Httpboot debian bare-metal

Support
1

**Problem:**Hey,

We want to install Debian bare-metal clients via httpboot.

We have set all features in /etc/foreman-installer/scenarios.d/foreman-proxy-content-answers.yaml:
foreman_proxy:

http: true

http_port: 8000

httpboot: true

httpboot_listen_on: both

When attempting to install a client via Grub2 UEFI httpboot, the following message appears in the proxy log:

/httpboot/host-config/MAC/grub2/grub.cfg with 404

Expected outcome:

Foreman and Proxy versions: Foreman 3.17.1 Proxy: 3.17.1

**Foreman and Proxy plugin versions:**Installed Packages

  • candlepin-4.6.4-2.el9.noarch

  • candlepin-selinux-4.6.4-2.el9.noarch

  • dynflow-utils-1.6.3-1.el9.x86_64

  • foreman-3.17.1-1.el9.noarch

  • foreman-cli-3.17.1-1.el9.noarch

  • foreman-dynflow-sidekiq-3.17.1-1.el9.noarch

  • foreman-installer-3.17.1-1.el9.noarch

  • foreman-installer-katello-3.17.1-1.el9.noarch

  • foreman-postgresql-3.17.1-1.el9.noarch

  • foreman-proxy-3.17.1-1.el9.noarch

  • foreman-redis-3.17.1-1.el9.noarch

  • foreman-release-3.17.1-1.el9.noarch

  • foreman-selinux-3.17.1-1.el9.noarch

  • foreman-service-3.17.1-1.el9.noarch

  • katello-4.19.1-1.el9.noarch

  • katello-certs-tools-2.10.0-1.el9.noarch

  • katello-client-bootstrap-1.7.9-2.el9.noarch

  • katello-common-4.19.1-1.el9.noarch

  • katello-repos-4.19.1-1.el9.noarch

  • katello-selinux-5.2.0-1.el9.noarch

  • pulpcore-obsolete-packages-1.3.0-1.el9.noarch

  • pulpcore-selinux-2.2.0-1.el9.x86_64

  • python3.12-pulp-ansible-0.28.0-1.el9.noarch

  • python3.12-pulp-cli-0.32.3-1.el9.noarch

  • python3.12-pulp-container-2.26.3-1.el9.noarch

  • python3.12-pulp-deb-3.7.0-2.el9.noarch

  • python3.12-pulp-glue-0.32.3-1.el9.noarch

  • python3.12-pulp-python-3.19.1-1.el9.noarch

  • python3.12-pulp-rpm-3.32.5-1.el9.noarch

  • python3.12-pulp_manifest-3.0.0-7.el9.noarch

  • python3.12-pulpcore-3.85.1-2.el9.noarch

  • rubygem-dynflow-1.9.3-1.el9.noarch

  • rubygem-foreman-tasks-11.0.6-1.fm3_17.el9.noarch

  • rubygem-foreman_ansible-17.0.2-2.fm3_17.el9.noarch

  • rubygem-foreman_maintain-1.13.6-1.el9.noarch

  • rubygem-foreman_openscap-12.0.1-2.fm3_17.el9.noarch

  • rubygem-foreman_remote_execution-16.3.1-1.fm3_17.el9.noarch

  • rubygem-foreman_vault-3.0.0-1.fm3_15.el9.noarch

  • rubygem-foreman_webhooks-4.0.2-1.fm3_17.el9.noarch

  • rubygem-hammer_cli-3.17.0-1.el9.noarch

  • rubygem-hammer_cli_foreman-3.17.0-1.el9.noarch

  • rubygem-hammer_cli_foreman_remote_execution-0.3.4-1.fm3_17.el9.noarch

  • rubygem-hammer_cli_foreman_tasks-0.0.24-1.fm3_17.el9.noarch

  • rubygem-hammer_cli_katello-1.19.0-1.el9.noarch

  • rubygem-katello-4.19.1-1.el9.noarch

  • rubygem-pulp_ansible_client-0.28.0-1.el9.noarch

  • rubygem-pulp_certguard_client-3.85.1-1.el9.noarch

  • rubygem-pulp_container_client-2.26.2-1.el9.noarch

  • rubygem-pulp_deb_client-3.7.0-1.el9.noarch

  • rubygem-pulp_file_client-3.85.1-1.el9.noarch

  • rubygem-pulp_ostree_client-2.5.0-2.el9.noarch

  • rubygem-pulp_python_client-3.19.1-1.el9.noarch

  • rubygem-pulp_rpm_client-3.32.2-1.el9.noarch

  • rubygem-pulpcore_client-3.85.1-1.el9.noarch

  • rubygem-smart_proxy_pulp-3.4.0-1.fm3_13.el9.noarch

Distribution and version:Server ALMA 9.7 Client Debian 13

Other relevant data:

