Foreman » Smart Proxy

11/04/2014

06:21 PM Bug #3995: pending certificates don't get deleted with puppet 3.x

I'll have a look at that, as soon as I have more time. If it's a big problem for you, please yell and I try to find s... Anonymous

05:30 AM Bug #3995: pending certificates don't get deleted with puppet 3.x

I was wondering if this issue will be fixed any time soon. It will be nice to delete pending certificates from forema... cristian falcas

12:33 PM Revision a53d835a: Refs #969 - Proxy-side changes for serving templates from the proxy

An update to @GregSutcliffe's original PR. Ports his original feature to the new
plugin api. dustin tsang

08:04 AM Feature #7197 (Ready For Testing): Add man page for foreman-prepare-realm

The Foreman Bot

11/03/2014

08:01 AM Bug #7352 (Closed): Missing DNS record should return 404 not 400 for DELETE

Applied in changeset commit:3f4ee4b4751511e3120e6d5c770c7e8a289d2b9a. Shlomi Zadok

07:33 AM Revision 3f4ee4b4: fixes #7352 - missing DNS record returns 404

Shlomi Zadok

10/30/2014

04:37 AM Feature #8210: Implemented caching for smart-proxy puppet classes

If you're looking to contribute the changes, please open a pull request through GitHub, it's how we propose and revie... Dominic Cleal

03:53 AM Feature #8210: Implemented caching for smart-proxy puppet classes

Main change is in the class_scanner.rb. Stefan Julin

03:51 AM Feature #8210 (Closed): Implemented caching for smart-proxy puppet classes

As a user I want the loading of puppet classes to go faster since if you have around 20k puppet modules it takes arou... Stefan Julin

10/29/2014

01:27 PM Bug #8151: Reinstallation of dhcp package breaks proxy access to /etc/dhcp

Indeed its nicer to have it fixed but I do not think this is rhelbackportable. Thus we need a hack too. Trigger sound... Lukas Zapletal

06:42 AM Bug #8151: Reinstallation of dhcp package breaks proxy access to /etc/dhcp

I'm unsure about putting this in an init script or package (could use a trigger), as it's introduced by the installer... Dominic Cleal

06:38 AM Bug #8151 (Resolved): Reinstallation of dhcp package breaks proxy access to /etc/dhcp

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1156371 ... Dominic Cleal

01:24 PM Feature #8006: Implement logging to stdout/stderr

Anybody agains backporting this into 1.6.z if we have an update scheduled? I d love to have it for 1.6 discovery. Lukas Zapletal

08:01 AM Feature #8006 (Closed): Implement logging to stdout/stderr

Applied in changeset commit:31728207f7486ac4fc42d2580dd7debc4c34c9b3. Anonymous

12:49 PM Bug #8162 (Rejected): Forman proxy not reading module path returned by puppet for environments

I have the following in my puppet.conf
[master]
autosign = $confdir/autosign.conf { mode = 664 }
r... Robert Mortimer

11:34 AM Refactor #8160 (Ready For Testing): Extract chef related code to separate plugin

Marek Hulán

11:32 AM Refactor #8160 (Closed): Extract chef related code to separate plugin

https://github.com/theforeman/smart_proxy_chef Marek Hulán

08:22 AM Refactor #8153 (Closed): Extract smart-proxy url into a global setting

Currently two modules (templates and dhcp) rely on this url, but have it as a module-specific setting Anonymous

07:25 AM Revision 31728207: Fixes #8006 - added STDOUT proxy log option

Lukas Zapletal

04:31 AM Feature #6677 (Resolved): Autosign entry additions should require authentication

Ah great, thanks for the report. Dominic Cleal

10/28/2014

09:29 PM Feature #6677: Autosign entry additions should require authentication

Yeah, sorry that was a typo. I can confirm that the behavior I observed is fixed in 1.5.4, because I was forced to a... Michael Messmore

05:32 AM Revision dee0af35: Bump version to 1.8-develop

Dominic Cleal

10/27/2014

11:45 AM Bug #8115 (Rejected): Foreman Proxy doesn't import modules with lambda's, etc.. that were once considered part of Future Parser but are now regular parser (Puppet v3.7)

