Description of problem: Following this guide: https://access.redhat.com/blogs/1169563/posts/3640721 We are unable to fetch the `<fqdn_foreman>/userdata/meta-data` because of HTTPS, if I turn off SSL on Foreman this works correctly. This worked fine on 6.3 Version-Release number of selected component (if applicable): Katello 3.11 Foreman 1.21 vCenter 6.7 How reproducible: Steps to Reproduce: 1. Install Katello 3.11 2. Setup Compute resource for VMware 3. Create a RHEL 7 template with cloud-init 4. Follow https://access.redhat.com/blogs/1169563/posts/3640721 Actual results: Host builds and gets hostname correctly but does not do anything that it was instructed to with cloud-init, also in the Foreman UI it shows that the build is pending and since cloud-init can not pull down the metadata it never phones home to Foreman. Expected results: Build to finish correctly and UI to change from pending install to finished without having to turn off SSL. Additional info: It looks like here in the plugin we ignore HSTS: https://github.com/theforeman/foreman_userdata/blob/master/app/controllers/userdata_controller.rb#L71-L73 I tried turning off HSTS both with the installer and in the /etc/foreman/settings.yml and that did not appear to fix the issue. https://github.com/theforeman/puppet-foreman/blob/master/manifests/params.pp#L103 It looks like we force SSL here: https://github.com/theforeman/foreman/blob/1.21-stable/app/controllers/application_controller.rb#L7 https://github.com/theforeman/foreman/blob/1.21-stable/app/controllers/application_controller.rb#L78-L80 https://github.com/theforeman/foreman/blob/1.21-stable/app/controllers/api/base_controller.rb#L8 https://github.com/theforeman/foreman/blob/1.21-stable/app/controllers/api/base_controller.rb#L109-L111 We can see from the cloud-init logs on a client we are getting redirected because of https: https://gist.github.com/chris1984/00eb466f3730ab6b559b92d8897fe6f5 Since we don't have the SSL CA we get a verify fail I turned off https on Foreman with https://gist.github.com/chris1984/50528b4b5df1720067ea58624244a004 Now we can see from a new client that we can curl the meta-data and the logs look good [root@tonya-dunkel ~]# curl http://foreman.toledo.satellite.lab.eng.rdu2.redhat.com/userdata/meta-data instance-id: i-c1dfd96eea8cc2b627 hostname: tonya-dunkel.toledo.satellite.lab.eng.rdu2.redhat.com mac: 00:50:56:9e:63:06 local-ipv4: 10.8.106.218 https://gist.github.com/chris1984/635dc97a8104858daaac54fcc1b5ddb7 Foreman Userdata Templates is now part of Foreman 1.23 so this might work with latest upstream since it is part of core
QA: Please follow this older tutorial on settings things up: https://access.redhat.com/blogs/1169563/posts/3640721 Process will be very similar if not the same, except there is no need of installing any plugin - all code is now part of Foreman core. Templates are also available.
Build : Satellite 6.6 snap 11 I was able to provision and install the Vm on VMware with cloud init successfully following the above blogpost 2019-07-17 08:40:00,099 - url_helper.py[DEBUG]: [0/11] open 'http://sat-host/unattended/built?token=5398f5ce-95ab-4ee9-ac04-881dc4d3e24d' with {'url': 'http://sat-host/unattended/built?token=5398f5ce-95ab-4ee9-ac04-881dc4d3e24d', 'headers': {'User-Agent': 'Cloud-Init/18.2'}, 'allow_redirects': True, 'method': 'GET', 'timeout': 5.0} configuration 2019-07-17 08:40:01,201 - url_helper.py[DEBUG]: Read from http://sat-host/unattended/built?token=5398f5ce-95ab-4ee9-ac04-881dc4d3e24d (201, 0b) after 1 attempts 2019-07-17 08:40:01,202 - handlers.py[DEBUG]: finish: modules-final/config-phone-home: SUCCESS: config-phone-home ran successfully 2019-07-17 08:40:01,202 - main.py[DEBUG]: Ran 5 modules with 0 failures
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172