Tutorial: Full host bootdisk IPv6 only provisioning

Foreman offers many provisioning workflows including PXE with or without discovery of nodes, bootdisk-based or kexec-based installation on PXE-less networks on bare-metal, virtualization and clouds. As of today, Foreman cannot manage IPv6 DHCP servers, however it is possible to utilize Full host bootdisk to do the job. These are my notes from setting up my test environment to verify.

Prerequisites:

  • Foreman 1.20+ repositories
  • A host in IPv6 network with IPv6 connectivity to the internet
  • Some time for troubleshooting

My testing setup was a little bit different, because in my home labs I don’t have IPv6 connectivity to the internet. This is on my TODO, however I needed to test this scenario now. So what I did were few extra steps which can be skipped with IPv6 internet. I will properly mark them in the text.

I installed RHEL7 and configured IPv6 static address fd00:aaaa:bbbb:cc::2 with gateway fd00:aaaa:bbbb:cc::1 using nmcli. Also made sure the fqdn resolves to to the IPv6 address and not localhost:

cat /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
fd00:aaaa:bbbb:cc::1 gw.ipsix.lan
fd00:aaaa:bbbb:cc::2 fivesix.ipsix.lan

Skip with IPv6 internet connectivity: Then I configured RHSM with proxy to be able to fetch Satellite packages. On CentOS this should be possible to do via change of yum configuration too.

grep proxy /etc/rhsm/rhsm.conf
proxy_hostname = gw.ipsix.lan
proxy_port = 3128
proxy_user =
proxy_password =

Then I followed the usual Satellite installation:

subscription-manager register
subscription-manager attach --pool=XXX
subscription-manager repos --disable "*"
subscription-manager repos --enable rhel-7-server-rpms \
  --enable rhel-server-rhscl-7-rpms \
  --enable rhel-7-server-satellite-6.5-rpms \
  --enable rhel-7-server-satellite-maintenance-6-rpms \
  --enable rhel-7-server-extras-rpms \
  --enable rhel-7-server-optional-rpms \
  --enable rhel-7-server-ansible-2.6-rpms
yum -y install satellite yum-utils

Due to bug in Satellite puppet installer (https://bugzilla.redhat.com/show_bug.cgi?id=1721108) qpid daemon is configured with IPv4 only. Commented out line interface= in /usr/share/katello-installer-base/modules/qpid/templates/qpidd.conf.erb as a workaround. Yet, I was seeing some error messages repeating over and over again in syslog so it looks like some work must be done on IPv6-only qpidd deployment. Then I performed:

foreman-installer -v --scenario satellite --foreman-initial-organization=MyOrg --foreman-initial-location=MyLoc --foreman-admin-password=changeme

It is important to start with zero managed services (DHCP, DNS etc) becuase I have no idea what works and what does not on IPv6-only system. You can always enable other services later on. Then I did the usual:

firewall-cmd --permanent \
  --add-port="53/udp" \
  --add-port="53/tcp" \
  --add-port="67/udp" \
  --add-port="68/udp" \
  --add-port="69/udp" \
  --add-port="80/tcp" \
  --add-port="389/tcp" \
  --add-port="443/tcp" \
  --add-port="636/tcp" \
  --add-port="5646/tcp" \
  --add-port="5647/tcp" \
  --add-port="8000/tcp" \
  --add-port="8140/tcp" \
  --add-port="8443/tcp" \
  --add-port="9090/tcp"
firewall-cmd --reload

Because the unattended_url is seet to http://fivesix.ipsix.lan there must be DNS server with AAAA record. But because foreman-installer does not yet support IPv6 only DNS managed server deployment, I simply installed dnsmasq and enabled it to listen on all interfaces:

# grep -v '^#' /etc/dnsmasq.conf | sort
bind-interfaces

I made sure the system correctly resolves the FQDN:

# host -6t AAAA fivesix.ipsix.lan
fivesix.ipsix.lan has IPv6 address fd00:aaaa:bbbb:cc::2

Skip with IPv6 internet connectivity: Both Foreman Bootisk plugin and then Anaconda need need to fetch kernel and initramdisk, but since I have no internet connection on my network I created a “fake” mirror:

# cat /etc/httpd/conf.d/mirror.conf
<VirtualHost *:80>
  ServerName mirror.centos.org
  DocumentRoot "/var/www/html/pub"

<Location />
  <IfModule mod_passenger.c>
    PassengerEnabled off
  </IfModule>
  Options +FollowSymLinks +Indexes
  Require all granted
</Location>
</VirtualHost>

Skip with IPv6 internet connectivity: Updating hosts file is enough, dnsmasq will pick it up automatically by default:

cat /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
fd00:aaaa:bbbb:cc::1 gw.ipsix.lan
fd00:aaaa:bbbb:cc::2 fivesix.ipsix.lan mirror.centos.org

Skip with IPv6 internet connectivity: Trust but test!

# host -6t AAAA mirror.centos.org
mirror.centos.org has IPv6 address fd00:aaaa:bbbb:cc::2

After configuration of fd00:aaaa:bbbb:cc::/64 IPv6 subnet in Foreman interface, I was able to generate Full host bootdisk after some changes of the PXELinux and Kickstart templates - there were not yet ready for IPv6 provisioning subnet and interface: https://github.com/theforeman/community-templates/pull/600

There are two warnings during boot: unknown keyword IPAPPEND and unkonwn kernel “menu” but this is expected since IPAPPEND is not valid command for SYSLINUX and menu.c32 is missing on Full host bootdisk. These are just warnings, then Anaconda kicks in, downloads kickstart and starts provisioning.

This is only part of the IPv6 bootdisk provisioning story, there are many other aspects that don’t work probably. I mentioned DNS which Ewould is taking a look already, also I saw some qpidd problems which could block Katello plugin and/or Pulp from synchronizing Red Hat content. There’s still lot of work to do, but from the bootstrapping standpoint it’s job done.