Chapter 6. Using PXE to Provision Hosts

There are four main ways to provision bare metal instances with Red Hat Satellite 6.8:

Unattended Provisioning
New hosts are identified by a MAC address and Satellite Server provisions the host using a PXE boot process.
Unattended Provisioning with Discovery
New hosts use PXE boot to load the Satellite Discovery service. This service identifies hardware information about the host and lists it as an available host to provision. For more information, see Chapter 7, Configuring the Discovery Service.
PXE-less Provisioning
New hosts are provisioned with a boot disk or PXE-less discovery image that Satellite Server generates.
PXE-less Provisioning with Discovery
New hosts use an ISO boot disk that loads the Satellite Discovery service. This service identifies hardware information about the host and lists it as an available host to provision. For more information, see Section 7.7, “Implementing PXE-less Discovery”.

BIOS and UEFI Support

With Red Hat Satellite, you can perform both BIOS and UEFI based PXE provisioning.

Both BIOS and UEFI interfaces work as interpreters between the computer’s operating system and firmware, initializing the hardware components and starting the operating system at boot time.

For information about supported workflows, see Supported architectures and provisioning scenarios.

In Satellite provisioning, the PXE loader option defines the DHCP filename option to use during provisioning. For BIOS systems, use the PXELinux BIOS option to enable a provisioned node to download the pxelinux.0 file over TFTP. For UEFI systems, use the PXEGrub2 UEFI option to enable a TFTP client to download grub2/grubx64.efi file.

For BIOS provisioning, you must associate a PXELinux template with the operating system.

For UEFI provisioning, you must associate a PXEGrub2 template with the operating system.

If you associate both PXELinux and PXEGrub2 templates, Satellite 6 can deploy configuration files for both on a TFTP server, so that you can switch between PXE loaders easily.

6.1. Prerequisites for Bare Metal Provisioning

The requirements for bare metal provisioning include:

For information about the security token for unattended and PXE-less provisioning, see Section 6.2, “Configuring the Security Token Validity Duration”.

6.2. Configuring the Security Token Validity Duration

When performing unattended and PXE-less provisioning, as a security measure, Satellite automatically generates a unique token and adds this token to the kickstart URL in the PXE configuration file (PXELinux, Grub2).

By default, the token is valid for 360 minutes. When you provision a host, ensure that you reboot the host within this time frame. If the token expires, it is no longer valid and you receive a 404 error and the operating system installer download fails.

To adjust the token’s duration of validity, in the Satellite web UI, navigate to Administer > Settings, and click the Provisioning tab. Find the Token duration option, and click the edit icon and edit the duration, or enter 0 to disable token generation.

If token generation is disabled, an attacker can spoof client IP address and download kickstart from Satellite Server, including the encrypted root password.

6.3. Creating Hosts with Unattended Provisioning

Unattended provisioning is the simplest form of host provisioning. You enter the host details on Satellite Server and boot your host. Satellite Server automatically manages the PXE configuration, organizes networking services, and provides the operating system and configuration for the host.

This method of provisioning hosts uses minimal interaction during the process.

Procedure

To create a host with unattended provisioning, complete the following steps:

  1. In the Satellite web UI, navigate to Hosts > Create Host.
  2. In the Name field, enter a name for the host.
  3. Click the Organization and Location tabs and change the context to match your requirements.
  4. From the Host Group list, select a host group that you want to use to populate the form.
  5. Click the Interface tab, and on the host’s interface, click Edit.
  6. Verify that the fields are populated with values. Note in particular:

    • The Name from the Host tab becomes the DNS name.
    • Satellite Server automatically assigns an IP address for the new host.
  7. In the MAC address field, enter a MAC address for the host. This ensures the identification of the host during the PXE boot process.
  8. Ensure that Satellite Server automatically selects the Managed, Primary, and Provision options for the first interface on the host. If not, select them.
  9. In the MAC address field, enter a MAC address of the host’s provisioning interface. This ensures the identification of the host during the PXE boot process.
  10. Click OK to save. To add another interface, click Add Interface. You can select only one interface for Provision and Primary.
  11. Click the Operating System tab, and verify that all fields contain values. Confirm each aspect of the operating system.
  12. Optional: Click Resolve in Provisioning template to check the new host can identify the right provisioning templates to use.

    For more information about associating provisioning templates, see Section 2.11, “Provisioning Templates”.

  13. Click the Parameters tab, and ensure that a parameter exists that provides an activation key. If not, add an activation key.
  14. Click Submit to save the host details.

    For more information about network interfaces, see Adding network interfaces.

This creates the host entry and the relevant provisioning settings. This also includes creating the necessary directories and files for PXE booting the bare metal host. If you start the physical host and set its boot mode to PXE, the host detects the DHCP service of Satellite Server’s integrated Capsule, receives HTTP endpoint of the Kickstart tree and installs the operating system.

When the installation completes, the host also registers to Satellite Server using the activation key and installs the necessary configuration and management tools from the Satellite Tools 6.8 repository.

For CLI Users

Create the host with the hammer host create command.

