEN)”

It continued repeating that until the build timed out, I tried to build a few more times and had no luck.

Expected outcome:

I expected the new host to kickstart

Foreman and Proxy versions:


Foreman and Proxy plugin versions:

Distribution and version:

Foreman - CentOS Linux release 8.4.2105
Smart Proxy - CentOS Linux release 8.4.2105

Other relevant data:
I synced and created an LCE for Rocky 8 content and encountered the exact same problem with the kickstart.

Additional note here that if I don’t build from an external smart proxy but instead build from the smart proxy that is on the foreman server itself the kickstart works fine.

So I would assume the problem lies with --scenario foreman-proxy-content

These were my installer arguments.

foreman-installer \
                    --scenario foreman-proxy-content \
                    --certs-tar-file                              "/root/lab0l26.virtual.home.arpa.tar"\
                    --foreman-proxy-register-in-foreman           "true"\
                    --foreman-proxy-foreman-base-url              "https://lab0l25.virtual.home.arpa"\
                    --foreman-proxy-trusted-hosts                 "lab0l25.virtual.home.arpa"\
                    --foreman-proxy-trusted-hosts                 "lab0l26.virtual.home.arpa"\
                    --foreman-proxy-oauth-consumer-key            "XXX"\
                    --foreman-proxy-oauth-consumer-secret         "XXX"\
                    --puppet-server-foreman-url                   "https://lab0l25.virtual.home.arpa"\
                    --foreman-proxy-tftp true\
                    --foreman-proxy-dhcp true\

If I got that correctly, you’re trying to proxy the kickstart templates through the smart-proxy. Did you enable the smart proxy template plugin? What features do you see in Foreman for that Proxy? What do you see in the logs in case you try to fetch that manually, e.g. using curl? The 404 indicates the API endpoint is not found on the smart proxy, which could be explained by disabled templates plugin. Normally, Anaconda fetches the rendered kickstart directly from Foreman. The URL is determined by the enabled smart proxy features.

1 Like

I can try another test tonight with RC2, now that it is out.

The things enabled are only what you see in the installer snippet above

I will say that the same process worked with 4.0 and 3.x going back to 3.14

Edit: I will test with Foreman 3.0 GA tonight.

I was able to get my kickstart through the smart-proxy working by running this on the smart proxy

foreman-installer --scenario foreman-proxy-content --foreman-proxy-templates-listen-on both

The default values of the installer variables are what got me into trouble

These two default values seem to be mutually exclusive, correct me if I’m wrong.

--reset-foreman-proxy-template-url Reset template_url to the default value ("http://lab0l51.virtual.home.arpa:8000")

--reset-foreman-proxy-templates-listen-on Reset templates_listen_on to the default value ("https")

I did try just pointing my foreman-proxy-template-url to port 8443 instead and kickstart failed because of the self signed cert.


Yeah I think for provisioning template, it must be set to listen on http since installers typically can’t use https