Using KVM DHCP and provisioning help

Is it possible to utilize the default NAT network (dnsmasq) that comes
with KVM to pxe boot new VMs to the smart proxy? I currently have my
smart proxy with TFTP enabled on a KVM server and would like it to
provide the pxe booting via that private host network rather than on
my public network.

Also , is there a way to easily network boot a new VM without the need
for DHCP? I was able to use gPXE to boot a VM (http://theforeman.org/
issues/470) but it's less than automated. The other method I got to
work was using the virt-manager "Direct Kernel boot" options to
specify the information to boot. I ran into a problem with that where
this line would cause libvirt to choke…(removed IPs below)

ks=http://itscforeman.tamu.edu/unattended/provision?
static=yes&spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
netmask=255.255.255.192 gateway=… dns=…

The "&" character causes this error…

> Is it possible to utilize the default NAT network (dnsmasq) that comes
> with KVM to pxe boot new VMs to the smart proxy? I currently have my
> smart proxy with TFTP enabled on a KVM server and would like it to
> provide the pxe booting via that private host network rather than on
> my public network.
sadly the proxy does not support dnsmask yet, as far as I could tell,
it does not provide any API to interface with it.
if you run isc dhcp on that subnet, then there should not be any issue.

>
> Also , is there a way to easily network boot a new VM without the need
> for DHCP? I was able to use gPXE to boot a VM (http://theforeman.org/
> issues/470) but it's less than automated. The other method I got to
> work was using the virt-manager "Direct Kernel boot" options to
> specify the information to boot. I ran into a problem with that where
> this line would cause libvirt to choke…(removed IPs below)
yes, gpxe is one good way to achieve it.
>
> ks=http://itscforeman.tamu.edu/unattended/provision?
> static=yes&spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
> netmask=255.255.255.192 gateway=… dns=…
>
> The "&" character causes this error…
> -----------------
> Traceback (most recent call last):
> File "/usr/share/virt-manager/virtManager/details.py", line 1973, in
> _change_config_helper
> func(*args)
> File "/usr/share/virt-manager/virtManager/domain.py", line 393, in
> set_boot_kernel
> return self._redefine_guest(change)
> File "/usr/share/virt-manager/virtManager/domain.py", line 237, in
> _redefine_guest
> return cb(guest)
> File "/usr/share/virt-manager/virtManager/domain.py", line 392, in
> change
> guest.installer.bootconfig.kernel_args = args or None
> File "/usr/lib/python2.6/site-packages/virtinst/
> XMLBuilderDomain.py", line 293, in new_setter
> for node, val, usexpath in node_map:
> TypeError: 'NoneType' object is not callable
> ---------------------
>
> I can use "ks=http://itscforeman.tamu.edu/unattended/provision?
> spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
> netmask=255.255.255.192 gateway=… dns=…" just fine but I seem to
> be forced to add the spoof line. I'm very new to provisioning with
> foreman, but shouldn't I be able to leave out the "spoof" portion? If
> I don't include that then the install says it can't find the necessary
> kickstart file.

Foreman try to match based on the IP address, and if provided, by the
mac address, anaconda (if you are using redhat) sends all nic mac
addresses to foreman when requesting the kickstart file, so you just
need to ensure that the mac match.

spoof is not the right way, as it skips handling things like puppetca,
and in the upcoming 0.4 version also requires authentication.

