Kickstart: PXE Boot to Satellite Proxy

Latest response

I am working on my Satellite proxy and trying to set things up so that I can PXE boot to my proxy and get the same list of Kickstart profiles that I would when I PXE boot to my Satellite server. On my Satellite, I have a /tftpboot directory that has all the information regarding what Kickstart profiles are available.

My question is, what is the easiest way to set up my Satellite and my Proxy so that I get the same Kickstart profiles available regardless of which server I PXE boot to?

I know that there are two ways that I can think of, but I am mainly wondering if there is a function of Satellite Proxy that can do this by design.

One way is to simply mount the file system so that this directory is available to both servers. Another is to create and schedule some sort of synchronization script that copies the files from Satellite over to the Proxy.

But both of those options seem like they'd be somewhat ad-hoc and I get the feeling that there's some sort of built-in functionality with Proxy server that would handle this sort of thing instead of me having to invent something.

Any ideas on this?

DC
Log in to join the conversation

Responses

james.radtke@siriusxm.com's picture Guru 6863 points
8 November 2013 11:24 PM

I have never attempted what you are suggesting and I don't really know if/how it would work.. but, I think it's an excellent question.

Take a look at the following:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.3/html/Deployment_Guide/s1-provisioning-kickstarting.html

I assume your proxy is on a different logical network than the master. I don't have any way to help you figure this out, but I would look at that link, investigate whether ISS can also replicate the cobbler environment, etc.. I think the toughest thing you are up against is getting the PXE/DHCP setup on a different subnet, as it would seemingly be custom on each segment? Are you using a single DHCP server (and DHCP helpers to get the packets to the correct destination)?

Again - great question! I hope someone can respond with some guidance!

DC Pro 539 points
11 November 2013 8:49 PM

James,

I'll read through the cobbler stuff and see if there's a way I can make use of it.

Yes, my proxy is on a different network....different building entirely. The proxy, in our case, is managing all of the systems that exist in an alternate data center. It's connected back to our Satellite over a WAN. This was to keep a limit on the bandwidth between our main DC and our alternate DC as well as limit the number of firewall rules we would need going over the WAN.

As for DHCP, not all of our subnets allow for DHCP (for security reasons) but it seemed best to PXE boot from the Satellite from our main DC and from the proxy in our alternate DC. My hope was that Satellite/Proxy had some sort of built-in ability to allow me to set up a new Kickstart profile on my Satellite and then PXE boot a new server using the new profile from the proxy. If that link you shared points me in the right direction, that will be great. I'll update this post if that is the case.

To clarify on the DHCP settings, on the networks that allow DHCP, we typically set up a reservation and set the PXE options in the reservation for an individual server (this doesn't happen a whole lot). So, we'll set up a reservation and set options 66 and 67 to tell it where to PXE boot from and the name of the bootfile. So we don't set up the PXE config for the whole DHCP scope...it's on an individual server level.

If all else fails, I can do the NFS mount (I'll have to look into whether TFTP allows to traverse NFS mounts) or use scp or rsync to keep the tftpboot directories in sync.

Thanks for the feedback!

WH Community Member 54 points
29 December 2013 7:40 PM

Hi Dan,

We are currently using our satellite/proxies the way you describe. I don't believe that there is anything built into the product that will provide this functionality automatically - at least at the 5.5 level that we are at. However, we are able to pxe boot servers on remote subnets and build then through their proxy.

What I have done:
Configure DHCP on the remote subnet as you described. We use the FQDN to point to the proxy.

