Just posting a follow-up to this one, after some digging.
So when a request is forwarded by a smart-proxy, an X-Forwarded-For header
is inserted into the HTTP conversation, with the original client source IP.
When the request is received by the foreman master, a check is done in
unattended_controller.rb:
def ip_from_request_env
ip = request.env['REMOTE_ADDR']
# check if someone is asking on behalf of another system (load balance
etc)
# if request.env['HTTP_X_FORWARDED_FOR'].present? and (ip =~
Regexp.new(Setting[:remote_addr]))
if request.env['HTTP_X_FORWARDED_FOR'].present?
ip = request.env['HTTP_X_FORWARDED_FOR']
end
ip
end
However, it seems that in foreman 1.12 (current/latest) the
Regexp.new(Setting[:remote_addr])) check fails, and so the originating IP
is not used, the proxy IP is used instead which causes the request to not
match a host.
Commenting out the check as shown above, and restarting httpd, all is good,
template renders via the smart-proxy.
Will check and file a bug report.
On Friday, July 15, 2016 at 12:12:05 PM UTC-4, adrian wrote:
>
> First off, thanks for the hard work that has been put together to document
> and create scripts for the process of Windows deployments using DISM and
> wimaging.
>
> I've got a fully functional workflow for deploying Windows 2012 R2 boxes,
> however, it only works when the WinPE environment can call
> /unattended/script directly against foreman.
>
> When a smart-proxy is being used, the call from 10_init.cmd is sent to the
> proxy instead and the source IP of the originating host gets lost, so the
> template can't be generated.
>
> I'm trying to think of the best way around this when a smart-proxy is
> involved.
>
> It's possible that for Windows deploys we will have to allow access to the
> foreman master for /unattended/script call so that the source IP is
> maintained.
>
> I could disable login and use the spoof parameter to have the PE
> environment grab the appropriate template.
>
> I can't use tokens as would normally be recommended in this type of
> workflow because I can't figure out a way to get the token into the WinPE
> 10_init.cmd script or config file as these are built into the DISM created
> wimage.
>
> Is there anything I'm missing that would make this work?
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
