Problem:
When provisioning a host, PXELinux template is rendered with https://foreman-proxy.internal:8443/unattended/provision, and debian OS installer on host throws an error (cannot open url…)
Expected outcome:
This URL needs to be http://foreman-proxy.internal:8000/…
Foreman and Proxy versions:
Foreman 3.12.0
Proxy 3.12.0
Foreman and Proxy plugin versions:
Templates 3.12.0
Distribution and version:
Debian Bookworm 12.7
Other relevant data:
I did a fresh install of foreman and foreman proxy servers. I have previous experience with up to 1.24 version (also separate machines, as i intent to have multiple proxies). I think that templates plugin works OK, if I manually change “url=” in /srv/tftp/pxelinux.cfg/macaddr file to http port 8000 and reboot the host, unattended installation finishes without any problems.
I already spent few hours with this, maybe it is obvious, but i cannot spot where is my mistake.
Do i define it somewhere in proxy settings, or is it elsewere, in subnet settings maybe?
Here is my answers file from foreman-installer on proxy instance:
---
apache::mod::status: false
foreman: false
foreman::cli:
foreman_url: https://foreman-3-proxy-1.lan3.bla.internal/
version: installed
manage_root_config: true
username: *************
password: *************
use_sessions: false
refresh_cache: false
request_timeout: 120
ssl_ca_file:
foreman::cli::ansible: false
foreman::cli::azure: false
foreman::cli::discovery: {}
foreman::cli::google: false
foreman::cli::kubevirt: false
foreman::cli::openscap: false
foreman::cli::puppet: false
foreman::cli::remote_execution: false
foreman::cli::ssh: false
foreman::cli::tasks: false
foreman::cli::templates: false
foreman::cli::webhooks: false
foreman_proxy:
version: present
ensure_packages_version: installed
manage_service: true
bind_host:
- "*"
http_port: 8000
ssl_port: 8443
groups: []
log: "/var/log/foreman-proxy/proxy.log"
log_level: INFO
log_buffer: 2000
log_buffer_errors: 1000
http: true
ssl: true
ssl_ca: "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
ssl_cert: "/etc/puppetlabs/puppet/ssl/certs/foreman-3-proxy-1.lan3.bla.internal.pem"
ssl_key: "/etc/puppetlabs/puppet/ssl/private_keys/foreman-3-proxy-1.lan3.bla.internal.pem"
foreman_ssl_ca:
foreman_ssl_cert:
foreman_ssl_key:
trusted_hosts:
- foreman-3-proxy-1.lan3.bla.internal
- foreman-3-master.lan3.bla.internal
ssl_disabled_ciphers: []
tls_disabled_versions: []
puppetca: false
puppetca_listen_on: https
ssldir: "/etc/puppetlabs/puppet/ssl"
puppetdir: "/etc/puppetlabs/puppet"
puppet_group: puppet
puppetca_provider: puppetca_hostname_whitelisting
autosignfile: "/etc/puppetlabs/puppet/autosign.conf"
puppetca_sign_all: false
puppetca_tokens_file: "/var/lib/foreman-proxy/tokens.yml"
puppetca_token_ttl: 360
puppetca_certificate:
manage_puppet_group: true
puppet: false
puppet_listen_on: https
puppet_url: https://foreman-3-proxy-1.lan3.bla.internal:8140
puppet_ssl_ca: "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
puppet_ssl_cert: "/etc/puppetlabs/puppet/ssl/certs/foreman-3-proxy-1.lan3.bla.internal.pem"
puppet_ssl_key: "/etc/puppetlabs/puppet/ssl/private_keys/foreman-3-proxy-1.lan3.bla.internal.pem"
puppet_api_timeout: 30
templates: true
templates_listen_on: http
template_url: http://foreman-3-proxy-1.lan3.bla.internal:8000
registration: false
registration_listen_on: https
logs: true
logs_listen_on: https
httpboot: false
httpboot_listen_on: both
tftp: true
tftp_listen_on: https
tftp_managed: true
tftp_manage_wget: true
tftp_root: "/srv/tftp"
tftp_dirs:
tftp_servername: 10.137.113.31
tftp_replace_grub2_cfg: false
dhcp: true
dhcp_listen_on: https
dhcp_managed: true
dhcp_provider: isc
dhcp_subnets: []
dhcp_ping_free_ip: true
dhcp_option_domain:
- lan3.bla.internal
dhcp_search_domains:
dhcp_interface: enX1
dhcp_additional_interfaces: []
dhcp_gateway: 10.137.113.1
dhcp_range: 10.137.113.150 10.137.113.199
dhcp_pxeserver:
dhcp_pxefilename: pxelinux.0
dhcp_ipxefilename:
dhcp_ipxe_bootstrap: false
dhcp_network: 10.137.113.0
dhcp_netmask: 255.255.255.0
dhcp_nameservers: 10.137.113.31
dhcp_server: 127.0.0.1
dhcp_config: "/etc/dhcp/dhcpd.conf"
dhcp_leases: "/var/lib/dhcp/dhcpd.leases"
dhcp_key_name:
dhcp_key_secret:
dhcp_omapi_port: 7911
dhcp_peer_address:
dhcp_node_type: standalone
dhcp_failover_address: 10.137.100.131
dhcp_failover_port: 519
dhcp_max_response_delay: 30
dhcp_max_unacked_updates: 10
dhcp_mclt: 300
dhcp_load_split: 255
dhcp_load_balance: 3
dhcp_manage_acls: true
dns: true
dns_listen_on: https
dns_managed: true
dns_provider: nsupdate
dns_interface: enX1
dns_zone: lan3.bla.internal
dns_reverse:
- 113.137.10.in-addr.arpa
dns_server: 127.0.0.1
dns_ttl: 86400
dns_tsig_keytab: "/etc/foreman-proxy/dns.keytab"
dns_tsig_principal: foremanproxy/foreman-3-proxy-1.lan3.bla.internal@LAN3.BLA.INTERNAL
dns_forwarders:
- 10.137.100.1
libvirt_network: default
libvirt_connection: qemu:///system
bmc: true
bmc_listen_on: https
bmc_default_provider: ipmitool
bmc_redfish_verify_ssl: true
bmc_ssh_user: root
bmc_ssh_key: "/usr/share/foreman/.ssh/id_rsa"
bmc_ssh_powerstatus: 'true'
bmc_ssh_powercycle: shutdown -r +1
bmc_ssh_poweroff: shutdown +1
bmc_ssh_poweron: 'false'
realm: false
realm_listen_on: https
realm_provider: freeipa
realm_keytab: "/etc/foreman-proxy/freeipa.keytab"
realm_principal: realm-proxy@LAN3.BLA.INTERNAL
freeipa_config: "/etc/ipa/default.conf"
freeipa_remove_dns: true
keyfile: "/etc/bind/rndc.key"
register_in_foreman: true
foreman_base_url: https://foreman-3-master.lan3.bla.internal
registered_name: foreman-3-proxy-1.lan3.bla.internal
registered_proxy_url:
oauth_effective_user: admin
oauth_consumer_key: ********************************
oauth_consumer_secret: ********************************
registration_url:
puppet: false
foreman::plugin::acd: false
foreman::plugin::ansible: false
foreman::plugin::azure: false
foreman::plugin::bootdisk: false
foreman::plugin::default_hostgroup: false
foreman::plugin::dhcp_browser: false
foreman::plugin::discovery: false
foreman::plugin::dlm: false
foreman::plugin::expire_hosts: false
foreman::plugin::git_templates: false
foreman::plugin::google: false
foreman::plugin::hdm: false
foreman::plugin::host_extra_validator: false
foreman::plugin::kubevirt: false
foreman::plugin::leapp: false
foreman::plugin::monitoring: false
foreman::plugin::netbox: false
foreman::plugin::omaha: false
foreman::plugin::openscap: false
foreman::plugin::ovirt_provision: false
foreman::plugin::proxmox: false
foreman::plugin::puppet: false
foreman::plugin::puppetdb: false
foreman::plugin::remote_execution: false
foreman::plugin::remote_execution::cockpit: false
foreman::plugin::rescue: false
foreman::plugin::salt: false
foreman::plugin::snapshot_management: false
foreman::plugin::statistics: false
foreman::plugin::tasks: false
foreman::plugin::templates: false
foreman::plugin::vault: false
foreman::plugin::webhooks: false
foreman::plugin::wreckingball: false
foreman::compute::ec2: false
foreman::compute::libvirt: false
foreman::compute::openstack: false
foreman::compute::ovirt: false
foreman::compute::vmware: false
foreman_proxy::plugin::acd: false
foreman_proxy::plugin::ansible: false
foreman_proxy::plugin::dhcp::infoblox: false
foreman_proxy::plugin::dhcp::remote_isc: false
foreman_proxy::plugin::discovery:
enabled: true
version:
listen_on: https
install_images: true
tftp_root: "/srv/tftp"
source_url: http://downloads.theforeman.org/discovery/releases/latest/
image_name: fdi-image-latest.tar
foreman_proxy::plugin::dns::infoblox: false
foreman_proxy::plugin::dns::powerdns: false
foreman_proxy::plugin::dns::route53: false
foreman_proxy::plugin::dynflow: false
foreman_proxy::plugin::hdm: false
foreman_proxy::plugin::monitoring: false
foreman_proxy::plugin::omaha: false
foreman_proxy::plugin::openscap: false
foreman_proxy::plugin::remote_execution::script: false
foreman_proxy::plugin::salt: false
foreman_proxy::plugin::shellhooks: false