foreman-documentation Fixes Foreman Support #22332

[x] I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

[x] Foreman 3.5/Katello 4.7 (planned Satellite 6.13)
[x] Foreman 3.4/Katello 4.6 (EL8 only)
[x] Foreman 3.3/Katello 4.5 on EL7 & EL8 (Satellite 6.12 on EL8 only)
[x] Foreman 3.2/Katello 4.4 on EL7 & EL8
[x] Foreman 3.1/Katello 4.3 on EL7 & EL8 (Satellite 6.11 EL7/8, orcharhino 6.2 on EL7/8)
For Foreman 3.0 or older, please create a separate PR.
We do not accept PRs for Foreman 2.3 or older.

While customizing an FDI for Satellite 6.11, I failed to find in the docs how to feed multiple DNS to the fdi.pxdns parameter. This PR attempts to address that.

I came across https://projects.theforeman.org/issues/22332 which has the same ask, but the suggestion of ; as separator did not work for me. Using , as separator does work for me.

Testresults

These verification were done by using discovery-remaster from foreman-discovery-image-3.8.2-1.el7sat.noarch

Because the DHCP server my testhost queries does give me both an IP and a gateway, but not the DNSes I want; I only set fdi.pxdns but neither fdi.pxip nor fdi.pxgw while testing.

using ; as separator

discovery-remaster \
  /usr/share/foreman-discovery-image/foreman-discovery-image-3.8.2-1.iso \
  "proxy.url=https://satellite.example.com:9090 proxy.type=proxy fdi.pxdns=192.168.1.1;192.168.200.1 fdi.pxauto=1" \
  /var/tmp/fdi-builddir/fdi-2023021701.iso

did not work for me

a host booted with fdi-2023021701.iso complains during bootup along the lines of command not found 192.168.200.1 (in grub). While it proceeds to boot the FDI after a timeout, FDI asks me to set up network.

using , as separator

discovery-remaster \
  /usr/share/foreman-discovery-image/foreman-discovery-image-3.8.2-1.iso \
  "proxy.url=https://satellite.example.com:9090 proxy.type=proxy fdi.pxdns=192.168.1.1,192.168.200.1 fdi.pxauto=1" \
  /var/tmp/fdi-builddir/fdi-2023021702.iso

works for me

a host booted with fdi-2023021702.iso shows up in Satellite 6.11 under Hosts / Discovered Hosts
a host booted with fdi-2023021702.iso has both DNS in /etc/resolv.conf (before the kexec is triggered, after I enabled SSH so I could log in on a tty and check)

Feb 17 '23 18:02 pcfe

The PR preview for 1ffee27cc91aecccc923998b23e4d80afc02070e is available at theforeman-foreman-documentation-preview-pr-2007.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

Feb 17 '23 18:02 github-actions[bot]

Interestingly, we essentially feed this into a networkmanager config file, and that is supposed to have ; as delimiter according to https://networkmanager.dev/docs/api/latest/nm-settings-keyfile.html :woman_shrugging:

And this is also what happens if I do this on my system:

[root@tanso ~]# nmcli connection add con-name testcon type ethernet
Connection 'testcon' (2900af80-dd1f-4233-a1ed-ce6adbbd9457) successfully added.

[root@tanso ~]# nmcli connection modify testcon ipv4.dns "192.0.2.200 192.0.2.201"

[root@tanso ~]# cat /etc/NetworkManager/system-connections/testcon.nmconnection 
[connection]
id=testcon
uuid=2900af80-dd1f-4233-a1ed-ce6adbbd9457
type=ethernet

[ethernet]

[ipv4]
dns=192.0.2.200;192.0.2.201;
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

