When using the smart proxy templates feature, is the URL not supplied by the smart proxy itself? Via the smart proxy's template_url setting (https://github.com/theforeman/smart-proxy/blob/develop/config/settings.d/templates.yml.example#L14) which should override Foreman's usual unattended_url.

unattended_url should be set on Foreman to be the same as the template_url (on /etc/smart-proxy/settings.d/templates.yml) to provide that URL on the PXE/kickstart templates. Unless I missed something, the proxy will not modify the templates coming from Foreman and compile them with the proxy URL. foreman_url('provision') for instance, will just use the unattended_url (which can be a single proxy URL).

A way to reproduce this with libvirt:

- Create 2 networks, network A 192.168.122.0/24 , and network B 192.168.121.0/24 . All that matters is that hosts in one won't be able to access the other.
  - Setup Foreman in any of the networks, or a third. Setup a proxy in each network. Only proxies can connect to Foreman, but nothing else on these networks can reach outside traffic.
  - Problem: Modify unattended_url in Foreman to be the same as template_url. So that foreman_url('provision') would be able to resolve to the proxy for templates.

Which template_url? The one on proxy in network A or proxy in network B? At this point we are effectively disabling provisioning on one of the networks, as foreman_url('xxxx') is going to resolve to the URL of one of the proxies.

If you're using the Template feature foreman_url('provision') and anything else gets resolved to the tempalte url in the proxy.

https://github.com/theforeman/foreman/blob/develop/lib/foreman/renderer.rb#L39