I have 3 machines setup for testing. Server, Proxy and Client all in differnt networks, firewalls in between…
The server can not reach the client and all traffic has to go thru the proxy.
However when I from the server try to run a command on the client the traffic is going from the server to the client and of course fails. I tried to set the “Enable Global Proxy” to No in settings but then I just get this error:
“Failed to initialize: RuntimeError - Could not use any proxy. Consider configuring remote_execution_global_proxy, remote_execution_fallback_proxy in settings”
The proxy was initially not installed with the remote execution plugin but I have issued “foreman-installer --enable-foreman-proxy-plugin-remote-execution-ssh” successfully on the proxy and copied the SSH key to the client.
SSH from Proxy -> Client works fine.
The client was registered using the proxy and it also says so under “Registered Through:”
Remote execution works file Server -> Proxy.
Why is the remote execution traffic (SSH) not coming from the proxy but the server?
Check the subnet assigned to those hosts. The subnet configuration has a tab for remote execution…
I had no subnets configured since I assumed it will use the proxy assigned to the host. I added the subnet for the client and added the proxy to the subnet and now it works but only if the “Enable Global Proxy” is set to Yes. If I set it to No it fails again with the error:
Failed to initialize: RuntimeError - Could not use any proxy. Consider configuring remote_execution_global_proxy, remote_execution_fallback_proxy in settings
Reading the description for this “Enable Global Proxy” setting:
Search for remote execution proxy outside of the proxies assigned to the host. The search will be limited to the host’s organization and location."
Both the proxy and the client belong to the same location and organization. The server however has a different location but same organization. subnet is set to same location/organization as the client.
Why would it not work to have that setting to “No” in this case?
Just to follow this up, I also fixed my issue by just go Administer -> Settings -> RemoteExecution and set “Fallback to Any Proxy” to yes. Then I have no need to create subnets for all hosts.