ll /var/lib/tftpboot/
total 488
drwxr-xr-x. 2 foreman-proxy root 4096 Mar 20 10:25 boot
drwxr-xr-x. 3 foreman-proxy root 22 Mar 18 13:10 bootloader-universe
-rw-r–r–. 1 foreman-proxy root 25112 Jun 2 2025 chain.c32
drwxr-xr-x. 2 foreman-proxy root 4096 Mar 17 11:17 grub
drwxr-xr-x. 2 foreman-proxy root 8192 Mar 23 16:26 grub2
drwxr-xr-x. 4 foreman-proxy root 56 Mar 20 10:25 host-config
-rw-r–r–. 1 foreman-proxy root 115844 Jun 2 2025 ldlinux.c32
-rw-r–r–. 1 foreman-proxy root 179456 Jun 2 2025 libcom32.c32
-rw-r–r–. 1 foreman-proxy root 23508 Jun 2 2025 libutil.c32
-rw-r–r–. 1 foreman-proxy root 11012 Jun 2 2025 mboot.c32
-rw-r–r–. 1 foreman-proxy root 25884 Jun 2 2025 memdisk
-rw-r–r–. 1 foreman-proxy root 26148 Jun 2 2025 menu.c32
drwxr-xr-x. 2 foreman-proxy root 6 Jun 2 2025 poap.cfg
-rw-r–r–. 1 foreman-proxy root 42686 Jun 2 2025 pxelinux.0
drwxr-xr-x. 2 foreman-proxy root 4096 Mar 23 16:26 pxelinux.cfg
drwxr-xr-x. 2 foreman-proxy root 6 Jun 2 2025 ztp.cfg
cat /etc/foreman-proxy/settings.d/httpboot.yml

Enable publishing of a given directory under /EFI and /httpboot paths.

Directory listing is not possible, symlinks are followed but not outside

of the root directory specified in this file.

Enables the module, make sure to enable TFTP module as well to allow

configuration files deployment.

:enabled: true
:root_dir: /var/lib/tftpboot

When you create a new client in Foreman, it is added to:

/var/lib/tftpboot/grub2/grub.cfg-MAC, and a folder is created at:

/var/lib/tftpboot/host-config/MAC-ADRESS, with the following contents:

/var/lib/tftpboot/host-config/MAC/grub2 #

lrwxrwxrwx. 1 foreman-proxy foreman-proxy 26 Mar 25 09:53 boot-sb.efi → ../../../grub2/shimx64.efi

lrwxrwxrwx. 1 foreman-proxy foreman-proxy 26 Mar 25 09:53 boot.efi → ../../../grub2/grubx64.efi

lrwxrwxrwx. 1 foreman-proxy foreman-proxy 44 Mar 25 09:53 grub.cfg-MAC → ../../../ grub2/grub.cfg-MAC

lrwxrwxrwx. 1 foreman-proxy foreman-proxy 41 Mar 25 09:53 grub.cfg-MAC → ../../../ grub2/grub.cfg-MAC

lrwxrwxrwx. 1 foreman-proxy foreman-proxy 26 Mar 25 09:53 grubx64.efi → ../../../grub2/grubx64.efi

lrwxrwxrwx. 1 foreman-proxy foreman-proxy Mar 26, 2025 09:53 shimx64.efi → ../../../grub2/shimx64.efi

cat /etc/httpd/conf/httpd.conf

Security

ServerTokens Prod
ServerSignature On
TraceEnable Off

ServerName “SERVER”
ServerRoot “/etc/httpd”
PidFile run/httpd.pid
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
LimitRequestFieldSize 8190
LimitRequestFields 100

Protocols h2 h2c http/1.1

User apache
Group apache

AccessFileName .htaccess
<FilesMatch “^.ht”>
Require all denied

Options FollowSymLinks AllowOverride None

HostnameLookups Off
ErrorLog “/var/log/httpd/error_log”
LogLevel warn
EnableSendfile On

#Listen 80

Include “/etc/httpd/conf.modules.d/.load"
Include "/etc/httpd/conf.modules.d/.conf”
Include “/etc/httpd/conf/ports.conf”

LogFormat “%a %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%a %l %u %t “%r” %>s %b” common
LogFormat “%{Referer}i → %U” referer
LogFormat “%{User-agent}i” agent
LogFormat “%{X-Forwarded-For}i %l %u %t “%r” %s %b “%{Referer}i” “%{User-agent}i”” forwarded

IncludeOptional “/etc/httpd/conf.d/*.conf”

What isn’t working here?

2

Good morning,

Is anyone else having the same issues with httpboot? Or does UEFI use httpboot? How exactly does it need to be configured so that the grub.cfg file is in the right folder and can be used properly?

Thanks!