TFTP kickstart files are not being generated for newly provisioned host

kurtis32 · August 16, 2018, 10:02pm

Hi All,

I’m having an issue with templates not being created in TFTP directory.

Subnet is configure to use templates via smart proxy.

Logs show: GET /unattended/templateServer HTTP/1.1" 404

Before the server reboots: PUT /discovery/172.22.1.75/power/kexec HTTP/1.1" 200

No files are generated for this host in /var/lib/tftpboot/pxelinux.cfg/

PXE default templates can be built with UI.

Provisioning via the discovery image 3.4.4

Foreman Proxy version foreman-proxy-1.19.0-0.1.RC

I only have one template associated with OS I’m trying to provision: Discovery Red Hat kexec

Been stuck for a few days. Any help would be appreciated.

Its must be a config issue somewhere

Dirk · August 17, 2018, 6:42am

I only have one template associated with OS I’m trying to provision: Discovery Red Hat kexec

This should be the problem, for PXE provisioning you should have at least one PXE template generating the PXE configuration and one Provisioning template like a Kickstart, Preseed, Autoyast.

upadhyeammit · August 17, 2018, 7:18am

Also check if you have tftp smart proxy associated with the subnet on which you are provisioning system. If its not there then associate it, if smart proxy is not having tftp feature enabled then you would need to re-run installer and enable it.

kurtis32 · August 17, 2018, 7:05pm

Thanks All for reply.

@Dirk I added default Linux PXE template.

@upadhyeammit Double checked and made sure TFTP was associated with smart proxy.

I’m still seeing the same behavior.

PS if anyone has the time to screen share and help me get this running I’m willing to pay a few hundred

GET /unattended/templateServer HTTP/1.1" 404 27 0.0005

PUT /discovery/172.22.1.75/power/kexec HTTP/1.1" 200 15 2.5112

Only can attached a single screen shots to verify.

!

kurtis32 · August 18, 2018, 2:06am

@Dirk Thanks!

KickStart files are now being generated after adding a PXELinux and a finish template!

The proxy is still having issues connecting to the template URL: /unattended/templateServer

I also notice after the kexec variable foreman_url('provision') will only generate an HTTPS URL that the anaconda installer will error out on:

ERROR – : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca /usr/share/ruby/openssl/ssl.rb:280:in `accept’

Template 404 Error:

GET /unattended/templateServer HTTP/1.1" 404 27 0.0008
GET /unattended/templateServer HTTP/1.1" 404 27 0.0005
GET /features HTTP/1.1" 200 55 0.0005
GET /unattended/templateServer HTTP/1.1" 404 27 0.0005
POST /tftp/PXELinux/a0:36:9f:c3:6e:ce HTTP/1.1" 200 - 0.0012
POST /tftp/fetch_boot_file HTTP/1.1" 200 - 0.0082
POST /tftp/fetch_boot_file HTTP/1.1" 200 - 0.0008

Thanks,

Kurtis

kurtis32 · August 20, 2018, 3:33am

The 404 issue with the template plugin on the smart proxy was a config issue within TFTP plugin.

Updating the Template URL to use IP address and setting enabled to True instead of http did the trick.

Also disabling puppet.yml and puppetca.yml from the smart proxy seemed to resolve the SSL issue with anaconda installer.

settings.d/templates.yml:

-:enabled: http
+:enabled: true

-:template_url: http://myhostname:8000
+:template_url: http://<IP_addr>:8000

kurtis32 · August 20, 2018, 4:05am

Getting close but still having some issues.

Kick start files are being generated and kexec call restarts server. When provisioned host attempts to pull TFTP files Smart Proxy responds with a 500 error.

Error can be traced to foreman production.log:

=Started GET "/unattended/provision?token=02b1304e-a2ee-404f-84d0-7b9e3c72ff85&static=yes&url=http%3A%2F%2F172.xx.x.xx%3A8000" for fe80::2a89:3b30:a2c:f06f at 2018-08-19 23:52:23 -0400
Processing by UnattendedController#host_template as TEXT
 Parameters: {"token"=>"02b1304e-a2ee-404f-84d0-7b9e3c72ff85", "static"=>"yes", "url"=>"http://172.22.1.73:8000", "kind"=>"provision", "unattended"=>{}}
Current user set to foreman_api_admin (admin)
Found maca0369fc36ece.prod.dc3
Current organization set to none
Current location set to none
Current location set to none
Current organization set to none
unable to find provision template for maca0369fc36ece.prod.dc3 running Centos 7
 Rendering text template
Rendered text template (0.0ms)
Completed 404 Not Found in 43ms (Views: 0.5ms | ActiveRecord: 11.0ms)

/var/log/foreman-proxy/proxy.log:


GET /unattended/provision?token=a8c8e999-5c5b-4ad1-9c07-8d9c73122467&static=yes HTTP/1.1" 500 357 0.0894

ERROR -- : Connection reset by peer (Errno::ECONNRESET)

I’m starting to think this maybe an issue with the templates I’m using for the hostgroup:

PXELinux template,
Discovery Kexec template
Finish template

If anything is glaringly in the logs please let me know.

Will update when I get this all sorted out!

Thanks,

-Kurtis

lzap · August 21, 2018, 7:47am

Hello there!

I had a day off but looks like you are doing great progress here

The 404 error on this URL means you haven’t enabled templates smart proxy plugin or it has been brought dome due to misconfiguration. Check proxy logs, refresh “features” do you still see templates one?

Another known issue, Anaconda will NOT work with any HTTPS kickstart URL unless you build it yourself and add the CA file.

Hmm connection reset means that templates plugin was not able to proxy to foreman server, is foreman_url set properly? Firewalls?