Templates on Smart-Proxy

Arsene · August 10, 2018, 8:50am

Problem:
In the Subnet settings, when setting as Templates proxy a smart proxy the template rendering will allways renders the HTTPS URL regardless of smart-proxy template settings
The rendered foreman_url(‘provision’) is alway https://smart-proxy.foreman.org:9090/…
This will principally work but anaconda will not be able to verify/trust the SSL certificate so it will noch be able to download the template.
Would there be a way to update the initrd.img to include more Root CA?

Expected outcome:
Should return a URL depending on what is set in /etc/foreman-proxy/settings.d/template.yml.
Foreman and Proxy versions:
foreman-1.18.0-2.el7.noarch
katello-3.7.0-4.el7.noarch
foreman-proxy-1.18.0-1.el7.noarch

Foreman and Proxy plugin versions:

Other relevant data:
There are no error in logs since the template rendering works but doesn’t return the expected value

Any Idea?

rgds,
Arsene

lzap · August 10, 2018, 10:27am

Hello, Anaconda does not support root/server CA, you can only provide it an option to ignore server cert. There is simply no option you can provide it, you could however rebuild Anaconda initramdisk and include your CA yourself but that’s enough theory.

kurtis32 · August 16, 2018, 9:47pm

@lzap So we cant use Anaconda and Template Smart Proxy by default?

I’m having the same issue.

Would hard coding the foreman_url(‘provision’) to proxy endpoint work?

lzap · August 21, 2018, 7:55am

Anaconda (the installer) will refuse all kickstart URL connections to any HTTPS endpoint. It’s hardcoded in the software, we can’t do anything about this.