Untattended Built URL

Hello,

I’m currently adapting the ZTP support to also allow provisioning Huawei switches running VRP.
A key task in all our provisioning is letting Foreman know that the system is ready for any next steps, this is done by GETting the “foreman_url(‘built’)”-URL.

Now, it appears as if VRP doesn’t like the “?” in that URL. If I’d use this directly via foreman, I’d have the ability to simply call “<foreman_url>/unattended/built” and all would be well; however, from a proxy PoV this does not exist.

Question
Plan A:
Are there other (less-known) ways of notifying foreman that the system is built?
Does anyone know VRP or use it in combination with foreman? If so, any known work-arounds?

Plan Z:
If not, I’m willing to implement a good & acceptable way of doing this; only problem here would be: what would be the alternative? Would it be safe to rely on the forwarer-ip header at the foreman side? I wouldn’t want to go and change the world (read: the foreman way) just because this one vendor decided a questionmark is the root of all evil.

Full disclosure:
I’m also in contact with Huawei on that specific topic, as it seems extremely silly to me that the questionmark “?” would not be allowed to be used anywhere in VRP but for having context-sensitive help…

Hello, if you turn off tokens via “token_duration” (set it to 0) then token will not be present, thus no question mark. Without tokens tho, Foreman must identify the client in a different way (HTTP header, remote IP address) so pay attention to have this right.

Read this, it’s all explained there:

https://www.theforeman.org/2018/01/templating-security.html

Hello @lzap, thank you for your reply!

I tried to get this to work but it doesn’t seem to behave as expected. Looking a bit more in depth, it seems like the remote IPv4 address is displayed as an IPv6 by prefixing it with “::ffff:”.

I’ll make a patch to address this issue.