Some direction/advice on setting up pxe boot with Foreman

Problem:
I am new to Foreman and my Linux experience is mid-level at best, I used to be very involved in Linux, and for a long time now I have been away from Linux, but it coming back into my job description.

In any event I want to use Foreman as a pxe boot server to deploy bare metal images and also pxe boot stuff in our VMware environment. Can you point me in the direction with either some user guides or some directions for Linux novices on installing tftp, dhcp, etc. to properly get Foreman up and running to receive network boot connections to run from installation media, iso’s. etc?

Thank you.

Hi @lbetson and welcome to the fore-um!

The case you describe is luckily fairly “vanilla” thanks to the “foreman-installer” (I didn’t really realize this at first, but this puppy installs and configures all the ingredients needed for doing a PXE set-up; at least, as long as you don’t immediatelly start with more complex set-ups with external servers etc.). I’d recommend (manually) creating a VM, installing CentOS and then follow the steps documented on the following link (but, in the drop down you’ll have to select “CentOS” first):
https://theforeman.org/manuals/1.20/index.html#2.1Installation

After you’ve installed all required packages, at some point you’ll be asked to run “foreman-installer”; I’d recommend running this in interactive mode, by passing the “-i” parameter. This will give you a menu from which you can configure A LOT… REALLY.

The settings that you really want to look out for, are the DHCP and DNS settings, which are under the “foreman-proxy” menus. Looking at my notes, these are:

  dhcp: **true**
  dhcp_listen_on: https
  dhcp_managed: true
  dhcp_provider: isc
  dhcp_subnets: []
  dhcp_option_domain: [ **<your domain here>** ]
  dhcp_search_domains: 
  dhcp_interface: **eth0**
  dhcp_additional_interfaces: []
  dhcp_gateway: **< your gateway here >**
  dhcp_range: **< your range here, e.g. 192.168.0.1 192.168.0.200 >**
  dhcp_pxeserver:
  dhcp_nameservers: < ip address of your box >

Also, enable TFTP:

  tftp: true
  tftp_listen_on: https
  tftp_managed: true

for DNS

  dns: true
  dns_listen_on: https
  dns_managed: true
  dns_provider: nsupdate
  dns_interface: **eth0**
  dns_zone: **< your domain you want to control here >**

That’s basically the gist of it at least.
Big bonus tip: really take a look at the logs that foreman spews, it’s very valuable to get this up and running. Once you get the hang of it, though, it will really be easy to set this up and you’ll know what to look for.

Okay, now that you have the system installed, you’ll have to log in to the website (the installer gives you all the details, as well as the login and password).
In the website, you’ll have to create a domain matching up to the one configured and you’ll have to configure it to use your machine as smart-proxy (there will only be on in the list)

You’ll also have to do the same for the subnet (or you can import it from the smart-proxy menu); again, let all proxies point to your smart-proxy!

Finally you’ll have to create an Operating System, e.g. CentOS and associate the CentOS mirror.

You’re almost there! Bear with me; there’s this thing called “provisioning templates”, you’ll have to associate, in case of CentOS, the “Kickstart” templates to your newly created OS. After this is done, you’ll have to edit your OS and tell it which templates to use (again, there will only be one for each type). While in the provisioning templates menu, also click on “Build PXE Default” as this actually deploys some mandatory files to your smart-proxy (you’ll have to repeat this step each time you’d add a smart proxy).

ANYWAY, I’ve really birdviewed this topic but I’d be happy to help you out as you move on; But definitely take a look around on the forum as there are a lot of people walking in your shoes and you could probably learn from the already provided answers as well (as they’ll be more detailed than this one probably).

Kind regards and best of luck!

That’s great, thank you. I have already installed Foreman but I did not go through the interactive setup. My installation was a foreman-katello scenario because we also want foreman to do content management for us.

Is it possible to rerun parts of the foreman installer to make sure the dhcp, dns, and tftp options can be set or do I have to scrap my foreman installation and start over. I sre hope not I already have clients installed, repos set up, etc. Please advice. Thank you.

