Foreman offers many provisioning workflows including PXE with or without discovery of nodes, bootdisk-based or kexec-based installation on PXE-less networks on bare-metal, virtualization and clouds. As of today, Foreman cannot manage IPv6 DHCP servers, however it is possible to utilize Full host bootdisk to do the job. These are my notes from setting up my test environment to verify.
- Foreman 1.20+ repositories
- A host in IPv6 network with IPv6 connectivity to the internet
- Some time for troubleshooting
My testing setup was a little bit different, because in my home labs I don’t have IPv6 connectivity to the internet. This is on my TODO, however I needed to test this scenario now. So what I did were few extra steps which can be skipped with IPv6 internet. I will properly mark them in the text.
I installed RHEL7 and configured IPv6 static address
fd00:aaaa:bbbb:cc::2 with gateway
nmcli. Also made sure the fqdn resolves to to the IPv6 address and not localhost:
cat /etc/hosts ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 fd00:aaaa:bbbb:cc::1 gw.ipsix.lan fd00:aaaa:bbbb:cc::2 fivesix.ipsix.lan
Skip with IPv6 internet connectivity: Then I configured RHSM with proxy to be able to fetch Satellite packages. On CentOS this should be possible to do via change of yum configuration too.
grep proxy /etc/rhsm/rhsm.conf proxy_hostname = gw.ipsix.lan proxy_port = 3128 proxy_user = proxy_password =
Then I followed the usual Satellite installation:
subscription-manager register subscription-manager attach --pool=XXX subscription-manager repos --disable "*" subscription-manager repos --enable rhel-7-server-rpms \ --enable rhel-server-rhscl-7-rpms \ --enable rhel-7-server-satellite-6.5-rpms \ --enable rhel-7-server-satellite-maintenance-6-rpms \ --enable rhel-7-server-extras-rpms \ --enable rhel-7-server-optional-rpms \ --enable rhel-7-server-ansible-2.6-rpms yum -y install satellite yum-utils
Due to bug in Satellite puppet installer (https://bugzilla.redhat.com/show_bug.cgi?id=1721108) qpid daemon is configured with IPv4 only. Commented out line
/usr/share/katello-installer-base/modules/qpid/templates/qpidd.conf.erb as a workaround. Yet, I was seeing some error messages repeating over and over again in syslog so it looks like some work must be done on IPv6-only qpidd deployment. Then I performed:
foreman-installer -v --scenario satellite --foreman-initial-organization=MyOrg --foreman-initial-location=MyLoc --foreman-admin-password=changeme
It is important to start with zero managed services (DHCP, DNS etc) becuase I have no idea what works and what does not on IPv6-only system. You can always enable other services later on. Then I did the usual:
firewall-cmd --permanent \ --add-port="53/udp" \ --add-port="53/tcp" \ --add-port="67/udp" \ --add-port="68/udp" \ --add-port="69/udp" \ --add-port="80/tcp" \ --add-port="389/tcp" \ --add-port="443/tcp" \ --add-port="636/tcp" \ --add-port="5646/tcp" \ --add-port="5647/tcp" \ --add-port="8000/tcp" \ --add-port="8140/tcp" \ --add-port="8443/tcp" \ --add-port="9090/tcp" firewall-cmd --reload
Because the unattended_url is seet to
http://fivesix.ipsix.lan there must be DNS server with AAAA record. But because foreman-installer does not yet support IPv6 only DNS managed server deployment, I simply installed dnsmasq and enabled it to listen on all interfaces:
# grep -v '^#' /etc/dnsmasq.conf | sort bind-interfaces
I made sure the system correctly resolves the FQDN:
# host -6t AAAA fivesix.ipsix.lan fivesix.ipsix.lan has IPv6 address fd00:aaaa:bbbb:cc::2
Skip with IPv6 internet connectivity: Both Foreman Bootisk plugin and then Anaconda need need to fetch kernel and initramdisk, but since I have no internet connection on my network I created a “fake” mirror:
# cat /etc/httpd/conf.d/mirror.conf <VirtualHost *:80> ServerName mirror.centos.org DocumentRoot "/var/www/html/pub" <Location /> <IfModule mod_passenger.c> PassengerEnabled off </IfModule> Options +FollowSymLinks +Indexes Require all granted </Location> </VirtualHost>
Skip with IPv6 internet connectivity: Updating hosts file is enough, dnsmasq will pick it up automatically by default:
cat /etc/hosts ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 fd00:aaaa:bbbb:cc::1 gw.ipsix.lan fd00:aaaa:bbbb:cc::2 fivesix.ipsix.lan mirror.centos.org
Skip with IPv6 internet connectivity: Trust but test!
# host -6t AAAA mirror.centos.org mirror.centos.org has IPv6 address fd00:aaaa:bbbb:cc::2
After configuration of fd00:aaaa:bbbb:cc::/64 IPv6 subnet in Foreman interface, I was able to generate Full host bootdisk after some changes of the PXELinux and Kickstart templates - there were not yet ready for IPv6 provisioning subnet and interface: https://github.com/theforeman/community-templates/pull/600
There are two warnings during boot: unknown keyword IPAPPEND and unkonwn kernel “menu” but this is expected since IPAPPEND is not valid command for SYSLINUX and menu.c32 is missing on Full host bootdisk. These are just warnings, then Anaconda kicks in, downloads kickstart and starts provisioning.
This is only part of the IPv6 bootdisk provisioning story, there are many other aspects that don’t work probably. I mentioned DNS which Ewould is taking a look already, also I saw some qpidd problems which could block Katello plugin and/or Pulp from synchronizing Red Hat content. There’s still lot of work to do, but from the bootstrapping standpoint it’s job done.