With login disabled I can get the PXE or provision template for any host by
spoofing the IP like so:
http://foreman/unattended/PXELinux?spoof=10.120.134.134
When login is enabled I have to use the token like so:
http://foreman/unattended/PXELinux?token=55bd79de-4baf-4d2f-9ca1-4a41f0ee6494
The question is how can I query the token for a host? Also, I thought the
token was the same as the hosts certname, but it appears it just generated
and stored in the database.
I am writing a script to re-provision or rebuild a existing system to
Foreman. The workflow would go like this:
- Log into Foreman and create a new host (eventually just use the api)
- ssh to the system and run a script that:
a. download the PXE template
b. determine the vmlinux, initrd and kickstart file location from the
PXE template
c. download the vmlinux and initrd files
d. Then add a entry to grub
Thanks
Indeed, they are, for security - knowing the token means anyone can
get the provisioning data for the host in question.
If the hosts are on the same network as foreman, then
"http://foreman/unattended/<type>" should work fine - Foreman can
detect the IP of the incoming request and match it to a known host in
it's database.
···
On 9 January 2013 17:31, Rodrique Heron wrote:
> With login disabled I can get the PXE or provision template for any host by
> spoofing the IP like so:
>
> http://foreman/unattended/PXELinux?spoof=10.120.134.134
>
> When login is enabled I have to use the token like so:
>
> http://foreman/unattended/PXELinux?token=55bd79de-4baf-4d2f-9ca1-4a41f0ee6494
>
> The question is how can I query the token for a host? Also, I thought the
> token was the same as the hosts certname, but it appears it just generated
> and stored in the database.
Thanks, much better than the hack I came up with.
···
On Wednesday, January 9, 2013 1:12:44 PM UTC-5, Greg Sutcliffe wrote:
>
> On 9 January 2013 17:31, Rodrique Heron <swy...@gmail.com > > wrote:
> > With login disabled I can get the PXE or provision template for any host
> by
> > spoofing the IP like so:
> >
> > http://foreman/unattended/PXELinux?spoof=10.120.134.134
> >
> > When login is enabled I have to use the token like so:
> >
> >
> http://foreman/unattended/PXELinux?token=55bd79de-4baf-4d2f-9ca1-4a41f0ee6494
> >
> > The question is how can I query the token for a host? Also, I thought
> the
> > token was the same as the hosts certname, but it appears it just
> generated
> > and stored in the database.
>
> Indeed, they are, for security - knowing the token means anyone can
> get the provisioning data for the host in question.
>
> If the hosts are on the same network as foreman, then
> "http://foreman/unattended/" should work fine - Foreman can
> detect the IP of the incoming request and match it to a known host in
> it's database.
>