Foreman » Smart Proxy

06/30/2014

03:54 AM Feature #4699: Support Puppet environmentpath and environment config files

Evgeny Vasilchenko wrote:
> Well - not that fast...
>
> After patch Foreman understands the directory environment... Dominic Cleal

03:52 AM Feature #4699: Support Puppet environmentpath and environment config files

Elisiano Petrini wrote:
> Thanks for fixing this.
> I'm not familiar with the Foreman release cycle, so apologies i... Dominic Cleal

06/27/2014

07:35 PM Feature #4699: Support Puppet environmentpath and environment config files

Well - not that fast...
After patch Foreman understands the directory environments, but now I having troubles impo... Evgeny Vasilchenko

04:07 PM Feature #4699: Support Puppet environmentpath and environment config files

Dominic Cleal wrote:
> For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy c... Evgeny Vasilchenko

02:46 PM Feature #4699: Support Puppet environmentpath and environment config files

Thanks for fixing this.
I'm not familiar with the Foreman release cycle, so apologies in advance if the following qu... Elisiano Petrini

02:26 PM Feature #4699: Support Puppet environmentpath and environment config files

Works here. No changes in settings.yml were necessary
I used this patch on a RHEL6.5, x86_64, puppet-3.6.1, forema... Florian Sachs

12:57 PM Bug #6396: an error removing a DHCP record (record doesn't exist) stops the delete process for a host

Hi David,
There wasn't much extra related info indeed.
Thanks btw, this other "bug" fixed it, but I wasn't awre... Yama Kasi

11:13 AM Bug #6396: an error removing a DHCP record (record doesn't exist) stops the delete process for a host

Yama,
Without further detail, I cannot say if this will fix your problem or not. The root cause of your issue may... David Swift

10:55 AM Bug #6396: an error removing a DHCP record (record doesn't exist) stops the delete process for a host

Tested so far but doesn't seem to solve the problem yet. Yama Kasi

11:26 AM Bug #6412: Trying to remove a DHCP record fails due to an invalid subnet check

Copying the description I just wrote into github, as it explains this behavior better:
A small correction - if... David Swift

07:34 AM Bug #6412 (Ready For Testing): Trying to remove a DHCP record fails due to an invalid subnet check

https://github.com/theforeman/smart-proxy/pull/175 Dominic Cleal

06/26/2014

11:18 PM Bug #6412 (Closed): Trying to remove a DHCP record fails due to an invalid subnet check

Take three hosts, add them into foreman via API. Then try and remove them. The first deletes fine, but the subseque... David Swift

04:13 PM Bug #6396 (Ready For Testing): an error removing a DHCP record (record doesn't exist) stops the delete process for a host

https://github.com/theforeman/smart-proxy/pull/174 Dominic Cleal

10:47 AM Bug #6396: an error removing a DHCP record (record doesn't exist) stops the delete process for a host

I have the same issue.
I also see this on the proxy log:
E, [2014-06-26T12:28:08.155374 #9147] ERROR -- : Remov... Yama Kasi

12:52 PM Bug #6334 (Closed): "DNS virsh provider needs 'virsh_network' option" error adding DNS records

Applied in changeset commit:6dc8c7180837bf3e34324f6b228b3d2d293cb6eb. Dominic Cleal

06/25/2014

08:24 PM Bug #6396 (Closed): an error removing a DHCP record (record doesn't exist) stops the delete process for a host

Trying to delete a host that does not have a DHCP record generates an error that prevents deletion of the host. The ... David Swift

08:01 PM Feature #6393 (Rejected): Mcollective puppetrun should check status before attempting to run

I ran into an issue where executing a Puppet run from the web interface that uses mcollective resulted in a not-so-ob... Trey Dockendorf

11:17 AM Bug #6377 (Closed): Incorrect dhcp providers server virsh.rb loadSubnetData

The commit fixes dhcp server virsh.rb provider. Upon loading the
contents of the libvirt network XML and parsing for... Lukas Zapletal

07:20 AM Bug #6289: vmlinuz/initrd files corrupted during when multiple hosts created simultaneously

https://github.com/theforeman/smart-proxy/pull/173 Dominic Cleal

06/23/2014

07:51 PM Feature #4699: Support Puppet environmentpath and environment config files