Ohad

> > Is it possible to utilize the default NAT network (dnsmasq) that comes
> > with KVM to pxe boot new VMs to the smart proxy? I currently have my
> > smart proxy with TFTP enabled on a KVM server and would like it to
> > provide the pxe booting via that private host network rather than on
> > my public network.
>
> sadly the proxy does not support dnsmask yet, as far as I could tell,
> it does not provide any API to interface with it.
> if you run isc dhcp on that subnet, then there should not be any issue.
>
>
>
> > Also , is there a way to easily network boot a new VM without the need
> > for DHCP? I was able to use gPXE to boot a VM (http://theforeman.org/
> > issues/470) but it's less than automated. The other method I got to
> > work was using the virt-manager "Direct Kernel boot" options to
> > specify the information to boot. I ran into a problem with that where
> > this line would cause libvirt to choke…(removed IPs below)
>
> yes, gpxe is one good way to achieve it.
>
>
>
>
>
>
>
>
>
>
>
> > ks=http://itscforeman.tamu.edu/unattended/provision?
> > static=yes&spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
> > netmask=255.255.255.192 gateway=… dns=…
>
> > The "&" character causes this error…
> > -----------------
> > Traceback (most recent call last):
> > File "/usr/share/virt-manager/virtManager/details.py", line 1973, in
> > _change_config_helper
> > func(*args)
> > File "/usr/share/virt-manager/virtManager/domain.py", line 393, in
> > set_boot_kernel
> > return self._redefine_guest(change)
> > File "/usr/share/virt-manager/virtManager/domain.py", line 237, in
> > _redefine_guest
> > return cb(guest)
> > File "/usr/share/virt-manager/virtManager/domain.py", line 392, in
> > change
> > guest.installer.bootconfig.kernel_args = args or None
> > File "/usr/lib/python2.6/site-packages/virtinst/
> > XMLBuilderDomain.py", line 293, in new_setter
> > for node, val, usexpath in node_map:
> > TypeError: 'NoneType' object is not callable
> > ---------------------
>
> > I can use "ks=http://itscforeman.tamu.edu/unattended/provision?
> > spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
> > netmask=255.255.255.192 gateway=… dns=…" just fine but I seem to
> > be forced to add the spoof line. I'm very new to provisioning with
> > foreman, but shouldn't I be able to leave out the "spoof" portion? If
> > I don't include that then the install says it can't find the necessary
> > kickstart file.
>
> Foreman try to match based on the IP address, and if provided, by the
> mac address, anaconda (if you are using redhat) sends all nic mac
> addresses to foreman when requesting the kickstart file, so you just
> need to ensure that the mac match.
>
> spoof is not the right way, as it skips handling things like puppetca,
> and in the upcoming 0.4 version also requires authentication.
>
> Ohad
>
>
>
>
>
>
>
>
>
> > Thanks
> > - Trey
>
> > –
> > You received this message because you are subscribed to the Google Groups "Foreman users" group.
> > To post to this group, send email to foreman-users@googlegroups.com.
> > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.

Is there a way to automate the gpxe boot so I don't have to do the CTRL
+B and the subsequent commands? It's not that big of a problem, but
I'd like to achieve as much automation as possible.

Well the IP and MAC match what I provided via the kernel parameter
line, and what is in Foreman. This is using CentOS 6. Is there a way
to troubleshoot why it's not appending the correct information to the
request for the kickstart file?

Using GPXE I have the same problem when requesting the
gpxe_kickstart_config file. The only way I can connect to it from
within gPXE is using ?spoof=

> ifopen
> set net0/ip …
> set net0/netmask 255.255.255.192
> set net0/gateway …
> set net0/dns …
> kernel http://myforemanserver.tld/unattended/gpxe_kickstart_config