Hey! I’m not familiar with Katello but I think it will be possible to rerun the installer and enable DHCP, DNS etc (wouldn’t know why it won’t work :-)).

Yes, the installer is designed so that you can re-run it and it will only apply whatever changes you’ve made to the settings (it is actually a wrapper around a bunch of puppet modules, and it saves its previous settings in an answers.yaml file). Note that any manual changes you’ve made to the configuration files since running the installer may get overwritten. In fact, the recommended method of changing settings in a persistent manner is to modify the installer settings and rerun it.

Might be worth pointing out that running the installer with “-v --noop” options will do a dry-run and print out everything that would have been changed without actually touching anything.

Here is my snippet from “everyday Katello installation with provisioning”, my use case is testing only setup in a libvirt NAT network:

# Set user password
if (foreman-installer -h | grep foreman-initial-admin-password); then
  INITIAL_CMD="--foreman-initial-admin-password=$PASS"
else
  INITIAL_CMD="--foreman-admin-password=$PASS"
fi

# Installer options 6.3 compatible
foreman-installer -v --scenario $SCENARIO \
  --puppet-runmode none \
  --foreman-organizations-enabled true \
  --foreman-locations-enabled true \
  --foreman-initial-organization=$ORG \
  --foreman-initial-location=$LOC \
  $INITIAL_CMD \
  --enable-foreman-plugin-discovery \
  --enable-foreman-plugin-bootdisk \
  --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh \
  --enable-foreman-plugin-openscap --enable-foreman-proxy-plugin-openscap \
  --foreman-proxy-http=true \
  --foreman-proxy-dns true \
  --foreman-proxy-dns-interface $NICDEV \
  --foreman-proxy-dns-forwarders 192.168.${NATLAN}.1 \
  --foreman-proxy-dns-zone nat.lan \
  --foreman-proxy-dns-reverse ${NATLAN}.168.192.in-addr.arpa \
  --foreman-proxy-dhcp true \
  --foreman-proxy-dhcp-interface $NICDEV \
  --foreman-proxy-dhcp-gateway=192.168.${NATLAN}.1 \
  --foreman-proxy-dhcp-range="192.168.${NATLAN}.10 192.168.${NATLAN}.109" \
  --foreman-proxy-dhcp-nameservers="192.168.${NATLAN}.${IP}" \
  --foreman-proxy-tftp true \
  --foreman-proxy-tftp-servername=192.168.${NATLAN}.${IP} \
  --foreman-proxy-puppet true \
  --foreman-proxy-puppetca true \
  --foreman-proxy-templates true \
  --foreman-proxy-logs true \
  --foreman-proxy-register-in-foreman true

In my case I ran the foreman katello scenario. Are you saying that, in my case, I should modify the katello-answers.yaml file to include things like dhcp:true instead of false , etc. and then just rerun the installer? Since I used the foreman katello scenario do I have to rerun the installer with the katello option again? Or just the foreman-installer

I already have a bunch of hosts checking in, repos set up, etc. hours of work and I would hate to have to reconfigure it all. Thank you for all of your help.

Easiest and probably best way to do it would be to run something like this:

foreman-installer --foreman-proxy-dhcp true --foreman-proxy-tftp true --foreman-proxy-dns true

I am sure at least some of these will need some aditional parameters (look at @lzap’s answer for some hints).

foreman-installer uses everything from answers.yaml as a default and you can override those with parameters to foreman-installer. When you pass new/changed parameters, these are then again written to answers.yaml and used as default values for the next run. You also do not have to specify the scenario each time since it will always use the scenario that you used the first time. If you by accident try to use a different scenario, the installer will fail since that is not supported.

Hi so I am using Foreman, and I already have PXE setup in other locations but its not working in Frankfurt, how would I go about making sure it works there?

pxe-bootnormally1964×944 42.4 KB

Any help would be greatly appreciated.