Unable to deploy machine in UEFI mode

Problem: Can’t deploy machines in UEFI mode

Expected outcome: To be able to deploy machines in UEFI mode

Foreman and Proxy versions: 3.0.2

Foreman and Proxy plugin versions: foreman_discovery 18.0.5, foreman_bootdisk 18.0.0

Distribution and version: 3

Other relevant data:
I am trying to deploy a machine in UEFI mode after manually building the host in foreman and booting from the ISO. It works fine in BIOS mode. After turning on debug in foreman-proxy, I keep seeing this error, but not sure what it means. Any help would be greatly appreciated.

2024-01-09T07:03:46 [D] close: x.x.x.162:54390
2024-01-09T07:03:46 [D] accept: x.x.x.162:54404
2024-01-09T07:03:46 [D] Rack::Handler::WEBrick is invoked.
2024-01-09T07:03:46 6693c92f [I] Started POST /tftp/fetch_boot_file
2024-01-09T07:03:46 6693c92f [D] verifying remote client x.x.x.162 against trusted_hosts [“foreman.domain”]
2024-01-09T07:03:46 6693c92f [I] Finished POST /tftp/fetch_boot_file with 200 (0.64 ms)
2024-01-09T07:03:46 6693c92f [I] [59753] Started task [“/usr/bin/wget”, “–connect-timeout=10”, “–dns-timeout=10”, “–read-timeout=60”, “–tries=3”, “-nv”, “-c”, “http://reposerver.domain/rocky/8/os/x86_64/images/pxeboot/initrd.img”, “-O”, “/var/lib/tftpboot/boot/rocky8-7-TSw47kJql9mn-initrd.img”]
2024-01-09T07:03:46 6693c92f [W] [59753] Syntax error in Set-Cookie: session=expiry=1704802426637810;Max-Age=600;path=/;HttpOnly;Secure;;HttpOnly;secure at position 67.


I don’t see any hard errors in your logs, probably there is something else missing/broken.

First, I would check if correct GRUB2 binary (DHCP PXE filename option) gets requested and delivered to the UEFI host. For this you can make the TFTP server more verbose:

# systemctl edit --full tftp
ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot -v
# systemctl daemon-reload
# systemctl restart tftp

… and check the logs with

# journalctl -u tftp

You should see requests from the hosts for shim/grub binaries. If not, check your DHCP config and double check if the host is actually booting via network.

If this works, you should also see the GRUB2 config file being requested and later on the kernel/initrd which might be missing for other reasons.

1 Like

Thanks for the tips Jan. I will give it a try.