Dominic Cleal wrote:
> For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy c... Jason Smith

08:14 AM Feature #4699: Support Puppet environmentpath and environment config files

For anybody wanting to test this on 1.5, here's a rebased patch - please back up your proxy config before using, it's... Dominic Cleal

03:45 PM Refactor #6306 (Ready For Testing): Possible namespace collisions between libraries and proxy modules

PR: https://github.com/theforeman/smart-proxy/pull/171 Anonymous

02:56 PM Feature #6341 (Closed): Support 64-bit MAC addresses

In order to manage Infiniband interfaces in Foreman the MAC address validations must be expanded to validate 48-bit v... Trey Dockendorf

01:18 PM Bug #6289 (Ready For Testing): vmlinuz/initrd files corrupted during when multiple hosts created simultaneously

PR: https://github.com/theforeman/smart-proxy/pull/170 Anonymous

11:38 AM Bug #6334 (Ready For Testing): "DNS virsh provider needs 'virsh_network' option" error adding DNS records

https://github.com/theforeman/smart-proxy/pull/169 Dominic Cleal

11:37 AM Bug #6334 (Closed): "DNS virsh provider needs 'virsh_network' option" error adding DNS records

Since modularisation, when adding DNS records, the smart proxy throws this error even when virsh_network is in settin... Dominic Cleal

11:38 AM Revision 6dc8c718: fixes #6334 - pass virsh_network to virsh DNS provider

Dominic Cleal

06/20/2014

04:27 PM Bug #6311: Deleting a host and re-creating it generates a DHCP error

I'm running into this same issue. I can create the host after doing a service dhcpd restart. Derek Wright

01:25 PM Bug #6311 (Duplicate): Deleting a host and re-creating it generates a DHCP error

When i create a new host, everything is ok. But if i delete the host to re-create it (with same name, parameters and ... Alexandre Barth

01:47 PM Feature #4699 (Ready For Testing): Support Puppet environmentpath and environment config files

https://github.com/theforeman/smart-proxy/pull/168 Dominic Cleal

09:51 AM Feature #4699 (Assigned): Support Puppet environmentpath and environment config files

Dominic Cleal

01:28 PM Feature #6313 (Rejected): Update the puppetssh puppet_provider to allow ssh options

Allow additional SSH options to be called for additional functionality.
An example of this use would be creating a... Steven Bambling

11:52 AM Refactor #6306 (Assigned): Possible namespace collisions between libraries and proxy modules

Anonymous

11:46 AM Refactor #6306 (Closed): Possible namespace collisions between libraries and proxy modules

The modular smart proxy has modules named after the component being managed, but in the case of both Chef and Puppet,... Dominic Cleal

07:30 AM Revision e3864965: refs #4866 - Added config/settings.d/*yml to gitignore

Lukas Zapletal

07:28 AM Bug #6302 (Rejected): When Importing Puppet Classes, Broken Autoload Path's Ignored

Migrated from https://github.com/theforeman/foreman/issues/1527
1. Create file `profiles/manifests/a_profile.pp` o... Dominic Cleal

06/19/2014

03:28 PM Bug #6286 (Resolved): Subnets not found in dhcpd.conf

Ahh, so in 1.5.1 we merged #5712 which made the ISC DHCP backend obey the same option as the AD backend to fix timeou... Dominic Cleal

03:19 PM Bug #6286: Subnets not found in dhcpd.conf

I resolved the issue by commenting out this line in the foreman-proxy settings.yml:
# :dhcp_subnets: [1.1.17.0/255... Mike McRill

02:06 PM Bug #6286 (Need more information): Subnets not found in dhcpd.conf

I can't replicate this, my proxy is suggesting IPs just fine:
172.20.10.20 - - [19/Jun/2014:15:05:02 BST] "GET /dh... Greg Sutcliffe

12:35 PM Bug #6286 (Resolved): Subnets not found in dhcpd.conf

After upgrading to 1.5.1, IP auto-suggest isn't working. I'm seeing these errors in the proxy.log when I go to the n... Mike McRill

02:28 PM Bug #6289 (Closed): vmlinuz/initrd files corrupted during when multiple hosts created simultaneously

