Bug 1859158

Summary: Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
Product: Red Hat Satellite Reporter: Roman Plevka <rplevka>
Component: InstallerAssignee: Ewoud Kohl van Wijngaarden <ekohlvan>
Status: CLOSED ERRATA QA Contact: Roman Plevka <rplevka>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.8.0CC: aruzicka, lzap, mshira, pcreech
Target Milestone: 6.8.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-installer-2.1.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 13:04:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Roman Plevka 2020-07-21 11:12:39 UTC
Description of problem:
When booting an unknown UEFI host with HTTPboot support (instead of PXE undi), DHCP doesn't respond with the URL to the grubx64.efi as it should, instead, it points to the "pxelinux.0"[|bootp]:

# tcpdump -i eth1 -xXvn  '((port 67 or port 68))'


### Client request:
06:59:08.013025 IP (tos 0x0, ttl 64, id 2098, offset 0, flags [none], proto UDP (17), length 368)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 56:6f:0d:72:06:50, length 340, xid 0xdaaa569f, Flags [Broadcast]
	  Client-Ethernet-Address 56:6f:0d:72:06:50
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    MSZ Option 57, length 2: 1472
	    Parameter-Request Option 55, length 27: 
	      Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
	      IEN-Name-Server, Domain-Name-Server, Hostname, BS
	      Domain-Name, RP, EP, RSZ
	      TTL, BR, YD, YS
	      NTP, Vendor-Option, Requested-IP, Lease-Time
	      Server-ID, RN, RB, Vendor-Class
	      Option 212, BF, GUID
	    GUID Option 97, length 17: 0.94.124.8.164.87.223.182.65.130.9.202.143.153.235.4.233
	    NDI Option 94, length 3: 1.3.1
	    ARCH Option 93, length 2: 16
========>   Vendor-Class Option 60, length 33: "HTTPClient:Arch:00016:UNDI:003001"  <=========

### Server response:
06:59:09.107131 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 339)
    10.1.5.41.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 311, xid 0xdaaa569f, Flags [Broadcast]
	  Your-IP 10.1.5.42
	  Server-IP 10.1.5.41
	  Client-Ethernet-Address 56:6f:0d:72:06:50
========> file "pxelinux.0"[|bootp]  <=========



Version-Release number of selected component (if applicable):
6.8.0-8

How reproducible:

Actual results:
06:59:09.107131 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 339)
    10.1.5.41.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 311, xid 0xdaaa569f, Flags [Broadcast]
	  Your-IP 10.1.5.42
	  Server-IP 10.1.5.41
	  Client-Ethernet-Address 56:6f:0d:72:06:50
          file "pxelinux.0"[|bootp]

Expected results:
07:11:08.491117 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 362)
    10.1.5.41.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 334, xid 0x61131983, Flags [Broadcast]
	  Your-IP 10.1.5.42
	  Server-IP 10.1.3.52
	  Client-Ethernet-Address 56:6f:0d:72:06:87
	  file "http://<sat fqdn>:8000/httpboot/grub2/grubx64.efi"[|bootp]


Additional info:

Comment 2 Lukas Zapletal 2020-08-07 13:42:57 UTC
Roman, can you test it with this change:

Instead:

if option architecture = 00:06 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:07 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:09 {
  filename "grub2/shim.efi";
} else {
  filename "pxelinux.0";
}

Do this:

class "httpclients" {
  match if substring (option vendor-class-identifier, 0, 9) = "HTTPClient";
  if option arch = 00:0F {
    filename "https://proxy.example.com:8000/EFI/grub2/bootia32.efi";
  } else if option arch = 00:10 {
    filename "https://proxy.example.com:8000/EFI/grub2/bootx64.efi";
  }
}

class "pxeclients" {
  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server 10.0.0.1;
  if exists user-class and option user-class = "iPXE" {
    filename "https://foreman.example.com:443/unattended/iPXE";
  } else if option arch = 00:06 {
    filename "grub2/bootia32.efi";
  } else if option arch = 00:07 {
    filename "grub2/bootx64.efi";
  } else {
    filename "pxelinux.0";
  }
}

Comment 3 Lukas Zapletal 2020-08-07 13:51:03 UTC
s/arch/architecture/g

Comment 4 Lukas Zapletal 2020-08-07 14:33:08 UTC
THERE WAS A TYPO ABOVE, HERE IS CORRECTED VERSION:


class "httpclients" {
  match if substring(option vendor-class-identifier, 0, 10) = "HTTPClient";
  option vendor-class-identifier "HTTPClient";
  if option architecture = 00:0F {
    filename "https://192.168.199.15:9090/EFI/grub2/bootia32.efi";
  } else if option architecture = 00:10 {
    filename "https://192.168.199.15:9090/EFI/grub2/bootx64.efi";
  }
}

class "pxeclients" {
  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server 10.0.0.1;
  if exists user-class and option user-class = "iPXE" {
    filename "https://foreman.example.com:443/unattended/iPXE";
  } else if option architecture = 00:06 {
    filename "grub2/bootia32.efi";
  } else if option architecture = 00:07 {
    filename "grub2/bootx64.efi";
  } else {
    filename "pxelinux.0";
  }
}

Comment 5 Lukas Zapletal 2020-08-07 14:46:43 UTC
There is another typo, disregard all comments here is the up to date version:

https://gist.github.com/lzap/8a3e7cfddf68991926eb268023f1709a

Comment 6 Lukas Zapletal 2020-08-11 13:01:09 UTC
Upstream patch RFM and tested: https://github.com/theforeman/puppet-foreman_proxy/pull/611

Comment 7 Bryan Kearney 2020-08-11 16:00:51 UTC
Upstream bug assigned to ekohlvan@redhat.com

Comment 8 Bryan Kearney 2020-08-11 16:00:53 UTC
Upstream bug assigned to ekohlvan@redhat.com

Comment 9 Roman Plevka 2020-09-11 09:55:26 UTC
VERIFIED
on sat6.8.0-14

the dhcp config is updated
and the httpboot-clients correctly load the default template and load FDI correctly.
tested the rest of the workflow and the provisioning works correctly as well.

Comment 12 errata-xmlrpc 2020-10-27 13:04:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366