# hammer host create --name "My_Unattended_Host" --organization "My_Organization" \
--location "My_Location" --hostgroup "My_Host_Group" --mac "aa:aa:aa:aa:aa:aa" \
--build true --enabled true --managed true

Ensure the network interface options are set using the hammer host interface update command.

# hammer host interface update --host "test1" --managed true \
--primary true --provision true

6.4. Creating Hosts with PXE-less Provisioning

Some hardware does not provide a PXE boot interface. In Satellite, you can provision a host without PXE boot. This is also known as PXE-less provisioning and involves generating a boot ISO that hosts can use. Using this ISO, the host can connect to Satellite Server, boot the installation media, and install the operating system.

Satellite also provides a PXE-less discovery service that operates without PXE-based services, such as DHCP and TFTP. For more information, see Section 7.7, “Implementing PXE-less Discovery”.

Boot ISO Types

There are four types of boot ISOs:

Host image
A boot ISO for the specific host. This image contains only the boot files that are necessary to access the installation media on Satellite Server. The user defines the subnet data in Satellite and the image is created with static networking.
Full host image
A boot ISO that contains the kernel and initial RAM disk image for the specific host. This image is useful if the host fails to chainload correctly. The provisioning template still downloads from Satellite Server.
Generic image
A boot ISO that is not associated with a specific host. The ISO sends the host’s MAC address to Satellite Server, which matches it against the host entry. The image does not store IP address details, and requires access to a DHCP server on the network to bootstrap. This image is also available from the /bootdisk/disks/generic URL on your Satellite Server, for example, https://satellite.example.com/bootdisk/disks/generic.
Subnet image
A boot ISO that is similar to the generic image but is configured with the address of a Capsule Server. This image is generic to all hosts with a provisioning NIC on the same subnet.

Host image and Full host image contain provisioning tokens, therefore the generated image has limited lifespan. For more information about configuring security tokens, read Section 6.2, “Configuring the Security Token Validity Duration”.

Note

The Full host image is based on SYSLINUX and works with all Red Hat Enterprise Linux certified hardware. When using a Host image, Generic image, or Subnet image, see http://ipxe.org/appnote/hardware_drivers for a list of hardware drivers expected to work with an iPXE-based boot disk.

Procedure

To create a host with PXE-less provisioning, complete the following steps:

  1. In the Satellite web UI, navigate to Hosts > Create Host.
  2. In the Name field, enter a name that you want to become the provisioned system’s host name.
  3. Click the Organization and Location tabs and change the context to match your requirements.
  4. From the Host Group list, select a host group that you want to use to populate the form.
  5. Click the Interface tab, and on the host’s interface, click Edit.
  6. Verify that the fields are populated with values. Note in particular:

    • The Name from the Host tab becomes the DNS name.
    • Satellite Server automatically assigns an IP address for the new host.
  7. In the MAC address field, enter a MAC address for the host.
  8. Ensure that Satellite Server automatically selects the Managed, Primary, and Provision options for the first interface on the host. If not, select them.
  9. Click the Operating System tab, and verify that all fields contain values. Confirm each aspect of the operating system.
  10. Click Resolve in Provisioning template to check the new host can identify the right provisioning templates to use.

    For more information about associating provisioning templates, see Section 2.11, “Provisioning Templates”.

  11. If you use the Katello plug-in, click the Parameters tab, and ensure that a parameter exists that provides an activation key. If not, add an activation key.
  12. Click the Parameters tab, and ensure that a parameter exists that provides an activation key. If not, add an activation key.
  13. Click Submit to save the host details.

This creates a host entry and the host details page appears.

The options on the upper-right of the window are the Boot disk menu. From this menu, one of the following images is available for download: Host image, Full host image, Generic image, and Subnet image.

For CLI Users

Create the host with the hammer host create command.

# hammer host create --name "My_Bare_Metal" --organization "My_Organization" \
--location "My_Location" --hostgroup "My_Host_Group" --mac "aa:aa:aa:aa:aa:aa" \
--build true --enabled true --managed true

Ensure that your network interface options are set using the hammer host interface update command.

# hammer host interface update --host "test3" --managed true \
--primary true --provision true

Download the boot disk from Satellite Server with the hammer bootdisk host command:

  • For Host image:

    # hammer bootdisk host --host test3.example.com
  • For Full host image:

    # hammer bootdisk host --host test3.example.com --full true
  • For Generic image:

    # hammer bootdisk generic
  • For Subnet image:

    # hammer bootdisk subnet --subnet subnetName

This creates a boot ISO for your host to use.

Write the ISO to a USB storage device using the dd utility or livecd-tools if required.

When you start the physical host and boot from the ISO or the USB storage device, the host connects to Satellite Server and starts installing operating system from its kickstart tree.

When the installation completes, the host also registers to Satellite Server using the activation key and installs the necessary configuration and management tools from the Satellite Tools 6.8 repository.

6.5. Creating Hosts with UEFI HTTP Boot Provisioning

You can provision hosts from Satellite using the UEFI HTTP Boot. This is the only method with which you can provision hosts in IPv6 network.

Prerequisites

  • Ensure that you meet the requirements for HTTP booting. For more information, see HTTP Booting Requirements in Planning for Satellite.