I get…

>
>
>> > Is it possible to utilize the default NAT network (dnsmasq) that comes
>> > with KVM to pxe boot new VMs to the smart proxy? I currently have my
>> > smart proxy with TFTP enabled on a KVM server and would like it to
>> > provide the pxe booting via that private host network rather than on
>> > my public network.
>>
>> sadly the proxy does not support dnsmask yet, as far as I could tell,
>> it does not provide any API to interface with it.
>> if you run isc dhcp on that subnet, then there should not be any issue.
>>
>>
>>
>> > Also , is there a way to easily network boot a new VM without the need
>> > for DHCP? I was able to use gPXE to boot a VM (http://theforeman.org/
>> > issues/470) but it's less than automated. The other method I got to
>> > work was using the virt-manager "Direct Kernel boot" options to
>> > specify the information to boot. I ran into a problem with that where
>> > this line would cause libvirt to choke…(removed IPs below)
>>
>> yes, gpxe is one good way to achieve it.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > ks=http://itscforeman.tamu.edu/unattended/provision?
>> > static=yes&spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
>> > netmask=255.255.255.192 gateway=… dns=…
>>
>> > The "&" character causes this error…
>> > -----------------
>> > Traceback (most recent call last):
>> > File "/usr/share/virt-manager/virtManager/details.py", line 1973, in
>> > _change_config_helper
>> > func(*args)
>> > File "/usr/share/virt-manager/virtManager/domain.py", line 393, in
>> > set_boot_kernel
>> > return self._redefine_guest(change)
>> > File "/usr/share/virt-manager/virtManager/domain.py", line 237, in
>> > _redefine_guest
>> > return cb(guest)
>> > File "/usr/share/virt-manager/virtManager/domain.py", line 392, in
>> > change
>> > guest.installer.bootconfig.kernel_args = args or None
>> > File "/usr/lib/python2.6/site-packages/virtinst/
>> > XMLBuilderDomain.py", line 293, in new_setter
>> > for node, val, usexpath in node_map:
>> > TypeError: 'NoneType' object is not callable
>> > ---------------------
>>
>> > I can use "ks=http://itscforeman.tamu.edu/unattended/provision?
>> > spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
>> > netmask=255.255.255.192 gateway=… dns=…" just fine but I seem to
>> > be forced to add the spoof line. I'm very new to provisioning with
>> > foreman, but shouldn't I be able to leave out the "spoof" portion? If
>> > I don't include that then the install says it can't find the necessary
>> > kickstart file.
>>
>> Foreman try to match based on the IP address, and if provided, by the
>> mac address, anaconda (if you are using redhat) sends all nic mac
>> addresses to foreman when requesting the kickstart file, so you just
>> need to ensure that the mac match.
>>
>> spoof is not the right way, as it skips handling things like puppetca,
>> and in the upcoming 0.4 version also requires authentication.
>>
>> Ohad
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > Thanks
>> > - Trey
>>
>> > –
>> > You received this message because you are subscribed to the Google Groups "Foreman users" group.
>> > To post to this group, send email to foreman-users@googlegroups.com.
>> > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.
>
> Is there a way to automate the gpxe boot so I don't have to do the CTRL
> +B and the subsequent commands? It's not that big of a problem, but
> I'd like to achieve as much automation as possible.
sure, you can use http://rom-o-matic.net/ and simply add a script to
the img which goes to foreman (just like you do manually).
then if its kvm, you just need to replace the default gpxe images on
your hypervisor (I'm sure there is a way to do it per vm, but can't
remember at the moment).

>
> Well the IP and MAC match what I provided via the kernel parameter
> line, and what is in Foreman. This is using CentOS 6. Is there a way
> to troubleshoot why it's not appending the correct information to the
> request for the kickstart file?
pastie the log files when you query without spoof?

>
> Using GPXE I have the same problem when requesting the
> gpxe_kickstart_config file. The only way I can connect to it from
> within gPXE is using ?spoof=
>
> > ifopen
> > set net0/ip …
> > set net0/netmask 255.255.255.192
> > set net0/gateway …
> > set net0/dns …
> > kernel http://myforemanserver.tld/unattended/gpxe_kickstart_config
>
you should be using …/unattended/gPXE as the url
assuming you configured the templates / os correctly.

So, it turns out I wasn't clicking "Build" in the interface…which I
then found out requires a TFTP server even if I'm using gPXE (or at
least that's how I got it to work). Not it seems to be working!

If I can get this consistently repeatable I'll attempt a full writeup
to help others who are attempting this. Once you figure out all the
configuration steps necessary it's very smooth.

My initial tests when using "spoof" on the provisioned systems were
never getting to or completing any steps in the kickstart %post
section. Is that related to using spoof on the deployment or is that
something else all together?

Thanks Ohad for your help!