No problem. Dominic Cleal

11:39 AM Bug #8115: Foreman Proxy doesn't import modules with lambda's, etc.. that were once considered part of Future Parser but are now regular parser (Puppet v3.7)

Dominic Cleal wrote:
> Do you have a reference for what you say about 3.7.x changing the parser? I'm pretty certain... Jason Knudsen

11:22 AM Bug #8115 (Need more information): Foreman Proxy doesn't import modules with lambda's, etc.. that were once considered part of Future Parser but are now regular parser (Puppet v3.7)

Do you have a reference for what you say about 3.7.x changing the parser? I'm pretty certain that's not correct, the... Dominic Cleal

11:17 AM Bug #8115 (Rejected): Foreman Proxy doesn't import modules with lambda's, etc.. that were once considered part of Future Parser but are now regular parser (Puppet v3.7)

Hey guys,
Noticed today that modules I've created don't get imported via the Foreman Proxy that have things like l... Jason Knudsen

10/24/2014

08:37 AM Feature #8006 (Ready For Testing): Implement logging to stdout/stderr

The Foreman Bot

08:24 AM Feature #8092 (New): Implement logfiles proxy plugin

A tiny plugin that would allow to "tail" various log files from the system. List of allowed filed would be configured... Lukas Zapletal

10/23/2014

08:03 AM Bug #5995: Windows AD DHCP reservation creation fails with "The specified option does not exist"

I ran into the same problem, but also had a different one. The following error:
http://pastebin.com/ib7nyxug
My p... Sam Zandbergen

07:56 AM Refactor #7832 (Ready For Testing): Integration test for SSL verification

The Foreman Bot

05:15 AM Feature #8046: Add an infoblox provider for dns/dhcp

Sure, was just setting it so I could find it easily later. IPAM is part of DHCP anyway. Dominic Cleal

05:10 AM Feature #8046: Add an infoblox provider for dns/dhcp

note, its not only dhcp, but also dns and potentially ipam. Ohad Levy

05:00 AM Feature #8046 (Resolved): Add an infoblox provider for dns/dhcp

As a user, I would like to manage dhcp/dns/ipam using my infoblox applience.
I've seen that a rubygem already exis... Ohad Levy

03:43 AM Bug #8042 (Feedback): failed to compile and install rKerberos in bundle process when installing smart-proxy

Your version of the krb5 libraries is too old for rkerberos. It requires 1.7.0 or higher: https://github.com/domclea... Dominic Cleal

02:05 AM Bug #8042 (Rejected): failed to compile and install rKerberos in bundle process when installing smart-proxy

environment
--------------------------------------------------------------
SLES 11 SP2
ruby-1.9.3-p547
smart-... Joe Yu

10/22/2014

11:01 AM Bug #7859 (Closed): Ssh puppet run does not work on Ruby 1.9+

Applied in changeset commit:ccd77aaecf66be4ad57fe43d06b0c9cb3f313f93. Anonymous

11:01 AM Refactor #7922 (Closed): Let's re-use http(s) connection to foreman for subsequent requests

Applied in changeset commit:8efc06c39ef96aa4337eb14fe4f4dce97d320d73. Anonymous

10:13 AM Revision ccd77aae: Fixes #7859 - puppetssh run works on Ruby 1.9+

Lukas Zapletal

10:07 AM Revision 8efc06c3: Fixes #7922 - promote uri and http to instance property

This will allow to re-use existing http connection for subsequent
requests. Šimon Lukašík

10/21/2014

01:44 PM Feature #7849: trusted_hosts should determine hostname from certificate CN on SSL requests

First steps:
https://github.com/lazyfrosch/smart-proxy/tree/feature/trusted_hosts-CN-7849 Markus Frosch

07:07 AM Feature #8006: Implement logging to stdout/stderr

Implementation proposal:
:log_file: STDOUT
should log everything to stdout (without time/date prefixes). Lukas Zapletal

07:05 AM Feature #8006 (Closed): Implement logging to stdout/stderr

Since systemd automatically capture stdout/stderr, it is possible to trivially add systemd/journald/syslogd support j... Lukas Zapletal