Procedure

  1. On Capsule that you use for provisioning, update the grub2-efi package to the latest version:

    # satellite-maintain packages install grub2-efi
  2. Enable foreman-proxy-http, foreman-proxy-httpboot, and foreman-proxy-tftp features.

    # satellite-installer --scenario satellite \
    --foreman-proxy-httpboot true \
    --foreman-proxy-http true \
    --foreman-proxy-tftp true
  3. In the Satellite web UI, navigate to Hosts > Create Host.
  4. In the Name field, enter a name for the host.
  5. Click the Organization and Location tabs and change the context to match your requirements.
  6. From the Host Group list, select a host group that you want to use to populate the form.
  7. Click the Interface tab, and on the host’s interface, click Edit.
  8. Verify that the fields are populated with values. Note in particular:

    • The Name from the Host tab becomes the DNS name.
    • Satellite Server automatically assigns an IP address for the new host.
  9. In the MAC address field, enter a MAC address of the host’s provisioning interface. This ensures the identification of the host during the PXE boot process.
  10. Ensure that Satellite Server automatically selects the Managed, Primary, and Provision options for the first interface on the host. If not, select them.
  11. Click OK to save. To add another interface, click Add Interface. You can select only one interface for Provision and Primary.
  12. Click the Operating System tab, and verify that all fields contain values. Confirm each aspect of the operating system.
  13. From the PXE Loader list, select Grub2 UEFI HTTP.
  14. Optional: Click Resolve in Provisioning template to check the new host can identify the right provisioning templates to use.

    For more information about associating provisioning templates, see Section 2.13, “Creating Provisioning Templates”.

  15. Click the Parameters tab, and ensure that a parameter exists that provides an activation key. If not, add an activation key.
  16. Click Submit to save the host details.

    For more information about network interfaces, see Adding network interfaces.

  17. Set the host to boot in UEFI mode from network.
  18. Start the host.
  19. From the boot menu, select Kickstart default PXEGrub2.

This creates the host entry and the relevant provisioning settings. This also includes creating the necessary directories and files for UEFI booting the bare metal host. When you start the physical host and set its boot mode to UEFI HTTP, the host detects the defined DHCP service, receives HTTP endpoint of Capsule with the Kickstart tree and installs the operating system.

When the installation completes, the host also registers to Satellite Server using the activation key and installs the necessary configuration and management tools from the Satellite Tools 6.8 repository.

For CLI Users

  1. On Capsule that you use for provisioning, update the grub2-efi package to the latest version:

    # satellite-maintain packages install grub2-efi
  2. Enable foreman-proxy-http, foreman-proxy-httpboot, and foreman-proxy-tftp true features.

    # satellite-installer --scenario satellite \
    --foreman-proxy-httpboot true \
    --foreman-proxy-http true \
    --foreman-proxy-tftp true
  3. Create the host with the hammer host create command.

    # hammer host create --name "My_Host" \
    --organization "My_Organization" \
    --location "My_Location" \
    --hostgroup "My_Host_Group" \
    --mac "aa:aa:aa:aa:aa:aa" \
    --build true \
    --enabled true \
    --managed true \
    --pxe-loader "Grub2 UEFI HTTP"
  4. Ensure the network interface options are set using the hammer host interface update command.

    # hammer host interface update --host "My_Host" \
    --managed true \
    --primary true \
    --provision true
  5. Set the host to boot in UEFI mode from network.
  6. Start the host.
  7. From the boot menu, select Kickstart default PXEGrub2.

This creates the host entry and the relevant provisioning settings. This also includes creating the necessary directories and files for UEFI booting the bare metal host. When you start the physical host and set its boot mode to UEFI HTTP, the host detects the defined DHCP service, receives HTTP endpoint of Capsule with the Kickstart tree and installs the operating system.

When the installation completes, the host also registers to Satellite Server using the activation key and installs the necessary configuration and management tools from the Satellite Tools 6.8 repository.

6.6. Deploying SSH Keys during Provisioning

Use this procedure to deploy SSH keys added to a user during provisioning. For information on adding SSH keys to a user, see Adding SSH Keys to a User in Administering Red Hat Satellite.

Procedure

To deploy SSH keys during provisioning, complete the following steps:

  1. In the Satellite web UI, navigate to Hosts > Provisioning Templates.
  2. Create a provisioning template, or clone and edit an existing template. For more information, see Section 2.13, “Creating Provisioning Templates”.
  3. In the template, click the Template tab.
  4. In the Template editor field, add the create_users snippet to the %post section:

    <%= snippet('create_users') %>
  5. Select the Default check box.
  6. Click the Association tab.
  7. From the Application Operating Systems list, select an operating system.
  8. Click Submit to save the provisioning template.
  9. Create a host that is associated with the provisioning template or rebuild a host using the OS associated with the modified template. For more information, see Creating a Host in the Managing Hosts guide.

    The SSH keys of the Owned by user are added automatically when the create_users snippet is executed during the provisioning process. You can set Owned by to an individual user or a user group. If you set Owned by to a user group, the SSH keys of all users in the user group are added automatically.