That sounds very odd, since the proxy claims it's making a request. I would
expect to see something like:
2016-04-07T10:23:36 [app] [I] Started GET "/unattended/provision" for
127.0.0.1 at 2016-04-07 10:23:36 +0100
2016-04-07T10:23:36 [app] [I] Processing by
UnattendedController#host_template as /
2016-04-07T10:23:36 [app] [I] Parameters: {"kind"=>"provision"}
2016-04-07T10:23:36 [app] [I] unattended: unable to find a host that
matches the request from 127.0.0.1
2016-04-07T10:23:36 [app] [I] Filter chain halted as :get_host_details
rendered or redirected
2016-04-07T10:23:36 [app] [I] Completed 404 Not Found in 5ms (ActiveRecord:
0.7ms)
Obviously 127.0.0.1 is due to me testing this on my dev setup, but that's
the log form I'd expect to see - and crucially, the message "unable to find
a host that matches the request from 127.0.0.1" which is what tells me the
problem.
Assuming other things are logging normally to production.log, that would
lead me to suspect the smart-proxy config - is the :foreman_url parameter
correct? Can you get the template from Foreman yourself from the proxy
(i.e. there's no firewall issues)?
Greg
···
On 7 April 2016 at 07:55, James Denton wrote:
Hi Greg,
I have re-ran the kickstart and i see no output on the master
production.log at the time the request for the template is made:-/
At the moment i am testing between the foreman master and a proxy that
resides within the same subnet so no FW's in between - I have actually
wondered about the proxy configuration and the Foreman URL, this is what it
is set to:
#:foreman_url: http://127.0.0.1:3000
:foreman_url: http://foreman.test.com
I did wonder why in the hashed example the port is specified as 3000.
···
On Thursday, April 7, 2016 at 10:26:28 AM UTC+1, Greg Sutcliffe wrote:
>
> On 7 April 2016 at 07:55, James Denton <jrden...@gmail.com > > wrote:
>
>> Hi Greg,
>>
>> I have re-ran the kickstart and i see no output on the master
>> production.log at the time the request for the template is made:-/
>>
>
> That sounds very odd, since the proxy claims it's making a request. I
> would expect to see something like:
>
> 2016-04-07T10:23:36 [app] [I] Started GET "/unattended/provision" for
> 127.0.0.1 at 2016-04-07 10:23:36 +0100
> 2016-04-07T10:23:36 [app] [I] Processing by
> UnattendedController#host_template as */*
> 2016-04-07T10:23:36 [app] [I] Parameters: {"kind"=>"provision"}
> 2016-04-07T10:23:36 [app] [I] unattended: unable to find a host that
> matches the request from 127.0.0.1
> 2016-04-07T10:23:36 [app] [I] Filter chain halted as :get_host_details
> rendered or redirected
> 2016-04-07T10:23:36 [app] [I] Completed 404 Not Found in 5ms
> (ActiveRecord: 0.7ms)
>
> Obviously 127.0.0.1 is due to me testing this on my dev setup, but that's
> the log form I'd expect to see - and crucially, the message "unable to find
> a host that matches the request from 127.0.0.1" which is what tells me the
> problem.
>
> Assuming other things are logging normally to production.log, that would
> lead me to suspect the smart-proxy config - is the :foreman_url parameter
> correct? Can you get the template from Foreman yourself from the proxy
> (i.e. there's no firewall issues)?
>
> Greg
>
3000 is the default port for the built-in Rails server, which is what you'd
be using in development mode. Our default installs replace that with
Apache, so 80/443 as usual
I'm running out of ideas then. Is the production.log otherwise active (i.e
you can see you own activity while browsing the UI etc)? If so, I'm stumped
as to where your proxy requests are actually going (assuming that
foreman_url is correct) - it might be a case of wireshark-ing the traffic
and verifying the server is receiving it.
Greg
···
On 7 April 2016 at 10:38, James Denton wrote:
At the moment i am testing between the foreman master and a proxy that
resides within the same subnet so no FW’s in between - I have actually
wondered about the proxy configuration and the Foreman URL, this is what it
is set to:
#:foreman_url: http://127.0.0.1:3000
:foreman_url: http://foreman.test.com
I did wonder why in the hashed example the port is specified as 3000.
