Hi,

I have built a foreman 1.1 server using foreman-1.1stable-3.el6 on CentOS
6.4. I've tested dhcp and tftp, they are both working. Foreman-proxy is
configured and running, and can see my dhcp and tftp servers. I watched
Dominic Neal's excellent youtube and I believe I've configured everything
according to his instructions.

Problem: when I click 'build' on a server, it says 'enabled [server] for
rebuild on the next boot.' However, foreman doesn't create the appropriate
directory in the tftp server for this server, so the servers continues to
use the 'default' file for pxebooting instead of the new files foreman is
supposed to create and give the server.

here's my /etc/foreman/settings.yaml file:
[snip]

I misstated the problem in the subject.

The problem is clicking 'build' does not create a new tftp record for this
server…

> Hi,
>
> I have built a foreman 1.1 server using foreman-1.1stable-3.el6 on
> CentOS 6.4. I've tested dhcp and tftp, they are both working.
> Foreman-proxy is configured and running, and can see my dhcp and tftp
> servers. I watched Dominic Neal's excellent youtube and I believe I've
> configured everything according to his instructions.
>
> http://www.youtube.com/watch?v=eHjpZr3GB6s

I'm glad it was useful!

> Problem: when I click 'build' on a server, it says 'enabled [server] for
> rebuild on the next boot.' However, foreman doesn't create the
> appropriate directory in the tftp server for this server, so the servers
> continues to use the 'default' file for pxebooting instead of the new
> files foreman is supposed to create and give the server.
>
> here's my /etc/foreman/settings.yaml file:
> [snip]
> —
> :modulepath: /etc/puppet/modules/
> :tftppath: /opt/anaconda/tftpboot
> :puppet_server: puppet
> :unattended: true
> :document_root: /usr/share/foreman/public
> :foreman_url: foreman.domain.com
> :puppetconfdir: /etc/puppet/puppet.conf
>
> [endsnip]
>
> # pwd
> /opt/anaconda/tftpboot/pxelinux.cfg
> [root@hq-puppet-01 pxelinux.cfg]# ls -lart
> total 12
> -rw-r–r--. 1 puppet foreman-proxy 586 Apr 5 15:34 default
> drwxr-xr-x. 2 puppet foreman-proxy 4096 Apr 5 15:34 .
> drwxr-xr-x. 5 puppet foreman-proxy 4096 Apr 12 09:18 …
> #

The default TFTP path on EL6 is /var/lib/tftpboot, but for Foreman it
should be configured in the proxy's config file rather than Foreman's
settings.yaml.

Could you check the value of :tftproot in /etc/foreman-proxy/settings.yml?

The default TFTP path on EL6 is /var/lib/tftpboot, but for Foreman it

> should be configured in the proxy's config file rather than Foreman's
> settings.yaml.
>
> Could you check the value of :tftproot in /etc/foreman-proxy/settings.yml?
>
> –
> Dominic Cleal
> Red Hat Engineering
>

Dominic,
I believe I've set :tftproot correctly - here's my
/etc/foreman-proxy/settings.yml file:
[snip]

for this host.
Since the host is in 'build' state, once I assign a subnet, it immediately
tries to create the pxe entries, but fails with another error that appears
somewhat common from a few quick google searches. Haven't solved it yet:

