Having issue with foreman provisioning

Not sure what you mean by MOF, a screengrab might help.

unfortunately I’m not allowed to do that on these systems. PXE-M0F: Exiting Intel Boot Agent. is the error that comes up after a DHCP timeout.

It does look like DHCP is sending the IP/mac pair to the host as near as I can tell from the logs. I think its breaking at the next step.

TFTP server by default logs requests, do you see any activity there?

Just to be clear, does Foreman control the DHCP server? I.e. is it creating the DHCP reservations for this IP/MAC pair? Can you confirm the next-server IP is correct (that is, it points to the correct TFTP IP)?

Hi, Hope you had a nice Memorial Day weekend. The DHCP server on a separate box from the Foreman server. I see the next server line in the lease file, It appars to be part of a MAC address (two fields short). I was looking through the host information and the numbers do not appear to match anything I can find. The next server should point back to the server where the boot file is stored (in this case the Foreman server???)

It looks like TFTP on the foreman server is trying to grab the boot file but is not getting to the host.

smart-proxy ------ /tfpt/fetch-boot-file

Is there a NAT of firewall in between them? TFTP is UDP stateless protocol which won’t work without special care.

Not that I know off. Network guy is not here today so I can’t check the switch. Are there some tftpd logs I could check. Something appears to be killing the tftp service.

By default TFTP runs via Xinetd, so there will be no TFTP process running on a long term basis.

1 Like

FYI you can install tftp client and connect from any host, it’s very easy:

[lzap@box ~]$ cd /tmp
[lzap@box tmp]$ tftp localhost
tftp> get pxelinux.0
tftp> exit
[lzap@box tmp]$ ls

As easy as that.

ah thanks, so it would seem that dhcp is being blocked some place.

Is there away, besides looking at the logs to tell if DHCP is sending the IP/Mac over to the host.

In this case, tcpdump is your friend. Always rule out possibility of two DHCP servers.

Tried to transfer a file to my workstation via tftp and it does timeout.

I disabled SELinux (not sure if that helped), What I see on the tfpt server is a group of messages as follows:

Perhaps you can help me interpret:


“GET /version HTTP/1/1” 200 120 --> version
“GET /features HTTP/1.1” 200 46 --> features
“GET Pulp
“GET Tftp
POST /tftp/PXELINUX//HTTP/1.1” 200 0
POST /tftp/featch_boot_file HTTP/1/1” 200 0 -->/fetch_boot-file
POST " " " " "

It looks to me like the process is getting to TFTP. I know this is a bit abridged but am I looking at it correctly?

You’re looking at the Forrman proxy logs, which only matter when clicking build (and those logs look correct). The Foreman proxy isn’t involved in the actual TFTP boot process, that’s a conversation between the host, DHCP and TFTP.

If you can’t get a TFTP client to download the pxelinux.0 file on the host’s network, then you most likely have a network issue that needs to be resolved.

It is hard to follow, you say that tftp does not work. Then you paste bit from proxy.log which are few requests served. Those do not seem relevant to your problem with tftp. I am unable to tell if you are looking correctly.

If you want to solve TFTP connection issue, you need to talk to your network engineers. That would be firewall or NAT configuration preventing from accessing TFTP service.

I getting a ICMP host unreachable error - admin prohibited from tcpdumps. If turned off the firewall. Any thoughts? I’ve spoken to my network guy and he swears that there is nothing blocking at the switch.

Looks like it was a firewall issue. I disabled firewalld and I can now transfer files via TFTP.

1 Like

Never trust the network guys :slight_smile: