We are completely new to Foreman. We mainly use it to install bare metal devices with Debian 12. Currently, the devices are set to ipv4 PXE in the BIOS and we boot Grub2 UEFI via tftp from the PXE loader. However, since TFTP is very slow during transmission and also causes problems with high latencies, we want to boot the devices via ipv4 http with the Grub 2 UEFI https PXE loader. With http, we always get the message “Error: Access forbidden, only HTTPS connections are allowed” when booting. We were able to work around this by using the Grub 2 UEFI https PXE loader. The correct path is displayed with “URI: https://foreman-proxy:9090/httpboot/grub2/grubx64.efi. However, directly below this we receive the error messages ”Error: Could not retrieve NBP file size from HTTP server“ and ”Error: Network device error".
Do you have any idea why it’s not working? Or have we misunderstood something?
Expected outcome: The preseed default template should be loaded as under tftp. Or the installation of the device should start.
**Foreman and Proxy versions:**3.13.1
Foreman and Proxy plugin versions:
Name
Descrition
Author
Version
katello
Katello adds Content and Subscription Management to Foreman. For this it relies on Candlepin and Pulp.
N/A
4.15.1
foreman_remote_execution
A plugin bringing remote execution to the Foreman, completing the config management functionality with remote management functionality.
Foreman Remote Execution team
14.0.2
foreman_openscap
Foreman plug-in for managing security compliance reports
The goal of this plugin is to unify the way of showing task statuses across the Foreman instance. It defines Task model for keeping the information about the tasks and Lock for assigning the tasks to resources. The locking allows dealing with preventing multiple colliding tasks to be run on the same resource. It also optionally provides Dynflow infrastructure for using it for managing the tasks.
Ivan Nečas
10.0.1
Distribution and version:
For the foreman and the proxys we use AlmaLinux 9.6
For the bare-metal Devices we use Debain 12, Kernel release 6.12.38+deb12-amd64
Hi, unfortunately, there are no messages about httpboot in /var/log/foreman-proxy/proxy.log, nor anything about tftpboot. That’s all that is written during bootup:
In the journalctl during the same time, we can see the dhcp request:
Dec 17 11:44:00 foremansp-proxy dhcpd[18165]: DHCPOFFER on xxx.xxx.xxx.113 to cc:82:7f:52:8e:2c via xxx.xxx.xxx.126
Dec 17 11:44:04 foremansp-proxy dhcpd[18165]: DHCPREQUEST for xxx.xx.xxx.113 (foreman-proxy-ip) from cc:82:7f:52:8e:2c via xxx.xxx.xxx.126
Dec 17 11:44:04 foremansp-proxy dhcpd[18165]: DHCPACK on xxx.xxx.xxx.113 to cc:82:7f:52:8e:2c via xxx.xxx.xxx.126
and in the /etc/foreman-installer/scenarios.d/foreman-proxy-content-answers.yaml are following flags set:
foreman_proxy:
http: true
httpboot: true
httpboot_listen_on: both
Perhaps someone can give us a tip as to why the proxy thinks it can only use https, even though we have set httpboot_listen_on: both in the flags.
This message appears instead of the one with https://…:9090/…grubx64.efi
“Error: Access forbidden, only HTTPS connections are allowed”
Hi everyone,
We got it working. Here are the points that contributed to the solution. I hope they will be useful to some of you.
The message “Error: Access forbidden, only HTTPS connections are allowed” was not caused by the Smartproxy but was a message from the client. Somehow, we assumed the whole time that the message was generated by the Smartproxy, so we looked for the error in the Smartproxy and not in the client.
We then tested it with a UEFI BIOS that allows HTTP. At first, it only worked with the IP of the Smartproxy, which we adjusted in /var/lib/dhcpd/dhcpd.leases until we entered the correct name servers for the subnet in custom-hiera.yaml. After that, the installation ran without any further adjustments.
