Expected outcome:
I ask this because it seems dhcpd und tftpd configs aren’t updated.
I’ve created a host for provisioning and I assume there should be some configuration in dhdpd.conf and for tftpd
Foreman and Proxy versions:
foreman-proxy-2.4.1-1.el8.noarch
That’s not really the right way to do it. Katello is not a “full” smart proxy, it’s a full blown Foreman + Katello.
That’s odd, because it should be. Is there anything particular in the logs? Note that only when you actually provision a host that a host entry will be created in the leases file.
Also, you printed your oauth consumer key and secret. These give full and unlimited API control over your Foreman instance. If those are the real values, I urge you to rotate them ASAP.
From the top of my head, this is done on the main Foreman server:
# Clear the cache entries
rm /opt/puppetlabs/puppet/cache/foreman_cache_data/oauth_consumer_{key,secret}
foreman-installer --reset-foreman-oauth-consumer-key --reset-foreman-oauth-consumer-secret
Do I then run the installer on the proxy with the new values again or how do I change them?
Or are they written in a config-file somewhere?
Currently, the instance is for test and IP-restricted to our office and my address at home, we’ll do a re-install once I feel I’m ready for production.
OK, so what I did should be correct?
It did install those services, but it seems nothing is configured.
The (supposed) pxe-interface is set to “managed” and “provision”.
I don’t see anything in the logs of the smart-proxy (I assume it should show up there?).
I did notice I hadn’t even set an IP for the pxe-interface of the smartproxy - but even after I correct that, nothing changed.
Can you explain what you mean by “nothing is configured”?
First of all, if you check the Smart Proxy in the UI (Infrastructure → Smart Proxies), does it report the DHCP and TFTP features? Are the services running on the Smart Proxy (systemctl status dhcpd.service tftp.socket)?
the pxe-net is a /16. I’ve created various /24 subnets (with ranges) inside it that I intend to assign to the pxe-boot interfaces of the hosts.
These ranges should also show up in the dhcpd-config, right?
What you should do from the Foreman (sadly this hasn’t been automated) is to build the default pxelinux config. To do so, in the UI you go to Hosts → Provisioning Templates. Then in the top right you have a button Build PXE Default. That should create the default entry. If you create a new host to provision, it should also create specific entries for the specific mac address.
By default the DHCP config that’s laid out by the installer doesn’t look at what’s in Foreman’s subnet config. From Foreman you can import what’s on the actual server, but out of the box you can’t sync the other way around.
IIRC that only happens when a host enters or exists build mode or is freshly created. So if you create a new host, it should create one. Also if you rebuild an existing host or if you click “cancel build mode”.
Yes, but I can’t reach these resolvers from the PXE-boot network.
I can reach the proxy now (it’s no big deal setting up unbound for this), it starts to download but stops due a problem with fetching sg3_utils (see my other posting, if you’re interested).
Unfortunately, there are a perceived million ways to do things wrong in foreman and little indication if it’s an actual bug or some dumb decision on setting things up.