search

theforeman / foreman-documentation

Documentation for the Foreman Project and its ecosystem
https://docs.theforeman.org
Creative Commons Attribution Share Alike 4.0 International
22 stars 95 forks source link

Add IPv6 HTTP UEFI boot documentation #713

Open lzap opened 3 years ago

lzap commented 3 years ago

We only have a note that "it is possible" in docs.

https://youtu.be/dHfU31ZmPDs?t=1456

ekohl commented 8 months ago

This issue is still valid. https://docs.theforeman.org/nightly/Provisioning_Hosts/index-katello.html#Creating_Hosts_with_UEFI_HTTP_Boot_Provisioning_provisioning now says:

This is the only method with which you can provision hosts in IPv6 network.

But the DHCPv6 configuration is missing from our documentation. This is shown at https://youtu.be/dHfU31ZmPDs?&t=1806

Lennonka commented 4 months ago

Btw, we have this: https://docs.theforeman.org/nightly/Installing_Server/index-katello.html#configuring-for-uefi-http-boot-provisioning-in-an-ipv6-network_foreman

Is it sufficient? Should we move it to Provisioning hosts or include it in both guides? Should we improve it somehow?

ekohl commented 4 months ago

I think it's not a great section because it's not obvious to me how I should set up a DHCP server after reading that.

As for moving, I think it makes sense. You only do that if you want to provision. It's like installing Puppet: we don't do that in Installing Server but we do in our Puppet guide

ekohl commented 4 months ago

Other issues there:

Ensure that the UDP ports 67 and 68 are accessible by clients so clients can send DHCP requests and receive DHCP offers.

DHCPv6 uses different ports. Quoting https://en.wikipedia.org/wiki/DHCPv6#Port_numbers

Clients listen for DHCP messages on UDP port 546. Servers and relay agents listen for DHCP messages on UDP port 547.[2]

A concrete example that I used with ISC DHCP:

#
# DHCPv6 Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd6.conf.example
#   see dhcpd.conf(5) man page
#

# https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-deployment-prep-uefi-httpboot.html#httpboot-dhcpv6-server
option dhcp6.bootfile-url code 59 = string;
option dhcp6.vendor-class code 16 = {integer 32, integer 16, string};
subnet6 2001:db8:0:3::/64 {
        range6 2001:db8:0:3:cafe:: 2001:db8:0:3:cafe:ffff:ffff:ffff;
        option dhcp6.bootfile-url "https://smartproxy.example.com:8443/EFI/grub2/shim.efi";
        option dhcp6.name-servers 2001:db8:0:3::53;
        option dhcp6.vendor-class 0 10 "HTTPClient";
}

Note I used HTTPS because my hardware refused to boot from HTTP. That required additional setup to trust the certificate in my hardware. We currently don't document that.

A proper procedure would tell the reader that the bootfile URL (option 59) must be specified and recommend a value for that.