Hey, our design of template proxying is not good, I constantly need to solve problems setting it up. In order to have this working, both Templates and TFTP features needs to be turned on. This is confusing, then several Proxy settings need to be correctly set and since the names are also confusing, users fail to set them correctly:
/etc/foreman-proxy/settings.d/templates.yml :template_url: http://ibm-x3690x5-01.xxx.com:8000 /etc/foreman-proxy/settings.yml :foreman_url: https//ibm-x3690x5-01.xxx.com :https_port: 9090 :http_port: 8000 Here is the flow of a kickstart request: During template rendering (PXELinux that contains KS URL): Foreman -> Proxy (HTTP/8000) - reads template_url setting and that is rendered into the template for the OS installer During provisioning (installer tries to access the URL given in PXELinux template): Installer -> Proxy (HTTP/8000) -> Foreman (HTTPS/443) - reads content of kickstart template I was thinking if it's the time to simply stop doing on-the-fly template rendering in Foreman and start copying them onto all relevant Proxies during Build phase. The downside is that Smart Proxy would be required in order to do templating, on the other hand this simplifies setup and it also errors out early if there was a rendering issue (we had to implement a workaround - we render them into /dev/null during Build phase). Smart Proxy could store all the associated templates in a directory as plain files and hand them over to clients. Therefore no database needed. Token and expiration handling can be done in Proxy as well (file has a creation time). This also improves reliability (when Forman server is down, clients could still reboot). This is only relevant to provision, iPXE and script templates, all the others are not affected by this. PXE templates already works this way, finish and user_data are injected via ssh/cloudinit. There should not be any technical limitation, unless I miss something. Opinions? -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
