Foreman 2.4 / Katello 4 - iPXE not working

Support
,
41

That is the sleep from intermediate script, you should get intermediate only when you boot a host without PXE Loader set. Let me explain. Intermediate script is only rendered when you add bootstrap=1 argument. That is only present in dhcpd.conf main configuration, the default section:

if exists user-class and option user-class = "iPXE" {
  filename "http://foreman.example.com/unattended/iPXE?bootstrap=1";
} elsif option architecture = 00:06 {
  filename "ipxe.efi";
} elsif option architecture = 00:07 {
  filename "ipxe.efi";
} elsif option architecture = 00:09 {
  filename "ipxe.efi";
} else {
  filename "undionly.0";
}

Once you provision a host, it will get a DHCP lease with filename overriide which should contain something like (this is pseudicode I do not remember this exactly):

host xyz {
  blah
  filename SOMETHING
}

Now, depending on your PXELoader setting, SOMETHING will be set to either pxelinux.0 if you chainload from PXE Linux, or grub2 or other options like “http://proxy:8000/unattended/iPXE” if you have iPXE Embedded (useful to boot VMs with iPXE embedded). I can’t tell what PXELoader you have, however there is one setting that will cause issues - that is “None”.

If you set it to None for a host, no filename option is deployed. Meaning the DHCP server falls back to the default option, which is the bootstrap=1 URL from dhcpd.conf. This is the only way I can think your host is getting to parsing sleep 30.

Good morning then, I am CET too. Ping me on IRC “lzap” or Matrix or maybe here when you are ready. Before noon preferred.

42

Hmm, interesting, in that case something changed after upgrading to Foreman 2.4. As I indeed do set the pxe_loader to be None in the playbook I run when creating host_groups.

I tried looking up any DHCP leases on the system (both versions), but was not able to find any, which is consistent with what you write. None means no lease info whatsoever, right?

o/

Sorry, I noticed this a bit too late :slight_smile: I’d be happy to show you, but I’m rather tight in my schedule this week, do you have time next monday, before noon?

43

None means there sill still be a DHCP reservation, it will, however, not have “filename” option. Meaning that DHCP servers would fallback to its default filename option, if set.

Ping me on IRC and if I am ready, then I am ready to go :slight_smile:

44

Hi @lzap

Sorry for falling of the face of the earth there :sweat_smile: I’ve been really busy moving to my new place and it took a lot more time then I anticipated…

Anyway to summarize:

  • With the post #14 fix in /usr/share/foreman/app/controllers/unattended_controller.rb the problem of unknown hosts not booting is fixed!

  • Known hosts still boot slow, as the template is unable to error out as it used to do and now waits 30 seconds before attempting a local disk boot

So let’s fix one problem at a time, what can I do to make sure that the fix lands in the next version of Katello? :slight_smile:

45

Can you rather test this patch instead of the manual change of the controller? Put it back and try this:

https://github.com/theforeman/smart-proxy/pull/790/files

46

I did, however it doesn’t fix the issue by itself. And scrolling up in the thread I noticed that I already did that earlier as well.

But back then I missed the suggestion from @ekohl to add a list of trusted_proxies in /etc/foreman/settings.yaml. In my case this comes down to:

# ... existing config
:trusted_proxies:
  - "127.0.0.0/8"
  - "::1"
  - "192.168.255.15"

And then, presto! It works :slight_smile:

47

My Puppet’s rather rusty and this will only work if the Foreman host has only a single IP address. But I think the fix for foreman-installer to maintain the trusted_proxies list looks a bit like this:

# Trusted proxy settings
:trusted_proxies:
  - "127.0.0.0/8"
  - "::1"
  - "<%= @ipaddress %>"

/usr/share/foreman-installer/modules/foreman/templates/settings.yaml.erb