Started POST "/hosts/hq-pxetest-01.domain.com" for 10.224.178.210 at Thu
Apr 18 14:40:16 -0700 2013
Processing by HostsController#update as
Parameters: {"utf8"=>"â",
"authenticity_token"=>"Ey+OyCStKGeWS6/y59D1AllBFKPp40+UMie7Rtl0m0U=",
"host"=>{"mac"=>"00:50:56:a9:33:9f", "architecture_id"=>"1",
"operatingsystem_id"=>"8", "puppet_proxy_id"=>"1",
"interfaces_attributes"=>{"new_interfaces"=>{"mac"=>"",
"type"=>"Nic::Managed", "subnet_id"=>"", "_destroy"=>"false",
"domain_id"=>"", "ip"=>"", "provider"=>"IPMI", "name"=>""}},
"model_id"=>"1", "root_pass"=>"[FILTERED]", "enabled"=>"1",
"overwrite"=>"false", "hostgroup_id"=>"1", "disk"=>"",
"progress_report_id"=>"[FILTERED]", "subnet_id"=>"1",
"environment_id"=>"1", "domain_id"=>"1", "ip"=>"10.224.98.180",
"managed"=>"1", "ptable_id"=>"1", "comment"=>"", "puppetclass_ids"=>[""],
"medium_id"=>"1", "name"=>"hq-pxetest-01", "updated_at"=>"1366321206",
"provision_method"=>"build"}, "id"=>"hq-pxetest-01.domain.com"}
Create DHCP reservation for
hq-pxetest-01.domain.com-00:50:56:a9:33:9f/10.224.98.180
Create DHCP Settings for hq-pxetest-01.domain.com task failed with the
following error: 400 Bad Request
Rolling back due to a problem: Create DHCP Settings for
hq-pxetest-01.domain.com 9 failed
hq-pxetest-01.domain.comset_dhcp
Failed to save: Create DHCP Settings for hq-pxetest-01.domain.com task
failed with the following error: 400 Bad Request
Rendered hosts/_progress.erb (0.7ms)
Rendered puppetclasses/_selectedClasses.html.erb (0.0ms)
Rendered puppetclasses/_classes.html.erb (4.8ms)
Rendered puppetclasses/_class_selection.html.erb (389.6ms)
Rendered common/_domain.html.erb (70.4ms)
Rendered hosts/_interfaces.html.erb (13.3ms)
Rendered common/os_selection/_architecture.html.erb (155.1ms)
Rendered common/os_selection/_operatingsystem.html.erb (10.3ms)
Rendered hosts/_operating_system.erb (194.4ms)
Rendered hosts/_unattended.html.erb (350.0ms)
Rendered puppetclasses/_class_parameters.html.erb (0.0ms)
Rendered puppetclasses/_classes_parameters.html.erb (72.6ms)
Rendered common_parameters/_inherited_parameters.erb (0.8ms)
Rendered common_parameters/_puppetclass_parameter.erb (546.5ms)
Rendered common_parameters/_puppetclasses_parameters.erb (607.7ms)
Rendered common_parameters/_parameter.erb (3.2ms)
Rendered common_parameters/_parameters.erb (32.2ms)
Rendered hosts/_form.html.erb (1860.6ms)
Read fragment views/tabs_and_title_records-1 (99.0ms)
Rendered home/_topbar.rhtml (103.9ms)
Rendered hosts/edit.html.erb within layouts/application (2334.1ms)
Completed 200 OK in 19082ms (Views: 2440.0ms | ActiveRecord: 513.9ms)

The log in the above post was the foreman log
Here's the foreman-proxy log for the same problem…

D, [2013-04-18T15:04:11.393170 #20282] DEBUG – : Reading config file
/etc/dhcp/dhcpd.conf
D, [2013-04-18T15:04:11.610213 #20282] DEBUG – : Loading subnets for
127.0.0.1
D, [2013-04-18T15:04:11.667149 #20282] DEBUG – : Added
10.224.98.0/255.255.255.0 to 127.0.0.1
D, [2013-04-18T15:04:11.747760 #20282] DEBUG – : Loading subnet data for
10.224.98.0/255.255.255.0
I, [2013-04-18T15:04:11.890276 #20282] INFO – : Enumerated hosts on
10.224.98.0
D, [2013-04-18T15:04:11.890395 #20282] DEBUG – : Lazy loaded
10.224.98.0/255.255.255.0 records
D, [2013-04-18T15:04:11.907377 #20282] DEBUG – : Added
hq-pxetest-01.domain.com (10.224.98.180 / 00:50:56:a9:33:9f) to
10.224.98.0/255.255.255.0
D, [2013-04-18T15:04:11.948049 #20282] DEBUG – : omshell: executed - set
name = "hq-pxetest-01.domain.com"
D, [2013-04-18T15:04:11.951724 #20282] DEBUG – : true
D, [2013-04-18T15:04:11.951890 #20282] DEBUG – : omshell: executed - set
ip-address = 10.224.98.180
D, [2013-04-18T15:04:11.951975 #20282] DEBUG – : true
D, [2013-04-18T15:04:11.952126 #20282] DEBUG – : omshell: executed - set
hardware-address = 00:50:56:a9:33:9f
D, [2013-04-18T15:04:11.952227 #20282] DEBUG – : true
D, [2013-04-18T15:04:11.964332 #20282] DEBUG – : omshell: executed - set
hardware-type = 1
D, [2013-04-18T15:04:11.964424 #20282] DEBUG – : true
D, [2013-04-18T15:04:11.984900 #20282] DEBUG – : omshell: executed - set
statements = "filename = "pxelinux.0"; next-server = 0a:e0:62:1e; option
host-name = "hq-pxetest-01.domain.com";"
D, [2013-04-18T15:04:11.985004 #20282] DEBUG – : true
D, [2013-04-18T15:04:11.988354 #20282] DEBUG – : omshell: executed - create
D, [2013-04-18T15:04:11.988422 #20282] DEBUG – : true
E, [2013-04-18T15:04:12.053325 #20282] ERROR – : Omshell failed:
> > > dhcpctl_connect: not found
, > not connected.
, > no open object.
, > no open object.
, > no open object.
, > no open object.
, > no open object.
, > not connected.
, >
E, [2013-04-18T15:04:12.100956 #20282] ERROR – : Failed to add DHCP
reservation for hq-pxetest-01.domain.com (10.224.98.180 /
00:50:56:a9:33:9f): No response from DHCP server
D, [2013-04-18T15:04:12.107890 #20282] DEBUG – :
/usr/share/foreman-proxy/bin/…/lib/proxy/dhcp/server/isc.rb:174:in report' /usr/share/foreman-proxy/bin/../lib/proxy/dhcp/server/isc.rb:157:inomcmd'
/usr/share/foreman-proxy/bin/…/lib/proxy/dhcp/server/isc.rb:43:in
addRecord' /usr/share/foreman-proxy/bin/../lib/dhcp_api.rb:91:inPOST /dhcp/:network'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:in call' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:863:inroute'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:in
instance_eval' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:521:inroute_eval'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:500:in route!' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:incatch'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:497:in route!' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:ineach'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:476:in route!' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:601:indispatch!'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:in call!' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:ininstance_eval'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in invoke' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:incatch'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:566:in invoke' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:411:incall!'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:399:in call' /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/methodoverride.rb:21:incall'
/usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/showexceptions.rb:24:in
call' /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/commonlogger.rb:20:incall'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in call' /usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:1005:insynchronize'
/usr/lib/ruby/gems/1.8/gems/sinatra-1.0/lib/sinatra/base.rb:979:in call' /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/handler/webrick.rb:59:inservice'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:inrun'
/usr/lib/ruby/1.8/webrick/server.rb:173:in start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:instart'
/usr/lib/ruby/1.8/webrick/server.rb:162:in start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:instart'
/usr/lib/ruby/1.8/webrick/server.rb:92:in each' /usr/lib/ruby/1.8/webrick/server.rb:92:instart'
/usr/lib/ruby/1.8/webrick/server.rb:23:in start' /usr/lib/ruby/1.8/webrick/server.rb:82:instart'
/usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/handler/webrick.rb:13:in
run' /usr/share/foreman-proxy/bin/../lib/sinatra-patch.rb:42:inrun!'
/usr/share/foreman-proxy/bin/smart-proxy:44