10/20/2014

10:01 AM Refactor #7660 (Closed): Fix rubocop warnings from Lint/AmbiguousOperator to Style/BracesAroundHashParameters

Applied in changeset commit:25691fff37c8ce8eaa7c62ac47a60befd6bfa329. Anonymous

09:14 AM Revision 25691fff: fixes #7660: fixes first bunch of rubocop warnings

Dmitri Dolguikh

10/17/2014

05:01 AM Feature #7862 (Closed): Upgrade rubocop to 0.26.1

Applied in changeset commit:8aa4e0f94bdb0aaff7fc61f95fd55b06a72e98c1. David Davis

04:09 AM Revision 8aa4e0f9: Fixes #7862 - Upgrade rubocop version

David Davis

10/16/2014

03:54 AM Bug #5648: DHCP lease reading is done in the wrong order

One comment while I am investigating some DHCP race conditions:
Although in most cases the host will have IP .59, ... Lukas Zapletal

01:18 AM Feature #969 (Ready For Testing): Direct Client->Foreman communication shouldn't be needed (and moved to the Proxy)

The Foreman Bot

10/15/2014

06:39 PM Support #7964: unable to import puppet class

Hello,
please have a look into the logfiles of the smart proxy on the Puppet master (/var/log/foreman-proxy/proxy.lo... Anonymous

03:42 PM Support #7964: unable to import puppet class

i an not able to import puppet envirment also.
the same error
Warning!
undefined method `values' for []:Array Suyash Jain

03:36 PM Support #7964 (Closed): unable to import puppet class

Hi,
I have puppet master and forman on saparate servers , i have added puppet master through smart proxy and now ... Suyash Jain

03:34 PM Bug #2209: JSON output changes when ActiveRecord storeconfigs is in use

Hi,
I am getting the same issue.
Oops, we're sorry but something went wrong

Warning!
undefined method `v... Suyash Jain

10/14/2014

07:35 AM Bug #6916: MS DHCP Timeout

Another user has a similar issue:
http://projects.theforeman.org/issues/7766
He might have a solution for it...... Oliver Weinmann

07:29 AM Bug #7766: ms_native dhcp smart proxy code scales poorly

Hi Dan,
I have very similar issues where the smart proxy takes too long to register a new reservation and a timeou... Oliver Weinmann

10/13/2014

10:16 PM Feature #7911: Support short hostname for MCollective runs

anybody? hardy hardy

06:06 AM Feature #7911: Support short hostname for MCollective runs

Dominic Cleal wrote:
> I don't recall this being configurable. I'd guess your hostnames aren't configured properly ... hardy hardy

05:24 AM Feature #7911: Support short hostname for MCollective runs

I don't recall this being configurable. I'd guess your hostnames aren't configured properly if they're appearing as ... Dominic Cleal

05:11 AM Feature #7911 (Rejected): Support short hostname for MCollective runs

foreman puppet-run is " shell_command(cmd + ["puppet", "runonce", "-I"] + shell_escaped_nodes) "
for example :
D,... hardy hardy

10:56 AM Refactor #7922 (Closed): Let's re-use http(s) connection to foreman for subsequent requests

When smart-proxy forwards multiple reports to the Foreman, it should not create http(s) connection per request. Šimon Lukašík

10/12/2014

04:47 PM Bug #7909: Importing Environments

Bah...... Riley Shott

04:46 PM Bug #7909: Importing Environments

Also, if it helps, this is what our config/settings.d/puppet.yml looks like:
---
:enabled: true
:puppet_conf: ... Riley Shott

04:42 PM Bug #7909 (Resolved): Importing Environments

Smart-Proxy should support the use of using solely environmentpath in puppet.conf to import directory environments. C... Riley Shott

10/10/2014

11:01 AM Feature #7860 (Closed): puppetssh: add puppetssh_wait config option

Applied in changeset commit:79616401c79308fa1ef9c7458c8f6bd3a2b0c231. Anonymous

08:10 AM Feature #7860 (Ready For Testing): puppetssh: add puppetssh_wait config option

