Booting over PXE seems broken (partly)

Thulium-Drake · October 21, 2021, 9:51pm

Problem:
Today I installed a new Foreman/Katello server with 3.0/4.2 on it and I ran into the following issue:

After configuring DHCPd according to Provisioning Guide

I noticed that hosts we’re no longer able to boot the FDI, stating HTTP 404 errors when retrieving http://foreman.example.com:8000/unattended/iPXE?bootstrap=1

According to the docs, this should only be the case when --foreman-proxy-http == false, which it isn’t.

First thing I did was update my DHCPd config to remove the port from the URL (as that does work). Then the next issue presents itself, the kickstart URL also points to port 8000 and replies with a 404. But I can’t find where the ks variable is set and update it.

Did something change here in Foreman 3? Or did something break?
Expected outcome:
System to boot discovery/installer

Foreman and Proxy versions:
Foreman 3.0.0
Katello 4.2.0.1
Distribution and version:
Rocky 8.4

Thulium-Drake · October 21, 2021, 10:24pm

Additional note, the Ansible play I use also runs a CIS hardening role (which has been configured for Foreman)

Just to be sure, I’m reinstalling my system again without it

Thulium-Drake · October 22, 2021, 12:29pm

So installation/configuration is finished, but no change:

[root@foreman ~]# foreman-installer --help | grep proxy-http
    --foreman-proxy-http          Enable HTTP (current: true)
    --foreman-proxy-http-port     HTTP port to listen on (if http is enabled) (current: 8000)
    --foreman-proxy-httpboot      Enable HTTPBoot feature. In most deployments this requires HTTP to be enabled as well. (current: true)
[root@foreman ~]# curl http://foreman.lbhr.htm.lan:8000/unattended/iPXE?bootstrap=1
Requested url was not found
[root@foreman ~]# curl http://foreman.lbhr.htm.lan/unattended/iPXE?bootstrap=1
#!ipxe
# Intermediate iPXE script to report MAC address to Foreman

:net0
isset ${net0/mac} || goto no_nic
dhcp net0 || goto net1
chain http://foreman.lbhr.htm.lan/unattended/iPXE?mac=${net0/mac} || goto net1
...

canglin · October 22, 2021, 2:09pm

Hi
I remembered having a similar issue(don’t know it it is the exact same) but per the doc I adjusted the templates to reflect discovery instead of the default local they are set to Check your provisioning template and see if that makes a diff.

lzap · October 25, 2021, 10:52am

I am not sure what changed, if anything. But:

foreman-installer --foreman-proxy-httpboot true --foreman-proxy-http true --foreman-proxy-templates true

That does not work for me:

curl http://$(hostname -f):8000/unattended/iPXE?bootstrap=1
Requested url was not found

I had to add --foreman-proxy-templates-listen-on both because by default templates endpoint does not listen on HTTP (8000) port, only HTTPS (8443 or 9090).

Thulium-Drake · October 28, 2021, 9:29pm

Thanks!

I have reverted my Lab to 2.5 for now. When 3.0.1 is released I will re-test with your suggestion

Thulium-Drake · November 3, 2021, 2:34pm

@lzap

Thanks for the suggestion! It works like a charm! But I have to ask, my Ansible code added --foreman-proxy-httpboot=true to the foreman-installer flags when setting up deployment.

Did that option change? Or is it only applicable to Smart Proxies?

lzap · November 3, 2021, 8:04pm

I think we made a change recently that does not setup HTTP 8000 endpoint by default anymore, @ekohl ?

Thulium-Drake · November 4, 2021, 8:28am

My bad, I copied the wrong value… But the question still stands

--foreman-proxy-httpboot-listen-on both

Was also added by my Ansible code, but when I run foreman-installer --help I can’t find it anymore.