Linked BZ describes a side effect of async downloads:
> --- Additional comment from James Slagle on 2014-06-17 15:... Dominic Cleal

06/18/2014

05:10 PM Bug #6275: migrate_settings.yml doesn't return 1 on migrated config file

RPM spec updated to avoid triggering this, debs will too. Dominic Cleal

04:39 PM Bug #6275 (Ready For Testing): migrate_settings.yml doesn't return 1 on migrated config file

https://github.com/theforeman/smart-proxy/pull/166 Dominic Cleal

04:27 PM Bug #6275 (Closed): migrate_settings.yml doesn't return 1 on migrated config file

The migrate_settings.yml script isn't returning 1 when used against a migrated config file (e.g. the example configs)... Dominic Cleal

02:53 PM Refactor #4866 (Closed): As a developer I'd like to break up smart-proxy into multiple components

Applied in changeset commit:038fa6cf7079880b16d998346d05112acefec81e. Anonymous

02:38 PM Refactor #4866: As a developer I'd like to break up smart-proxy into multiple components

RPM specs: https://github.com/theforeman/foreman-packaging/pull/255
installer: https://github.com/theforeman/puppet-... Dominic Cleal

02:20 PM Refactor #4866 (Ready For Testing): As a developer I'd like to break up smart-proxy into multiple components

PR: https://github.com/theforeman/smart-proxy/pull/150 Anonymous

02:18 PM Revision 038fa6cf: Fixes #4866: Breaking up monolithic smart-proxy into modules

Dmitri Dolguikh

09:09 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Fixes committed to 1.4-stable, 1.5-stable and develop.
Foreman 1.4.5 and 1.5.1 releases will be made today with th... Dominic Cleal

08:52 AM Bug #6086 (Closed): CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Applied in changeset commit:854ab5573df152fd20b2be5547a08b4862fb78fe. Anonymous

08:11 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Attaching final (v4) patch, applies cleanly to 1.5 and 1.4-stable branches. Dominic Cleal

08:07 AM Revision 854ab557: Fixes #6086 - stop remote command execution and path exploit in TFTP API (CVE-2014-0007)

Greg Sutcliffe

06/17/2014

06:32 PM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Sorry for my time off complication, this was not planned. And thank you gentlemen for finishing this.
Do we have t... Lukas Zapletal

01:10 PM Bug #6086 (Pending): CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

ACK, thanks both Lukas and Greg. Dominic Cleal

10:24 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Dominic, change the patch thus:
- destination = Pathname.new(File.absolute_path(filename, SETTINGS.tftpro... Greg Sutcliffe

02:11 PM Feature #3034: TFTP file download should be synchronous and handle errors

edit: moved to #6289 Dominic Cleal

06/16/2014

05:49 PM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Thanks for the tests Greg - unfortunately they fail on 1.8.7 as it's using File.absolute_path, which is only availabl... Dominic Cleal

11:57 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Updated patch attached with a to_s added, as escape_for_shell cannot take direct Pathname objects, and two tests for ... Greg Sutcliffe

09:17 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Patch looks fine, but could you add some unit tests of this method please? Just stub out CommandTask and check that ... Dominic Cleal

04:18 PM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

Dominic Cleal wrote:
> As per my above comment(s), directory environments are *not* supported at the moment and this... Elisiano Petrini

03:42 PM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

As per my above comment(s), directory environments are *not* supported at the moment and this patch does *not* provid... Dominic Cleal

03:39 PM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

Dominic Cleal wrote:
> Don't worry about puppet.conf, I got what I needed from the foreman-users list.
>
> If you... Elisiano Petrini

06/14/2014

11:21 PM Feature #2736: implement a Wake On Lan function/button

+1 Arnold Bechtoldt

11:18 PM Feature #6225 (Resolved): As an admin I would like to bind foreman-proxy service to a specific IP address for security reasons

Port setting is available only so far. Arnold Bechtoldt

06/13/2014

09:54 AM Bug #6208 (Rejected): Unable to overwrite/delete previously created DHCP entry

Using version 9999-trusty+scratchbuild+201406122210
Client side:... Jon Skarpeteig