• Trey

>
>
>>
>> >> > Is it possible to utilize the default NAT network (dnsmasq) that comes
>> >> > with KVM to pxe boot new VMs to the smart proxy? I currently have my
>> >> > smart proxy with TFTP enabled on a KVM server and would like it to
>> >> > provide the pxe booting via that private host network rather than on
>> >> > my public network.
>>
>> >> sadly the proxy does not support dnsmask yet, as far as I could tell,
>> >> it does not provide any API to interface with it.
>> >> if you run isc dhcp on that subnet, then there should not be any issue.
>>
>> >> > Also , is there a way to easily network boot a new VM without the need
>> >> > for DHCP? I was able to use gPXE to boot a VM (http://theforeman.org/
>> >> > issues/470) but it's less than automated. The other method I got to
>> >> > work was using the virt-manager "Direct Kernel boot" options to
>> >> > specify the information to boot. I ran into a problem with that where
>> >> > this line would cause libvirt to choke…(removed IPs below)
>>
>> >> yes, gpxe is one good way to achieve it.
>>
>> >> > ks=http://itscforeman.tamu.edu/unattended/provision?
>> >> > static=yes&spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
>> >> > netmask=255.255.255.192 gateway=… dns=…
>>
>> >> > The "&" character causes this error…
>> >> > -----------------
>> >> > Traceback (most recent call last):
>> >> > File "/usr/share/virt-manager/virtManager/details.py", line 1973, in
>> >> > _change_config_helper
>> >> > func(*args)
>> >> > File "/usr/share/virt-manager/virtManager/domain.py", line 393, in
>> >> > set_boot_kernel
>> >> > return self._redefine_guest(change)
>> >> > File "/usr/share/virt-manager/virtManager/domain.py", line 237, in
>> >> > _redefine_guest
>> >> > return cb(guest)
>> >> > File "/usr/share/virt-manager/virtManager/domain.py", line 392, in
>> >> > change
>> >> > guest.installer.bootconfig.kernel_args = args or None
>> >> > File "/usr/lib/python2.6/site-packages/virtinst/
>> >> > XMLBuilderDomain.py", line 293, in new_setter
>> >> > for node, val, usexpath in node_map:
>> >> > TypeError: 'NoneType' object is not callable
>> >> > ---------------------
>>
>> >> > I can use "ks=http://itscforeman.tamu.edu/unattended/provision?
>> >> > spoof=192.168.1.1 ksdevice=bootif network kssendmac ip=…
>> >> > netmask=255.255.255.192 gateway=… dns=…" just fine but I seem to
>> >> > be forced to add the spoof line. I'm very new to provisioning with
>> >> > foreman, but shouldn't I be able to leave out the "spoof" portion? If
>> >> > I don't include that then the install says it can't find the necessary
>> >> > kickstart file.
>>
>> >> Foreman try to match based on the IP address, and if provided, by the
>> >> mac address, anaconda (if you are using redhat) sends all nic mac
>> >> addresses to foreman when requesting the kickstart file, so you just
>> >> need to ensure that the mac match.
>>
>> >> spoof is not the right way, as it skips handling things like puppetca,
>> >> and in the upcoming 0.4 version also requires authentication.
>>
>> >> Ohad
>>
>> >> > Thanks
>> >> > - Trey
>>
>> >> > –
>> >> > You received this message because you are subscribed to the Google Groups "Foreman users" group.
>> >> > To post to this group, send email to foreman-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.
>>
>> > Is there a way to automate the gpxe boot so I don't have to do the CTRL
>> > +B and the subsequent commands? It's not that big of a problem, but
>> > I'd like to achieve as much automation as possible.
>>
>> sure, you can usehttp://rom-o-matic.net/and simply add a script to
>> the img which goes to foreman (just like you do manually).
>> then if its kvm, you just need to replace the default gpxe images on
>> your hypervisor (I'm sure there is a way to do it per vm, but can't
>> remember at the moment).
>>
>>
>>
>> > Well the IP and MAC match what I provided via the kernel parameter
>> > line, and what is in Foreman. This is using CentOS 6. Is there a way
>> > to troubleshoot why it's not appending the correct information to the
>> > request for the kickstart file?
>>
>> pastie the log files when you query without spoof?
>>
>>
>>
>> > Using GPXE I have the same problem when requesting the
>> > gpxe_kickstart_config file. The only way I can connect to it from
>> > within gPXE is using ?spoof=
>>
>> > > ifopen
>> > > set net0/ip …
>> > > set net0/netmask 255.255.255.192
>> > > set net0/gateway …
>> > > set net0/dns …
>> > > kernelhttp://myforemanserver.tld/unattended/gpxe_kickstart_config
>>
>> you should be using …/unattended/gPXE as the url
>> assuming you configured the templates / os correctly.
>>
>>
>>
>>
>>
>>
>>
>> > I get…
>> > ---------
>> >http://myforemanserver.tld/unattended/gpxe_kickstart_config. Input/
>> > output error (0x1d0c6039)
>> > Could not fetchhttp://myforemanserver.tld/unattended/gpxe_kickstart_config:
>> > Input/output error (0x1d0c6039)
>>
>> > It works only if I do the last line like this
>>
>> > >http://myforemanserver.tld/unattended/gpxe_kickstart_config?spoof=…
>>
>> > Thanks
>> > - Trey
>>
>> > –
>> > You received this message because you are subscribed to the Google Groups "Foreman users" group.
>> > To post to this group, send email to foreman-users@googlegroups.com.
>> > To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group athttp://groups.google.com/group/foreman-users?hl=en.
>
> So, it turns out I wasn't clicking "Build" in the interface…which I
> then found out requires a TFTP server even if I'm using gPXE (or at
> least that's how I got it to work). Not it seems to be working!