The Foreman Bot

08:48 AM Revision 79616401: Fixes #7860 - added puppetssh_wait option

Thomas Kuther

10/09/2014

06:40 AM Feature #7862 (Ready For Testing): Upgrade rubocop to 0.26.1

The Foreman Bot

06:39 AM Feature #7862 (Closed): Upgrade rubocop to 0.26.1

David Davis

06:30 AM Feature #7860 (Assigned): puppetssh: add puppetssh_wait config option

Lukas Zapletal

06:23 AM Feature #7860 (Closed): puppetssh: add puppetssh_wait config option

Currently the puppetssh command is detached by default, followed by a return 0.
This causes issues when using The ... Thomas Kuther

06:25 AM Bug #7859 (Ready For Testing): Ssh puppet run does not work on Ruby 1.9+

The Foreman Bot

05:16 AM Bug #7859 (Closed): Ssh puppet run does not work on Ruby 1.9+

Things are not properly escaped:... Lukas Zapletal

05:28 AM Bug #7822: CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

1.5.4 and 1.6.2 have been shipped: https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U Dominic Cleal

03:13 AM Bug #7822: CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

1.5-stable commit: https://github.com/theforeman/smart-proxy/commit/a4ecc166f7f86de63d68a66d677eff37d64c8193.patch
1... Dominic Cleal

10/08/2014

10:41 AM Bug #7822: CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

We plan on releasing updated foreman-proxy packages as part of 1.5.4 and 1.6.2. Dominic Cleal

09:01 AM Bug #7822 (Closed): CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

Applied in changeset commit:52f0bacf26923826a9b112369d504972369b3cf0. Dominic Cleal

08:26 AM Revision 52f0bacf: fixes #7822 - forbid HTTPS requests with no client SSL certificate

Dominic Cleal

08:01 AM Bug #7850 (Closed): mixlib-shellout breaks Ruby 1.8 compatibility

Applied in changeset commit:56e62d1295ab65e7deca27890ee69e1312ceca0a. Dominic Cleal

07:07 AM Bug #7850 (Ready For Testing): mixlib-shellout breaks Ruby 1.8 compatibility

The Foreman Bot

07:06 AM Bug #7850 (Closed): mixlib-shellout breaks Ruby 1.8 compatibility

Seeing test failures on Ruby 1.8, due to a new version of mixlib-shellout, which is pulled in by Chef.... Dominic Cleal

07:48 AM Revision 56e62d12: fixes #7850 - pin mixlib-shellout for Ruby 1.8 compatibility

Dominic Cleal

06:46 AM Feature #6677: Autosign entry additions should require authentication

We're fixing the requirement for SSL verification in #7822, but you give an HTTP example - are you running with or wi... Dominic Cleal

03:54 AM Feature #7849 (Closed): trusted_hosts should determine hostname from certificate CN on SSL requests

trusted_hosts is based on reverse DNS, but when requests come in over HTTPS, the CN should be parsed from the certifi... Dominic Cleal

10/07/2014

09:15 AM Feature #7839 (Resolved): Support IPv6

Using foreman-installer (1.6.0), the smart-proxy is not listening on IPv6. It's only bound to IPv4. Please support ... Stephen Bowman

07:33 AM Refactor #7832 (Closed): Integration test for SSL verification

Following on from #7822, we need a full test of the smart proxy rack+WEBrick application to ensure that SSL verificat... Dominic Cleal

07:01 AM Bug #7822 (Ready For Testing): CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

The Foreman Bot

10/06/2014

07:22 AM Bug #7822 (Assigned): CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

Dominic Cleal

06:39 AM Bug #7822 (Closed): CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requests

Reported to foreman-security by Michael Moll. Also reported by Jon McKenzie in a comment here: http://projects.thefo... Dominic Cleal

06:41 AM Bug #5651 (Duplicate): The 'trusted_hosts' config key has an unintuitive (and potentially dangerous) behavior

Thanks very much for your report Jon, apologies for us taking so long to see and address it.
The trusted hosts beh... Dominic Cleal

06:06 AM Feature #3034: TFTP file download should be synchronous and handle errors

For the record, RHOSP team hit this. We might want to speak about bumping up the priority of this. Lukas Zapletal