What would be the best (easiest, least work, most resilient) way to set up foreman to be able to provision servers behind a NAT proxy using iPXE?
We have been doing this for years with regular pxelinux which provisions by MAC.
In setting up foreman (1.15.6) for use with iPXE, I believe we setup things in the standard way: pxelinux loads undionly-ipxe.0 with tftp which then loads http://${next-server}/unattended/iPXE.
From looking around here, I’m guessing we need to install the foreman_bootdisk plugin and have ?mac=${net0/mac} appended to the above URL.
you don’t need necessary foreman_bootdisk, iPXE template type is in core.
Bootdisk does give you ability to generate ISO mages, but some users use
iPXE in RHEV/oVirt/libvirt/qemu and boot into installer directly. In that
case you only need to do some changes on DHCP server.
The real solution to this is “mutli-homing support”, recently I have been trying to add this to Core [1] but the discussion seems to have stalled recently
You can workaround it for now by using a Host or Hostgroup parameter and modifying the templates to look for that parameter and use it when generating the URL if that parameter is specified.
Or you can use HTTP(S) PROXY for your iPXE request, Foreman tries to match REMOTE IP with the host/template, that obviously does not work behind NAT, but if there is a HTTP PROXY setting X-Forwarded-For HTTP header, Foreman will pick this up. I wrote a blogpost recently on this topic (WIP link):
Disregard my first comment, I missed “NAT” in your text. Then generic/subnet disk can help you out as it sends the required MAC address along, yes. Or you can generate your own iPXE script and use it in similar way. Just make sure the host is in build mode.
so the token is included when retrieving the ipxe script from foreman. We get the correct ipxe script for the host.
I think the token is better for us not only because of NAT but when we upgraded to 1.15 we had some duplicate IP’s and this caused other issues even for hosts not behind NAT.