Bug 1743254 - foreman-proxy http port 8000 is enabled while it should be disabled by default
Summary: foreman-proxy http port 8000 is enabled while it should be disabled by default
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 6.7.0
Assignee: Ewoud Kohl van Wijngaarden
QA Contact: Devendra Singh
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-19 13:13 UTC by Ahmed Eladawy
Modified: 2020-04-14 13:25 UTC (History)
7 users (show)

Fixed In Version: satellite-installer-6.7.0.8-1,foreman-installer-1.24.1.14-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:25:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 27848 Normal Closed foreman-proxy http port 8000 within katello is enabled while it should be disabled by default 2020-10-12 21:06:39 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:25:27 UTC

Description Ahmed Eladawy 2019-08-19 13:13:12 UTC
Description of problem:

foreman-proxy http port 8000 is enabled while it should be disabled by default

In satellite 6.5 :
------------------

- Port 8000 is enabled and used to get the kickstart files from the satellite server during the provisioning while it should be disabled by default.

# netstat -tulpn | grep 8000
tcp6       0      0 :::8000                 :::*                    LISTEN      16479/ruby 

/etc/foreman-proxy/settings.yml
# http is disabled by default. To enable, uncomment 'http_port' setting
# https is enabled if certificate, CA certificate, and private key are present in locations specifed by
# ssl_certificate, ssl_ca_file, and ssl_private_key correspondingly
# default values for https_port is 8443
:https_port: 9090
:http_port: 8000

If the http port is disabled , the provisioning process fails because the kickstart template can not be imported from the satellite.

Provisioning templates :
Kickstart default PXELinux
APPEND initrd=<%= @initrd %> ks=<%= foreman_url('provision') %> <%= pxe_kernel_options %> <%= ksoptions %>
APPEND initrd=boot/rhel8-baseos-WcW6Pwor7M-initrd.img ks=http://[SATELLITE FQDN]:8000/unattended/provision?token=0baede19-003c-4f21-82dd-145812e42ab0  network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-94-b6-8e kssendmac ks.sendmac inst.ks.sendmac

In satellite 6.4 :
------------------
- Port 8000 is disabled by default and there is no issues with the provisioning process.

  APPEND initrd=boot/RedHat-7.4-x86_64-initrd.img ks=http://[SATELLITE FQDN]/unattended/provision  network ksdevice=bootif ks.device=bootif BOOTIF=00-52-54-00-1c-95-58 kssendmac ks.sendmac inst.ks.sendmac


Version-Release number of selected component (if applicable):

Satellite 6.5 

How reproducible:
100%

Steps to Reproduce:
1. Check ports on /etc/foreman-proxy/settings.yml 

:https_port: 9090
:http_port: 8000


2. Preview the kickstart templates for a provisioned host , all use http://[SATELLITE FQDN]:8000


Actual results:
The http port 8000 is enabled and used by the kickstart templates.

Expected results:

The http port 8000 is disabled by default and not used in foreman_url('provision') as in satellite 6.4

Comment 7 Ewoud Kohl van Wijngaarden 2019-09-12 17:08:28 UTC
Created redmine issue https://projects.theforeman.org/issues/27848 from this bug

Comment 8 Bryan Kearney 2019-09-12 20:04:18 UTC
Upstream bug assigned to ekohlvan@redhat.com

Comment 9 Bryan Kearney 2019-09-12 20:04:20 UTC
Upstream bug assigned to ekohlvan@redhat.com

Comment 10 Bryan Kearney 2020-02-19 13:04:40 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27848 has been resolved.

Comment 13 Devendra Singh 2020-03-09 10:58:26 UTC
Verified in 6.7 Snap 15

# rpm -q satellite-installer
satellite-installer-6.7.0.8-1.el7sat.noarch

Didn't see the entry 8000 in kickstart templates for the provisioned host. 

  APPEND initrd=boot/3xzbfp-SQiU4cStF1z1-initrd.img ks=http://XYZ/unattended/provision  network ksdevice=bootif ks.device=bootif BOOTIF=00-3a-f6-a9-23-67-6f kssendmac ks.sendmac inst.ks.sendmac
  IPAPPEND 2

Comment 16 errata-xmlrpc 2020-04-14 13:25:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.