Description of problem: After the removal of the setting remote_addr, customer that used that feature need to add the parameter trusted_proxies on /etc/foreman/settings.yaml. This works, but there's no way to make that permanent and satellite-installer overwrites the settings.yaml on every execution. Version-Release number of selected component (if applicable): Actual results: Not being able to use this feature, some provisioning deployments involving capsules and user-data won't work due to Satellite not being able to identify the source IP of the VM. Expected results: A way to specify a list of trusted_proxies that may be forward requests to Satellite. Additional info:
This will be available when Satellite 6.11.0 is released.
Based upon comment 1, aligning to 6.12.
Verified. Tested on Satellite 6.12.0 Snap 11.0 Version: foreman-installer-3.3.0.3-1.el8sat.noarch Steps: 1. # satellite-installer --foreman-trusted-proxies 127.0.0.1/8 --foreman-trusted-proxies ::1 --foreman-trusted-proxies <ip-address-of-eth0-on-capsule> 2. # cat /etc/foreman/settings.yaml | grep -A3 trusted # List of trusted IPs / networks. Default: IPv4 and IPV6 localhost addresses. # If overwritten, localhost addresses (127.0.0.1/8, ::1) need to be in trusted_proxies IP list. # More details: https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html :trusted_proxies: - '127.0.0.1/8' - '::1' - '<ip-address-of-eth0-on-capsule>' Observation: satellite-installer includes following trusted_proxies in settings file after execution, which unblocks traffic through capsule for satellite provisioning.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8506