AlmaLinux / almalinux-deploy

EL to AlmaLinux migration tool.
GNU General Public License v3.0
543 stars 72 forks source link

Alma 9 PXE Kickstart install fails to honour network proxy early in in the install #173

Open tom-crane opened 1 year ago

tom-crane commented 1 year ago

We install Alma9 as indicated above. Our machines are behind a firewall which typically allows no external network access to the machine being installed. We have local squid proxies which do have external network access which the machines being installed are configured to use.

The Kickstart file specifies, e.g.,

url --url=http://mirrors.ukfast.co.uk/sites/almalinux.org/9/BaseOS/x86_64/kickstart --proxy=http://squid.<localdomain>:3128

The machine being installed pauses early on in the install. Checking the Squid logs shows no accesses from the machine being installed. Checking the firewall logs shows dropped packets from the machine being installed as it tries to access the installer image etc. from the remote site.

After granting external network access to the machine being installed and monitoring its external network accesses, e.g. with tcpdump, the following was ascertained;

These first two accesses it does directly, ignoring the --proxy=,

http port 80 on IP 46.37.189.155 "GET /sites/almalinux.org/9/BaseOS/x86_64/kickstart/.treeinfo HTTP/1.1\r\n"
http port 80 on IP 46.37.189.155 "GET /sites/almalinux.org/9/BaseOS/x86_64/kickstart/images/install.img HTTP/1.1\r\n"

Thereafter it uses the proxy to access the repos and download the packages, e.g.,

http port 3128 on IP 134.219.X.Y "GET http://mirrors.ukfast.co.uk/sites/almalinux.org/9/BaseOS/x86_64/kickstart/.treeinfo HTTP/1.1\r\n"
http port 3128 on IP 134.219.X.Y "GET http://mirrors.ukfast.co.uk/sites/almalinux.org/9/AppStream/x86_64/kickstart/repodata/repomd.xml HTTP/1.1\r\n"
http port 3128 on IP 134.219.X.Y "GET http://mirrors.ukfast.co.uk/sites/almalinux.org/9/AppStream/x86_64/kickstart/repodata/0931fbd71aeb2be85de4b3c0f10a2050f71c7ce81f3e7b0653a05ce53b56d9c0-primary.xml.gz HTTP/1.1\r\n"
http port 3128 on IP 134.219.X.Y "GET http://mirrors.ukfast.co.uk/sites/almalinux.org/9/AppStream/x86_64/kickstart/repodata/23566c253ce147ad344f255ee07a3e0e60447be225c474fa3fe5af5b1320c4a7-filelists.xml.gz HTTP/1.1\r\n"
http port 3128 on IP 134.219.X.Y "GET http://mirrors.ukfast.co.uk/sites/almalinux.org/9/AppStream/x86_64/kickstart/repodata/d08d30ce06eb2a3ae1970d4573a5390a23a971204ee1dbf16bd2ccf947084a07-comps-AppStream.x86_64.xml HTTP/1.1\r\n"
etc. etc.

We observe the same problem on fellow downstream distro Rocky9 but not on upstream distro Centos Stream 9 which does honour the proxy fully.

Please help/advise?

Thanks Tom Crane