The Production is otherwise active and I can see other processes' being
logged e.g. when the TFTP files are created or when i need to remove or
cancel/start a build but as mentioned, when i expect to see something
logged when the attempt is made to get the template file, nothing.
the :foreman_url under admin – settings is https://foreman.test.com
Here my configuration for both the proxy server settings.yml and
templates.yml
—#replace default location of "settings.d":settings_directory:
/etc/foreman-proxy/settings.d# SSL Setup# If enabled, all communication
would be verified via SSL# NOTE that both certificates need to be signed by
the same CA in order for this to work# see
SSL - Smart Proxy - Foreman for more
information:ssl_certificate:
/var/lib/puppet/ssl/certs/smartproxy.test.com.pem:ssl_ca_file:
/var/lib/puppet/ssl/certs/ca.pem:ssl_private_key:
/var/lib/puppet/ssl/private_keys/smartproxy.test.com.pem# Hosts which the
proxy accepts connections from# commenting the following lines would mean
every verified SSL connection allowed# HTTPS: test the certificate CN#
HTTP: test the reverse DNS entry of the remote IP#:trusted_hosts:#-
foreman.dev.domain#to deny access to all hosts use:#:trusted_hosts: []#
verify a DNS reverse lookup against it's forward lookup# 1.1.1.1 ->
foreman.mycompany.com -> 1.1.1.1# (default: true)#:forward_verify:
true#:foreman_url: http://127.0.0.1:3000:foreman_url:
https://foreman.test.com# SSL settings for client authentication against
Foreman. If undefined, the values# from general SSL options are used
instead. Mainly useful when Foreman uses# different certificates for its
web UI and for smart-proxy requests.#:foreman_ssl_ca:
ssl/certs/ca.pem#:foreman_ssl_cert: ssl/certs/fqdn.pem#:foreman_ssl_key:
ssl/private_keys/fqdn.pem# by default smart_proxy runs in the foreground.
To enable running as a daemon, uncomment 'daemon' setting:daemon: true#
Only used when 'daemon' is set to true.# Uncomment and modify if you want
to change the default pid file
'/var/run/foreman-proxy/foreman-proxy.pid':daemon_pid:
/var/run/foreman-proxy/foreman-proxy.pid# host and ports configuration#
host to bind ports to (possible values: , localhost, 0.0.0.0):bind_host:
''# http is disabled by default. To enable, uncomment 'http_port'
setting#:http_port: 8000# https is enabled if certificate, CA certificate,
and private key are present in locations specifed by# ssl_certificate,
ssl_ca_file, and ssl_private_key correspondingly# default values for
https_port is 8443:https_port: 8443# Shared options for virsh DNS/DHCP
provider:virsh_network: default# Log configuration# Uncomment and modify if
you want to change the location of the log file or use STDOUT#:log_file:
/var/log/foreman-proxy/proxy.log# Uncomment and modify if you want to
change the log level# WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN:log_level:
DEBUG
···
On Thursday, April 7, 2016 at 2:26:22 PM UTC+1, Greg Sutcliffe wrote:
>
> On 7 April 2016 at 10:38, James Denton <jrden...@gmail.com > > wrote:
>
>> At the moment i am testing between the foreman master and a proxy that
>> resides within the same subnet so no FW's in between - I have actually
>> wondered about the proxy configuration and the Foreman URL, this is what it
>> is set to:
>>
>> #:foreman_url: http://127.0.0.1:3000
>> :foreman_url: http://foreman.test.com
>>
>> I did wonder why in the hashed example the port is specified as 3000.
>>
>
> 3000 is the default port for the built-in Rails server, which is what
> you'd be using in development mode. Our default installs replace that with
> Apache, so 80/443 as usual
>
> I'm running out of ideas then. Is the production.log otherwise active (i.e
> you can see you own activity while browsing the UI etc)? If so, I'm stumped
> as to where your proxy requests are actually going (assuming that
> foreman_url is correct) - it might be a case of wireshark-ing the traffic
> and verifying the server is receiving it.
>
> Greg
>
