Problem:
I am using smart proxy to provision hosts using pxe boot. That proxy is working in an isolated subnet and communicates with it’s master.
Now the debian installer fails to fetch the unattended templates from the smart proxy. It tries to reach http://smart-proxy.example.org:8000/unattended/provision?token=b05184ае-сесс-47f7-868f-7252fa7350b8.
The smart proxy does not provide port 8000. If I manually do a curl like this curl https://smart-proxy.example.org:8443/unattended/provision?token=b05184ае-сесс-47f7-868f-7252fa7350b8, the smart proxy shows this entry in the logs.
2024-07-18T10:23:20 [E] bad URI `/unattended/provision?token=b05184ае-сесс-47f7-868f-7252fa7350b8’.
Same is true if I enable http.
These are the settings for the smart proxy:
1. Enable/disable foreman_proxy module, current value: true
2. Set version, current value: "present"
3. Set ensure_packages_version, current value: "installed"
4. Set bind_host, current value: ["*"]
5. Set http, current value: false
6. Set http_port, current value: 8000
7. Set ssl, current value: true
8. Set ssl_port, current value: 8443
9. Set groups, current value: []
10. Set log, current value: "/var/log/foreman-proxy/proxy.log"
11. Set log_level, current value: "INFO"
12. Set log_buffer, current value: 2000
13. Set log_buffer_errors, current value: 1000
14. Set ssl_ca, current value: "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
15. Set ssl_cert, current value: "/etc/puppetlabs/puppet/ssl/certs/smart-proxy.example.org.pem"
16. Set ssl_key, current value: "/etc/puppetlabs/puppet/ssl/private_keys/smart-proxy.example.org.pem"
17. Set foreman_ssl_ca, current value: UNDEF
18. Set foreman_ssl_cert, current value: UNDEF
19. Set foreman_ssl_key, current value: UNDEF
20. Set ssl_disabled_ciphers, current value: []
21. Set tls_disabled_versions, current value: []
22. Set trusted_hosts, current value: ["foreman-master.example.org"]
23. Set puppetca, current value: false
24. Set puppetca_listen_on, current value: "https"
25. Set ssldir, current value: "/etc/puppetlabs/puppet/ssl"
26. Set httpboot, current value: false
27. Set puppetdir, current value: "/etc/puppetlabs/puppet"
28. Set puppet_group, current value: "puppet"
29. Set autosignfile, current value: "/etc/puppetlabs/puppet/autosign.conf"
30. Set puppetca_tokens_file, current value: "/var/lib/foreman-proxy/tokens.yml"
31. Set manage_puppet_group, current value: true
32. Set puppet, current value: false
33. Set puppet_listen_on, current value: "https"
34. Set puppet_url, current value: "https://smart-proxy.example.org:8140"
35. Set puppet_ssl_ca, current value: "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
36. Set puppet_ssl_cert, current value: "/etc/puppetlabs/puppet/ssl/certs/smart-proxy.example.org.pem"
37. Set puppet_ssl_key, current value: "/etc/puppetlabs/puppet/ssl/private_keys/smart-proxy.example.org.pem"
38. Set puppet_api_timeout, current value: 30
39. Set templates, current value: true
40. Set templates_listen_on, current value: "both"
41. Set template_url, current value: "https://smart-proxy.example.org:8000"
42. Set registration, current value: true
43. Set registration_listen_on, current value: "https"
44. Set logs, current value: true
45. Set logs_listen_on, current value: "https"
46. Set tftp, current value: true
47. Set tftp_listen_on, current value: "https"
48. Set tftp_managed, current value: true
49. Set tftp_manage_wget, current value: true
50. Set tftp_root, current value: "/srv/tftp"
And it’s not a firewall issue, as there’s actually no service running on 8000:
# ss -nap | grep -e 'ruby\|8443\|8000'
u_str ESTAB 0 0 * 175769 * 176800 users:(("ruby",pid=19588,fd=2),("ruby",pid=19588,fd=1))
tcp LISTEN 0 4096 0.0.0.0:8443 0.0.0.0:* users:(("ruby",pid=19588,fd=7))
tcp LISTEN 0 4096 [::]:8443 [::]:* users:(("ruby",pid=19588,fd=8))
Expected outcome:
Working preseeding
Foreman and Proxy versions:
3.11