06/12/2014

11:05 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Here is my second attempt. It does fix the remote execution and in addition, it does check if the resulting file is w... Lukas Zapletal

08:43 AM Bug #5995: Windows AD DHCP reservation creation fails with "The specified option does not exist"

Hi Dominic,
must have missed the email about your update on this ticket. Thanks a lot the fix works. I have update... Oliver Weinmann

08:42 AM Bug #2870: DHCP reservations on MS DHCP servers with PXEClient defined

Hi Guys,
I opened a ticket for another MS dhcp issue: http://projects.theforeman.org/issues/5995. It seems that th... Oliver Weinmann

06/11/2014

07:55 PM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

I didn't have to downgrade to an earlier version of Puppet to resolve this issue. I'm on 3.6.2 and I'm working fine. ... Paul Calabro

05:52 PM Bug #5675 (Closed): DNS Proxy Issues

Applied in changeset commit:62c7320bbdedeb3d983addc1f78d8fe20b0d6f71. Dominic Cleal

05:27 PM Revision 62c7320b: fixes #5675 - expect dns_key setting to be nil if not set

Dominic Cleal

02:20 PM Bug #6086 (Ready For Testing): CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Ready for review too. Lukas Zapletal

06/10/2014

09:04 PM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

It looks like a consequence of the API between Foreman and the proxy, but the patch has a bad effect on normal TFTP f... Dominic Cleal

06/09/2014

06:52 PM Bug #5856 (Closed): Cannot import environments, classes even with foreman 1.5.0

Applied in changeset commit:1dc369d4297c5b9a8106d8908ebac6a8ccfa7437. Dominic Cleal

06:36 PM Revision 1dc369d4: fixes #5856 - use public initializer for Puppet settings

Dominic Cleal

06/06/2014

02:56 PM Bug #5995 (New): Windows AD DHCP reservation creation fails with "The specified option does not exist"

We generally don't actively maintain AD support, so any help to track it down and submit patches would be welcomed.
... Dominic Cleal

02:41 PM Bug #5995: Windows AD DHCP reservation creation fails with "The specified option does not exist"

Hi Guys,
this is really becoming urgent as I can't deploy any new hosts, neither can I change / update existing ho... Oliver Weinmann

01:20 PM Bug #5677 (Closed): Delete Host Failing

Dominic Cleal

10:36 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Created: http://projects.theforeman.org/issues/6089 (not linking the issues yet). Lukas Zapletal

10:31 AM Bug #6086: CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Ok here is my analysis and patch.
Foreman application calls this API with two parameters. The source is URL from w... Lukas Zapletal

08:53 AM Bug #6086 (Assigned): CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

It's my honour :-)
I guess we want shortest possible fix, which is escape_for_shell or something similar. Lukas Zapletal

08:33 AM Bug #6086 (Closed): CVE-2014-0007 - TFTP boot file fetch API permits remote code execution

Reported by Lukas Zapletal to the security team and assigned CVE-2014-0007.
The smart proxy's API for fetching fil... Dominic Cleal

07:49 AM Bug #6085 (Closed): Virsh provider is not interpreting DHCP netmask correctly

The virsh.rb loadSubnets method was only looking for a definition of a netmask inside the libvirt network XML, despit... Lukas Zapletal

06/05/2014

10:01 AM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

Ollie Lawson wrote:
> I have applied the patch above with Foreman 1.5.0 and Puppet 3.6.1 but the environments still ... Dominic Cleal

09:58 AM Bug #5856: Cannot import environments, classes even with foreman 1.5.0

I have applied the patch above with Foreman 1.5.0 and Puppet 3.6.1 but the environments still do not import.
Prox... Ollie Lawson

06/02/2014

08:13 PM Bug #6022 (Closed): puppetssh fails due to host key prompt when trying to do puppetrun

I've configured settings.yml to allow puppet runs over ssh
But on the remote server I just get "Connection Closed ... Stephen Herd

08:28 AM Bug #5995: Windows AD DHCP reservation creation fails with "The specified option does not exist"

Problem also occurs on a second proxy where we only have one subnet. :( I thought maybe it's a timeout issue due too ... Oliver Weinmann

07:18 AM Revision 00073661: refs #5987 - remove unused packaging files

Dominic Cleal