| Knowledge Base | Install | Discovery and Provisioning | libvirt | proxmox | external DNS&DHCP | diskless pxe-boot using zfs |
before we start:
- foreman comes without its own dhcp/tftp unlike MAAS, Tinkerbell, etc
- you either need to have external dhcp, or you need to install the servers locally
- we will install and we will use Foreman on a single node without external DHCP
- we wont use Smartproxy DNS since its not required if using a local DHCP
- we install Discovery Plugin before setting up TFTP because we have less work
- Its demanded that you install Foreman with Katello on a freshly provisioned machine - you cannot install katello plugin if you installed foreman without it before
- make sure that you have a Backup before using the Installer
- especially if you have set up Foreman successfully before
- you can make backup by using:
- img (dd, gparted)
- rsync (standalone, or better: rsnapshot)
- we use
Rocky Linux 9.4in this example- Please proceed with the DNS section of my DNS-Network Guide if needed:
- All DNS-related topics needed are explained in detail here:
my_hostname)switch to root because its easier:
$ su root
get your NIC’s IP and Name:
$ ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.100 netmask 255.255.255.0 broadcast 192.168.2.255.
- my NIC is enp2s0 and my IP is 129.168.2.100:
find your NIC’s DNS-Server’s IP and Domain
nslookup
dig instead of nslookup
$ nmcli device show enp2s0 | grep IP4.DNS
# DNS-Server-IP: IP4.DNS[1]: 192.168.2.1
$ nslookup 192.168.2.1
1.2.168.192.in-addr.arpa name = speedport.ip.
- you can also check in the
/etc/resolv.conf
- this is set by NetworkManager and the dhcp of your router
# Generated by NetworkManager search speedport.ip nameserver 192.168.2.1 nameserver fe80::1%enp2s0
edit the hosts file
/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.100 my_hostname.speedport.ip
firewall settings:
$ firewall-cmd --add-port="5646/tcp"
$ firewall-cmd \
--add-port="5647/tcp" \
--add-port="8000/tcp" \
--add-port="9090/tcp"
$ firewall-cmd \
--add-service=dns \
--add-service=dhcp \
--add-service=tftp \
--add-service=http \
--add-service=https \
--add-service=puppetmaster
$ firewall-cmd --runtime-to-permanent
» check if it works «
$ firewall-cmd --list-all... interfaces: enp2s0 sources: services: cockpit dhcp dhcpv6-client dns http https mdns puppetmaster ssh tftp ports: 5646/tcp 5647/tcp 8000/tcp 9090/tcp ...
get the repos
$ dnf install https://yum.theforeman.org/releases/3.10/el9/x86_64/foreman-release.rpm
$ dnf install https://yum.theforeman.org/katello/4.12/katello/el9/x86_64/katello-repos-latest.rpm
$ dnf install https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
install foreman 3.10 with katello plugin
$ dnf update
$ dnf install foreman-installer-katello
$ foreman-installer --scenario katello
... Success! * Foreman is running at https://my_hostname.speedport.ip Initial credentials are admin / <pass> * To install an additional Foreman proxy on separate machine continue by running: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar.gz" * Foreman Proxy is running at https://my_hostname.speedport.ip:9090 The full log is at /var/log/foreman-installer/katello.log
we connect to foreman dashboard by using
URL: https://my_hostname.speedport.ip user: admin pass: <pass>`
install the Discovery Plugin
$ foreman-installer --enable-foreman-plugin-discovery
... Success! * Foreman is running at https://my_hostname.speedport.ip * To install an additional Foreman proxy on separate machine continue by running: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY" --certs-tar "/root/$FOREMAN_PROXY-certs.tar.gz" * Foreman Proxy is running at https://my_hostname.speedport.ip:9090 The full log is at /var/log/foreman-installer/katello.log
» check if it worked «
$ dnf repolist enabled... foreman Foreman 3.10 foreman-plugins Foreman plugins 3.10 katello Katello 4.12 pulpcore pulpcore: Fetch, Upload, Organize, and Distribute Software Packages. puppet7 Puppet 7 Repository el 9 - x86_64
**(optional)* delete old/wrong repo:*
- edit the foreman.repo file and remove the flawed ones:
$ dnf clean all $ dnf install nano $ sudo nano /etc/yum.repos.d/foreman.repo $ sudo dnf clean all $ sudo dnf makecache
Install:
$ dnf install dhcp-server -y
Config:
255.255.255.0, hence our CIDR is 24$ sudo nano /etc/dhcp/dhcpd.conf
... # speedport.ip subnet 192.168.2.0 netmask 255.255.255.0 { pool { range 192.168.2.101 192.168.2.200; } option subnet-mask 255.255.255.0; option routers 192.168.2.100; }
$ sudo systemctl enable --now dhcpd
**(optional)* check if dhcp server is already installed and running*
$ nmap -sU 127.0.0.1 -p 67# if its not installed or not running: ... PORT STATE SERVICE 67/udp closed dhcps ...# if up and running: ... PORT STATE SERVICE 67/udp open|filtered dhcps ...of course you can check systemctl as well, but since we dont know the name of the service we just check the port directly (DHCP is Port 67 followed by TFTP port 68) you can also use telnet, lsof, etc
install
$ sudo dnf install tftp-server -y
check if Discovery-Plugin created the Boot-image Files:
/var/lib/tftpboot/boot/fdi-image dir that holds the vmlinuz and initrd filesnano /var/lib/tftpboot/pxelinux.cfg/default
$ nano /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32 timeout 300 #LABEL discovery MENU LABEL Foreman Discovery Image KERNEL boot/fdi-image/vmlinuz0 APPEND initrd=boot/fdi-image/initrd0.img rootflags=loop root=live:/fdi.iso rootfstype=auto proxy.url=https://cc.speedport.ip proxy.type=foreman IPAPPEND 2
$ sudo chmod -R 777 /var/lib/tftpboot
$ sudo chown -R nobody: /var/lib/tftpboot
$ nano /usr/lib/systemd/system/tftp.service
[Unit] Description=Tftp Server Requires=tftp.socket Documentation=man:in.tftpd [Service] ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot StandardInput=socket [Install] Also=tftp.socket
$ sudo nano /etc/xinetd.d/tftp
service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot disable = no # needs to be "no" per_source = 11 cps = 100 2 flags = IPv4 }
using systemctl enable tftp (not xintetd)!$ systemctl enable tftp
- you can check the realtime-logs like this:
$ journalctl -u tftp -f
Mai 24 19:26:15 <user> in.tftpd[26138]: Client ::ffff:192.168.2.104 finished boot/rocky-linux-imLv796i67R9-initrd.img Mai 24 19:41:00 <user> systemd[1]: tftp.service: Deactivated successfully. Mai 26 10:16:08 <user> systemd[1]: Started Tftp Server. Mai 26 10:16:08 <user> in.tftpd[147746]: Client ::ffff:192.168.2.104 finished pxelinux.0
--foreman-proxy-dns-managed false \$ foreman-installer \
--foreman-proxy-dns true \
--foreman-proxy-dns-managed false \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-managed true \
--foreman-proxy-dhcp-range "192.168.2.101 192.168.2.200" \
--foreman-proxy-dhcp-gateway 192.168.2.100 \
--foreman-proxy-dhcp-nameservers 192.168.2.100 \
--foreman-proxy-tftp true \
--foreman-proxy-tftp-managed true \
--foreman-proxy-tftp-servername 192.168.2.100
| Knowledge Base | Install | Discovery and Provisioning | libvirt | proxmox | external DNS&DHCP | diskless pxe-boot using zfs |