Hide Forgot
Description of problem: foreman-proxy http port 8000 is enabled while it should be disabled by default In satellite 6.5 : ------------------ - Port 8000 is enabled and used to get the kickstart files from the satellite server during the provisioning while it should be disabled by default. # netstat -tulpn | grep 8000 tcp6 0 0 :::8000 :::* LISTEN 16479/ruby /etc/foreman-proxy/settings.yml # http is disabled by default. To enable, uncomment 'http_port' setting # https is enabled if certificate, CA certificate, and private key are present in locations specifed by # ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly # default values for https_port is 8443 :https_port: 9090 :http_port: 8000 If the http port is disabled , the provisioning process fails because the kickstart template can not be imported from the satellite. Provisioning templates : Kickstart default PXELinux APPEND initrd=<%= @initrd %> ks=<%= foreman_url('provision') %> <%= pxe_kernel_options %> <%= ksoptions %> APPEND initrd=boot/rhel8-baseos-WcW6Pwor7M-initrd.img ks=http://[SATELLITE FQDN]:8000/unattended/provision?token=0baede19-003c-4f21-82dd-145812e42ab0 network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-94-b6-8e kssendmac ks.sendmac inst.ks.sendmac In satellite 6.4 : ------------------ - Port 8000 is disabled by default and there is no issues with the provisioning process. APPEND initrd=boot/RedHat-7.4-x86_64-initrd.img ks=http://[SATELLITE FQDN]/unattended/provision network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-1c-95-58 kssendmac ks.sendmac inst.ks.sendmac Version-Release number of selected component (if applicable): Satellite 6.5 How reproducible: 100% Steps to Reproduce: 1. Check ports on /etc/foreman-proxy/settings.yml :https_port: 9090 :http_port: 8000 2. Preview the kickstart templates for a provisioned host , all use http://[SATELLITE FQDN]:8000 Actual results: The http port 8000 is enabled and used by the kickstart templates. Expected results: The http port 8000 is disabled by default and not used in foreman_url('provision') as in satellite 6.4
Created redmine issue https://projects.theforeman.org/issues/27848 from this bug
Upstream bug assigned to ekohlvan@redhat.com
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27848 has been resolved.
Verified in 6.7 Snap 15 # rpm -q satellite-installer satellite-installer-6.7.0.8-1.el7sat.noarch Didn't see the entry 8000 in kickstart templates for the provisioned host. APPEND initrd=boot/3xzbfp-SQiU4cStF1z1-initrd.img ks=http://XYZ/unattended/provision network ksdevice=bootif ks.device=bootif BOOTIF=00-3a-f6-a9-23-67-6f kssendmac ks.sendmac inst.ks.sendmac IPAPPEND 2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454