Unattended_Url versus firewalls

Duncan_Innes · September 1, 2016, 10:47am

Hi folks,

I have a question about deployments that have to be made via Smart Proxies
that live behind firewalls. As the unattended_url is a system-wide
parameter, how can I get my deployments to use the closest Smart Proxy
rather than the value of this parameter?

We have multiple network zones which are firewalled off from the Satellite
area as well as each other, so a Smart Proxy lives in each of those areas.
The firewalls prevent any access back to the Satellite other than from the
Smart Proxy itself. These firewalled zones cannot communicate with each
other at all.

If I set the unattended_url to one of my Smart Proxies, then deployments
that are not in that network zone will not work.

Is there a solution to this? Can/should unattended_url be set on a
per-network basis? Apologies if I've asked this before; I'm on rather a
caffeine high at the moment.

Duncan

David_McNally · September 1, 2016, 11:43am

Hi,

I believe I have a similar setup to you that I have just got working.

On the remote smart proxy I have :-

/etc/foreman-proxy/settings.d/templates.yml
:enabled: true
:template_url: http://smartproxy1.remote.local:8000

/etc/foreman-proxy/settings.yml
:http_port: 8000

Now I can generate a New Host associated with either Smart Proxy and verify
that the /var/lib/tftpboot/pxelinux.cfg/[mac-address] file has a ks
argument pointing to the local Smart Proxy

Dave

Duncan_Innes · September 14, 2016, 1:50pm

Sorry for delay.

Does this setting on the Proxy make it's way into the Boot Disks? That's
how we have to provision at the moment. We're finding the central
unattended_url and foreman_url settings are used when creating the ISO
images. We can't use DHCP/PXE provisioning at all. Some network zones
don't even have DNS, so we have to use IP addresses to point at
Satellite/Proxy.

···

On Thursday, 1 September 2016 12:46:18 UTC+1, Dave Mc wrote: > > Hi, > > I believe I have a similar setup to you that I have just got working. > > On the remote smart proxy I have :- > > /etc/foreman-proxy/settings.d/templates.yml > :enabled: true > :template_url: http://smartproxy1.remote.local:8000 > > /etc/foreman-proxy/settings.yml > :http_port: 8000 > > Now I can generate a New Host associated with either Smart Proxy and > verify that the /var/lib/tftpboot/pxelinux.cfg/[mac-address] file has a ks > argument pointing to the local Smart Proxy > > Dave >

lzap · September 15, 2016, 7:41am

> Does this setting on the Proxy make it's way into the Boot Disks? That's
> how we have to provision at the moment. We're finding the central
> unattended_url and foreman_url settings are used when creating the ISO
> images. We can't use DHCP/PXE provisioning at all. Some network zones
> don't even have DNS, so we have to use IP addresses to point at
> Satellite/Proxy.

Yes, use Host/Full host or special Subnet image in order to proxy through.

···

-- Later, Lukas #lzap Zapletal