Template(s) aren't compatible with safemode gem 1.3.2

[alexjfisher]

Since theforeman/safemode#23, the default kickstart template doesn't resolve.

The error is

Safemode doesn't allow to access 'block_pass' on &:present?

Looks like this line needs updating. There may be other templates that also need fixing.

[alexjfisher]

Safegem 1.3.2 was accidentally included in Foreman release 1.15.2. From IRC, I think this is about to be pulled from the repos. The templates will then need fixing before 1.15.3 is released.

[dLobatog]

I pulled from the repo already, sent a warning to foreman-users https://groups.google.com/forum/#!topic/foreman-users/ndbtypGKoRk .

At 1.15.3 release time we will have to:

• Build 1.15.2-2 with the right templates
• Sync templates with the fix (obvious) before 1.15.3
• Rebuild safemode 1.3.2 in the rpm/1.15 repo

[ares]

Fix for templates at #407 fix for existing templates in Foreman instances at theforeman/foreman#4669

[olifre]

I have since updated (automatically) to 1.15.3 and provisioning stopped working.
It seems the templates shipped with foreman have not been updated, so it breaks now out of the box:
https://github.com/theforeman/foreman/commits/develop/app/views/unattended/provisioning_templates/provision/kickstart_default.erb
Where should I report this?

[alexjfisher]

My guess is that #407 should have been cherry-picked onto the 1.15-stable branch but never was?

[olifre]

Seems like that. Still, I'm curious how testing of 1.15.3 was done - without updating to the community templates, no provisioning is possible (at least of most kickstart based distributions).

[ekohl]

@olifre are you on Debian or Red Hat? It looks like the RH packaging doesn't include 1.3.1 but Debian bundles all gems so maybe it slipped in unnoticed there. theforeman/foreman@b1b357c is in 1.15-stable.

[olifre]

@ekohl This is on CentOS 7, and yum info tells me:

Installed Packages
Name        : tfm-rubygem-safemode
Arch        : noarch
Version     : 1.3.2
Release     : 1.el7
Size        : 38 k
Repo        : installed
From repo   : foreman

And it is also there in the repository right now:
http://yum.theforeman.org/releases/1.15/el7/x86_64/
It's just that the templates fail with the packaged version of safemode...

[ekohl]

That is odd because https://github.com/theforeman/foreman-packaging/tree/rpm/1.15/rubygem-safemode doesn't show it. @mmoll or @ehelms any idea how this has happened?

[ekohl]

And the real fix: #411

[alexjfisher]

@ekohl yeah, it was the 1.15-stable branch of this project I was referring to. :)

[ehelms]

@ekohl That comes down to how Koji works. You can only ever have one "build" of a package. So if we build a package into nightly, we just tag it over to 1.15 instead of rebuilding it (except for plugins where we bake the foreman version into the build).

I feel like this is a good example of why community template being their own RPM would give us more flexibility and agility when doing releases.

[Netbulae]

I fixed the "network --bootproto" line, but now I get a fresh error:

Failure parsing Katello Kickstart Default: Safemode doesn't allow to access 'chef_enabled' on #Safemode::ScopeObject.

This is the part in the Kickstart that fails:

<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>

<% if puppet_enabled %>
<%= snippet 'puppet_setup' %>
<% end -%>

<% if salt_enabled %>
<%= snippet 'saltstack_setup' %>
<% end -%>
```

[ekohl]

Sounds like you're missing a line like chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy in your template. See

community-templates/provisioning_templates/finish/kickstart_default_finish.erb

Line 27 in 227ccb5

chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy

[Netbulae]

Thanks, that was it. We started modifying the kickstarts around 3.1 and this has been difficult to maintain.

[alexjfisher]

Closing as I'm confident this is now fixed for 1.15.4 and 1.16.0

[slalomnut]

I still see this error after updating to 1.15.6 under CentOS 7.

[ekohl]

Where do you see it in particular?

[ares]

Perhaps you're using Katello or some customized template?

[slalomnut]

When I execute a build for a host, it complains about the kickstart template. If I downgrade to 1.3.1-1.el7, it works fine.

[ekohl]

Are your kickstart templates modified perhaps? In that case we don't overwrite them and you need to manually update them. We can't really merge in changes and don't want to disregard your changes.

[sjansen1]

Same issue with Foreman 1.15.6 and tfm-rubygem-safemode-1.3.2-1.el7.noarch

2017-10-29 13:35:02 38f78792 [app] [I] Rendered inline template (22.4ms)
2017-10-29 13:35:02 38f78792 [app] [W] There was an error rendering the Katello Kickstart Default template:
| ActionView::Template::Error: Safemode doesn't allow to access 'block_pass' on &:present?

Templates are default an show locked sign on them, so i expect them to be the original one from Foreman.

[RobVerduijn]

the katello kickstart templates also need this fix.
It has not been applied to these two:

kickstart-katello.erb
kickstart-katello-atomic.erb

find them on your hd backup them and patch them
replace (&:present?) with { |item| item.present? }
pay attention to () and {}
and then upload them with hammer
you can use hammer to unlock and lock the templates.

Rob

[joecam1673]

Same issue here. Manually updating the katello erb's mentioned looks to have sorted it out. Thanks Rob.

OS: redhat
RELEASE: Red Hat Enterprise Linux Server release 7.4 (Maipo)
FOREMAN: 1.15.6
RUBY: ruby 2.0.0p648 (2015-12-16) [x86_64-linux]
PUPPET: 4.10.9
DENIALS: 6

[RobVerduijn]

the bug for katello can be found here: http://projects.theforeman.org/issues/20836
and the solution is here: Katello/katello@83ed4f8

Rob