I specified "ntp=**.***.***.**" on the PXE boot but the node still tries external ntp servers that are not reachable through our firewall.
Aug 8 12:36:30 DMZ **.***.***.**:123 220.127.116.11:123 UDP block
Aug 8 12:36:29 DMZ **.***.***.**:123 18.104.22.168:123 UDP block
It should connect to the firewall ip I tell it to connect to.
Sorry, forgot to add "enforcing=0" to the pxe boot config.
So it appears to be an selinux error..
The NTP service during install still fails, but after reboot it's fine.
I don't know how this impacts the certificate generation at install though.
Fixed with 8e48be35e70d41027d60d93e569e9bbcbfd829bf