I have a new Foreman 1.21.0 server deployed on Ubuntu 18.04.
I’m attempting to provision my first vSphere VM from this new instance. I’ve successfully created a VM through Foreman, and hit the ‘Build’ button. A new file was successfully deposited in /var/lib/tftpboot/pxelinux.cfg. Here, it’s named 01-00-50-56-AA-AA-AA:
root@foreman:~# ll /var/lib/tftpboot/pxelinux.cfg
drwxr-xr-x 2 foreman-proxy root 4096 Mar 8 01:46 ./
drwxr-xr-x 8 root nogroup 4096 Jan 11 01:08 ../
-rw-r--r-- 1 foreman-proxy foreman-proxy 765 Mar 8 01:46 01-00-50-56-AA-AA-AA
-rw-r--r-- 1 foreman-proxy foreman-proxy 1048 Mar 8 01:23 default
After booting, the VM gets an IP address from the DHCP server, but throws the error PXE-E32: TFTP open timeout. The server side complains with this error:
Mar 8 01:46:50 foreman dhcpd: DHCPACK on 192.168.100.201 to 00:50:56:AA:AA:AA via ens224
Mar 8 01:46:50 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:46:52 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:46:56 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:47:02 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:47:10 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:47:20 foreman in.tftpd: tftpd: read: Connection refused
Mar 8 01:47:56 foreman in.tftpd: tftpd: read: Connection refused
Any idea what’s going on here? Is the server unable to read something?
I did upgrade the Foreman instance from 1.20.x to 1.21.x yesterday, but I don’t think that is relevant.
Ah, I think it’s referring to my TFTP server. My Foreman host is dual homed, with one NIC on the public network (With a hostname like foreman.example.org) and a second NIC on our provisioning network (192.168.x.x).
The DHCP client was, I think, telling the provisioned host to connect to the Public IP of our Foreman host. I believe I fixed this with the following command:
root@foreman:~# cat /etc/foreman-proxy/settings.d/tftp.yml
# TFTP management
# Defines the TFTP Servername to use, overrides the name in the subnet declaration
But that didn’t seem to alter the IP used by the tftp server configuration:
Generally speaking, avoid multihomed Foreman at all costs. It creates quite many problems to solve.
Now, that error simply means the client is unable to talk to your TFTP server. Is the IP address correct and reachable from the client? Try to spawn a VM from image in that network and try to download a file using “tftp” command line client.
Is the daemon listening on the correct interface? Firewall in the way? If you use NAT along the way, you need to load special TFTP handling module because TFTP is session less (UDP).
So, just to close up here. This error happened because I had the wrong IP for the Foreman Proxy Gateway. Rerunning with foreman-installer --foreman-proxy-dhcp-gateway="x.y.z", where the x.y.z is the IP of my Foreman host, fixed the issue.