Perhaps check the your dhcpd has 'omapi-port 7911;' configured, and that
it's listening on 127.0.0.1. The proxy runs omshell to connect to
localhost to talk to dhcpd. If it needs a key and secret, you'll also
need to set dhcp_key_name and secret in the proxy's settings.yaml.

Perhaps check the your dhcpd has 'omapi-port 7911;' configured, and that

> it's listening on 127.0.0.1. The proxy runs omshell to connect to
> localhost to talk to dhcpd. If it needs a key and secret, you'll also
> need to set dhcp_key_name and secret in the proxy's settings.yaml.
>
> –
> Dominic Cleal
> Red Hat Engineering
>
ok, I've fixed /etc/dhcp/dhcpd.conf.
I also had to chmod og+w /opt/anaconda/tftpboot/boot
now foreman downloaded files from the mirror successfully, created the dchp
reservation, and my pxe starts.
however, the pxe dies :
"unable to download the kickstart file. please modify the kickstart
parameter…"
the URL displayed is
http://foreman.domain.com/unattended/provision

I see the base URL in More / Settings / General / Foreman_URL.
I also see the template itself here:
default linux
label linux
kernel <%= @kernel %>
append initrd=<%= @initrd %> ks=<%= foreman_url("provision")%>
ksdevice=bootif network kssendmac

I also see this url when I look at the template:
https://foreman.domain.com/unattended/provision?spoof=10.224.98.180

my foreman server is running https, but it looks like the pxe boot wants to
use http, and I don't see a way to fix this. changing the URL to https on
the pxe boot doesn't work

> now foreman downloaded files from the mirror successfully, created the
> dchp reservation, and my pxe starts.
> however, the pxe dies :
> "unable to download the kickstart file. please modify the kickstart
> parameter…"
> the URL displayed is
> http://foreman.domain.com/unattended/provision

Check the /var/log/foreman/production.log file when this happens and see
if a) a request came in, and b) there were any errors. When Foreman
receives the kickstart request, it also adds the client to the
autosign.conf file for Puppet, so this sometimes causes an error you
won't see when using the spoof URL.

> I see the base URL in More / Settings / General / Foreman_URL.
> I also see the template itself here:
> default linux
> label linux
> kernel <%= @kernel %>
> append initrd=<%= @initrd %> ks=<%= foreman_url("provision")%>
> ksdevice=bootif network kssendmac
>
> I also see this url when I look at the template:
> https://foreman.domain.com/unattended/provision?spoof=10.224.98.180
>
> my foreman server is running https, but it looks like the pxe boot wants
> to use http, and I don't see a way to fix this. changing the URL to
> https on the pxe boot doesn't work

anaconda only recently got HTTPS support, so you'll need to use the HTTP
URL, which Foreman defaults to for this.