You're right, please open a bug about that, it would be easy to fix.
>
> If I can get this consistently repeatable I'll attempt a full writeup
> to help others who are attempting this. Once you figure out all the
> configuration steps necessary it's very smooth.
Please do
>
> My initial tests when using "spoof" on the provisioned systems were
> never getting to or completing any steps in the kickstart %post
> section. Is that related to using spoof on the deployment or is that
> something else all together?

I don't think so, in general the kickstart should be identical with or
without spoof, the only difference is other things (such as puppet
certificate handling etc).

I've created a wiki page [1] about gpxe, would just in case you have
some updates to it

thanks,
Ohad

[1] GPXE - Foreman

Issue submitted, Feature #1294: Build should not require TFTP if using gPXE - Foreman.

It was the puppetca that was causing problems. I kept seeing this on
my proxy,

The gPXE items you documented are the same I used.

What I found to be the least amount of work, for now, was using the
kernel direct boot, added a wiki page [1] .

I'm still testing other methods using Foreman that may be less manual
work.

• Trey

[1] Provision KVM VM without DHCP - Foreman

> The gPXE items you documented are the same I used.
>
> What I found to be the least amount of work, for now, was using the
> kernel direct boot, added a wiki page [1] .
>
> I'm still testing other methods using Foreman that may be less manual
> work.
>
Maybe one option is to allow to specificity the kernel to use in foreman ui.
since we don't control the hypervisor, we might not be able to
download the images there (like its done with the proxy), but
installing the tftp proxy on that machine might solve that issue too.

Ohad

I had two ideas on this…

For a more general use (ie. Not KVM), have a gpxe rom with the
script…

#!gpxe
dhcp net0
kernel http://foreman/unattended/gPXE
boot

Then allow the kickstart or other templates to pull the IP info from
host and it's assigned subnet. That way a dynamic boot can happen but
the provisioned system starts and is installed using a static IP.
That's the mod to Foreman I'm working on.

The other idea would be similar, but have Foreman change the XML file
for a KVM VM to set those parameters. I don't know how that could be
done, as I haven't done much with the libvirt API. That would require
Foreman to pull the host and subnet IPs to add the 3 lines to the VM's
XML file. That would be the most automated way, but I'm unsure how
difficult it would be the implement.

I'm testing the first method minus the Ruby code changes in ESXi
also. So far not having much luck getting the gPXE rom to download
the boot media. So far it gets through part of the vmlinuz download
and then freezes.

• Trey