Question regarding non-SSH user-data template deployment

Nicolas_Odermatt · November 21, 2019, 4:22pm

I have one question to the VMware notes section in the current Foreman doc: If I make the adjustments for SSH-less configuration (using user-data template), how does Foreman/VMware apply the user-data template to the freshly created VM?

I found an interesting sequence diagram that visualizes how the image based approach works, but it doesn’t reflect the non-ssh way - atleast I don’t understand it.

There are a lot of topics regarding user-data templates and non-SSH deployment, though none fully cleared my misunderstanding. Apologies in advance if I add to the stack unnecessarily

Some of the posts I studied (for reference)

TimoGoebel · November 21, 2019, 4:35pm

@Nicolas_Odermatt: Have you seen this? The foreman_userdata plugin was migrated to Foreman core. But the README should describe the intended workflow.

Let me know if you have more questions.

Nicolas_Odermatt · November 22, 2019, 9:40am

Thanks Timo, that page certainly helps the non-ssh deployment in more detail.

Since the userdata plugin is now part of Foreman core, should the curl command mentioned in the debugging section work “out of the box”? (assumed a VM was deployed with the given IP)

curl -D - -H 'X-FORWARDED-FOR: 192.168.1.1' http://localhost:3000/userdata/user-data

Because I get a connection refused error applying the command to my setup:

support@v000398:~$ curl -D - -H 'X-FORWARDED-FOR: 10.35.147.110' http://localhost:3000/userdata/user-data
curl: (7) Failed to connect to localhost port 3000: Connection refused
support@v000398:~$
support@v000398:~$ telnet localhost 3000

I can’t find a setting to enable port 3000 in any file in foreman or foreman-proxy/ and I don’t think its the templates.yaml file, no?

TimoGoebel · November 22, 2019, 10:00am

localhost:3000 means your foreman server, e.g. curl -D - -H 'X-FORWARDED-FOR: 10.35.147.110' https://foreman.example.com/userdata/user-data

Nicolas_Odermatt · November 22, 2019, 3:26pm

Riiight, I coul’ve tried this on my own, thanks again.

One more question if you don’t mind: It seems Foreman searches for hosts using the requests IP even though the X-FORWARDED-FOR header is applied. Does the command work for you?

curl -D -verbose -H 'X-FORWARDED-FOR: 10.35.147.110' http://v000398/userdata/user-data
Could not find host for request 10.51.6.160

2019-11-22T15:15:07 [I|app|a4951657] Started GET "/userdata/user-data" for 10.51.6.160 at 2019-11-22 15:15:07 +0000
2019-11-22T15:15:07 [I|app|a4951657] Processing by UserdataController#userdata as TEXT
2019-11-22T15:15:07 [E|app|a4951657] Could not find host for request *10.51.6.160*
2019-11-22T15:15:07 [I|app|a4951657]   Rendering text template
2019-11-22T15:15:07 [I|app|a4951657]   Rendered text template (0.0ms)
2019-11-22T15:15:07 [I|app|a4951657] Filter chain halted as :find_host rendered or redirected
2019-11-22T15:15:07 [I|app|a4951657] Completed 404 Not Found in 16ms (Views: 0.5ms | ActiveRecord: 7.1ms)

Have a great weekend

Nicolas_Odermatt · December 18, 2019, 10:35am

Note from @Izap on Github:

The username and password for SSH login are supposed to be added on the Image details:

Nicolas_Odermatt · December 18, 2019, 12:10pm

So it turns out Vmware deploys the rendered template to the newly provisioned instance, but doesn’t apply the changes. I can see two files in the /etc/netplan/ directory:

99-netcfg-vmware.yaml

# Generated by VMWare customization engine.
network:
  version: 2
  renderer: networkd
  ethernets:
    ens192:
      dhcp4: no
      dhcp6: no
      addresses:
        - 10.35.147.250/24
      gateway4: 10.35.147.1
      nameservers:
        search:
          - domain.tld
        addresses:
          - 10.51.2.232
          - 10.51.2.233

netplan/50-cloud-init.yaml

network:
    ethernets:
        ens192:
            addresses:
            - 10.35.147.114/24
            gateway4: 10.35.147.1
            nameservers:
                addresses:
                - 10.51.2.232
                - 10.51.2.233
                search:
                - domain.tld
            optional: true
    version: 2

And it seems that the cloud init template is applied instead of the vmware netcfg. I don’t know about netplan, so I will pursue some more research on how to select a default.

Nicolas_Odermatt · December 18, 2019, 2:43pm

After I removed the 50-cloud-init.yaml file and rebootet, the VM used the remaining netplan file to configure the interface. I created a new template based on that change and redeployed a test VM. Result: All good now.