My /var/log/foreman/production.log does NOT get updated when the client
sends a kickstart request
my file /etc/puppet/autosign.conf has just one line in it:
*.domain.com
if I perform puppet cert list --all, I do have an SHA256 cert for the
server I'm trying to kickstart (it previously had an OS and is listed in
foreman)

one possible problem that may be causing this - I have puppet, foreman, and
foreman-proxy on the same server, and I'm using a cname for foreman. The
fqdn is hq-puppet-01.domain.com.
I have cnames for both foreman.domain.com and puppet.domain.com
The URL for the foreman proxy https://hq-puppet-01.domain.com:8443
This is the only URL that works for the foreman proxy.
However, the foreman URL is simply foreman.domain.com

Thanks!

won't see when using the spoof URL.

> My /var/log/foreman/production.log does NOT get updated when the client
> sends a kickstart request
> my file /etc/puppet/autosign.conf has just one line in it:
> *.domain.com
> if I perform puppet cert list --all, I do have an SHA256 cert for the
> server I'm trying to kickstart (it previously had an OS and is listed in
> foreman)
>
> one possible problem that may be causing this - I have puppet, foreman,
> and foreman-proxy on the same server, and I'm using a cname for foreman.
> The fqdn is hq-puppet-01.domain.com.
> I have cnames for both foreman.domain.com and puppet.domain.com
> The URL for the foreman proxy https://hq-puppet-01.domain.com:8443
> This is the only URL that works for the foreman proxy.
> However, the foreman URL is simply foreman.domain.com
>
> Thanks!
>
>
I have decided that my apache config must be to blame. Here's my current
config for foreman, which doesn't mention port 80…
[snip]
Listen 443
NameVirtualHost *:443
LoadModule ssl_module modules/mod_ssl.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

<VirtualHost *:443>
ServerName foreman.domain.com
RailsAutoDetect On
DocumentRoot /usr/share/foreman/public

<Directory /usr/share/foreman/public>
Options FollowSymLinks
DirectoryIndex index.html
AllowOverride None
Order allow,deny
allow from all
</Directory>

SSLEngine On
SSLCertificateFile /var/lib/puppet/ssl/certs/hq-puppet-01.domain.com.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/hq-puppet-01.domain.com.pem

</VirtualHost>
[snip]

I see the current version of the template is here
https://github.com/theforeman/puppet-foreman/blob/master/templates/foreman-vhost.conf.erb

I've tried to hack my config to match it, but it isn't working yet - port
80 now works, but 443 does not…
[snip]
LoadModule ssl_module modules/mod_ssl.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

<VirtualHost *:80>
ServerName foreman.domain.com
ServerAlias foreman
DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman

RailsAutoDetect On
AddDefaultCharset UTF-8
</VirtualHost>

<VirtualHost *:443>
ServerName foreman.domain.com
ServerAlias foreman

RailsAutoDetect On
DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman

#<Directory /usr/share/foreman/public>
#Options FollowSymLinks
#DirectoryIndex index.html
#AllowOverride None
#Order allow,deny
#allow from all
#</Directory>

SSLEngine On
#SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.DOMAIN_PH.pem
#SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.DOMAIN_PH.pem

SSLCertificateFile /var/lib/puppet/ssl/certs/hq-puppet-01.domain.com.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/hq-puppet-01.domain.com.pem

</VirtualHost>
[snip]

Your original config had a "Listen 443" line and a NameVirtualHost line
in it, which have been removed. Try putting those back?

> Your original config had a "Listen 443" line and a NameVirtualHost line
> in it, which have been removed. Try putting those back?
>
> –
> Dominic Cleal
> Red Hat Engineering
>
That solved one problem. Ironically the error message on the pxeboot
didn't change any, but the I got this in /var/log/foreman/production.log
[snip]
Started GET "/unattended/provision" for 10.224.98.180 at Fri Apr 19
11:41:13 -0700 2013
Processing by UnattendedController#provision as
Found hq-pxetest-01.domain.com
Remove puppet certificate for hq-pxetest-01.domain.com
Adding autosign entry for hq-pxetest-01.domain.com
Failed to add hq-pxetest-01.domain.com to autosign file: 406 Not Acceptable
Rendered text template (0.0ms)
Completed 500 Internal Server Error in 6284ms (Views: 2.2ms | ActiveRecord:
22.0ms)
[snip]

After I ran this
chown foreman-proxy:foreman-proxy /etc/puppet/autosign.conf

I was able to have foreman install its first ever server

thank you very much Dominic!

The moral of the story here is use the foreman installer!!!