Install and enable (also chkconfig on) tftp-server on the proxy, and replicate the entire tree from the satellite. We have a few proxies, so I have cron jobs that run scripts that I use to do the replication with rsync from the satellite daily. Here's an example of one of the scripts:

#

!/bin/bash

SATADDR is the IP address of the Satellite server

SATADDR=10.0.0.199

PROXYFQDN must be the fully qualified domain name

PROXYFQDN=proxy1.mycompany.com

PROXYADDR will most likely be the translated address if there is one

This is the address that we rsync the tftpboot directory to on the destination

PROXYADDR=10.1.1.199

sync the tree

rsync -azvup --delete /var/lib/tftpboot/* $PROXYADDR:/var/lib/tftpboot/

ssh $PROXYADDR "sed -i 's/$SATADDR/$PROXYFQDN/g' /var/lib/tftpboot/pxelinux.cfg/*"

#

Something to note: For me, cobbler creates the records under pxelinux.cfg with the IP address of the satellite, but we replace it with the FQDN of the proxy server in the files on the proxy server. If we don't do it this way, when registration takes place at the end of the kickstart, the IP gets put in /etc/sysconfig/rhn/up2date, and then SSL fails.

WH Community Member 54 points
29 December 2013 7:46 PM

Well, that didn't format exactly as I hoped it would.....first time posting code sample. Let's try this again. In case it doesn't work again, the big bold lines are comments.

#!/bin/bash
#SATADDR is the IP address of the Satellite server
SATADDR=10.0.0.199

#PROXYFQDN must be the fully qualified domain name
PROXYFQDN=proxy1.mycompany.com

#PROXYADDR will most likely be the translated address if there is one
#This is the address that we rsync the tftpboot directory to on the destination
PROXYADDR=10.1.1.199

#sync the tree
rsync -azvup --delete /var/lib/tftpboot/* $PROXYADDR:/var/lib/tftpboot/

ssh $PROXYADDR "sed -i 's/$SATADDR/$PROXYFQDN/g' /var/lib/tftpboot/pxelinux.cfg/*"
Jamie Duncan's picture Red Hat Pro 548 points
30 December 2013 1:38 AM

Hi.

William's comment above will get you going down the right road, but I wanted to confirm that there is no functionality built-in to a Red Hat Network Proxy server that can allow for that. He's essentially setting up a PXE server on his Proxy and then passing along the stage2 isntallation (the 'next-server' DHCP directive) to the Satellite server.

Proxies are designed to live on different networks than a Satellite server, and the PXE-boot process isn't (normally) a routable process. The above idea works because the stage 1 kernel installs a network stack that is aware of other networks.

Another route that users have had success with is to use a Layer 3 networking device to set up what is called in Cisco-speak a 'Helper IP' to account for the non-routeable nature of PXE requests. This requires some pretty serious customization to your Cobbler/DHCP configs, however.

Thanks,

Jamie Duncan

DC Pro 539 points
31 December 2013 6:25 PM

William,

Yes, I had a feeling we'd end up having to use rsync or something similar. Thanks for the script. That should be very helpful.

Jamie,

Thanks for the confirmation that this functionality is not native to Satellite/Proxy. I think I'll probably end up going the rsync route, just as William has done. That seems much cleaner and easier than going through the headache of using helper IP's and then having to over-customize Cobbler as you point out.

Thanks!!

EA Community Member 31 points
26 February 2014 4:18 AM

I was going down this route, but when I get the satellite kickstart menu and choose one of the kickstart profiles I get an error that the ks file could not be found so looking at the default file it shows a path of ks=http://proxyaddr/cblr/svc/op/ks/profile/ksprofile:1:org Now that tree does not exist on the proxy as far as I can tell. Any suggestions would be great.

EA Community Member 31 points
26 February 2014 7:04 AM

Nevermind I am a moron, that solution works like a charm if your /var partition on the proxy server is not full. This was very helpful, thanks.

TK Newbie 10 points
29 July 2014 3:51 PM

William, thank you for the excellent idea and the accompanying script. I'm deploying this with some modifications to fit my environment.

I noticed that on my Satellite server there is a /var/lib/tftpboot/.link_cache directory, which has files named as hashes. This appears to be where the kernel images are stored, and then hardlinked from each individual build tree. I'm assuming this is to cut down on duplication, but with your script as written these files are duplicated. I added "H" to the rsync command so that hard links are properly handled.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.