Feb 19 '23 12:02 evgeni

@evgeni two things;

because Line 62 (direct feed in) OK, I definitely need to test more (I guess booting without network to ensure the resolv.conf entry does not come from DHCPd after all. I'll put this MR back in draft mode until I reported back on that.
I think I know why grub on the FDI ISO on my testsystem nags when I booted a remastered ISO that is using ; as a separator between 2 DNS. ; is a word delimiter according to section 6.3 Writing full configuration files directly of the GRUB Manual

note to self: @pcfe to check before putting this back into ready state (@evgeni feel free to add to the list)

; as separator on a system that will use isolinux.cfg (I guess a non UEFI VM does that)
/proc/cmdline when remastered FDI with ; booted on a system that uses grub.cfg

Feb 20 '23 22:02 pcfe

Yeah, it very well can be that "," works (but is undocumented) while ";" works only if you edit the command line in grub directly (so not triggering any "parse a grub cfg" and never passing the second dns).

I would argue that we should aim for using the correct syntax (";") and if that breaks the generation/remaster that's a separate bug.

Feb 21 '23 06:02 evgeni

Full ACK that it should use the documented syntax when feeding into NetworkManager even if a , does work today,.

OTOH a ; in a grub config feels very alien to me and I would like an ISO that can be booted without manual edits.

If it has any chance of getting implemented, then I would rather file an RFE for FDI to parse a , separating 2 or 3 DNS and then transform it into a ; when configuring NetworkManager and close (or leave in draft) this doc change MR until that is implemented.

Maybe asking for commonfunc.sh to get a tr , ';' for fdi.pxdns.

Feb 21 '23 18:02 pcfe

@evgeni is this correct and can it be merged?

Aug 21 '23 12:08 ekohl

I have no idea 🙈

Aug 21 '23 13:08 evgeni

@pcfe @evgeni what is needed to get this moving forward? Is there anything blocking this or can we merge it?

Aug 28 '23 12:08 ekohl

@pcfe @evgeni Any update/idea on how to move this forward?

Sep 25 '23 12:09 maximiliankolb

@maximiliankolb has commonfunc.sh (or any other part) been adjusted so that a kernel command line , in the fdi.pxdns is turned into a ; before being fed to NetworkManager? (that would be my preference, sorry if I missed that)

if yes, then I can take this documentation MR out of draft.

If no, then advise if you are OK to "abuse" the undocumented fact that NM does accept a , in place of the documented ;. But IMO, then we should add a couple lines to that effect before this is merged.

Oct 18 '23 16:10 pcfe

@ekohl any opinion on how to proceed?

Nov 02 '23 13:11 adamlazik1

@pcfe Please rebase to "master" and resolve the merge conflict.

May 02 '24 12:05 maximiliankolb

@maximiliankolb rebase done. But I would like to get an answer to https://github.com/theforeman/foreman-documentation/pull/2007#issuecomment-1768904372 before taking this out of Draft if that's OK.

May 03 '24 12:05 pcfe

Thanks Patrick, I've asked in "theforeman-dev" matrix channel.

May 03 '24 12:05 maximiliankolb

@Lennonka Please get some form of ACK.

May 16 '24 12:05 maximiliankolb

I've notified our team to check it.

May 16 '24 13:05 Lennonka

The fdi.pxdns is used in the nm-configure file, and according to man nm-settings-keyfile the correct format is with ;.

See man nm-settings-keyfile: […]

@stejskalleos did you successfully verify that the version of discovery-remaster shipped with Satellite 6.14 (foreman-discovery-image-4.1.0-31.el8sat.noarch on my satellite-6.15.0-2.el8sat.noarch) generates an ISO that boots fine on UEFI (and BIOS) when feeding a ; separated list of fdi.pxdns?

May 21 '24 12:05 pcfe

634add1196bf28316be59f8ac5e841f99a59cd91 is an attempt to briefly explain why , is used. Feedback welcome and expected. I am not completely happy with it (the footnote still feels too long to me) but failed to come up with something more concise.

May 30 '24 12:05 pcfe

The footnote is a good idea, I like it.

Jun 02 '24 14:06 Lennonka

Cherry-picked:

7a8eab2c00..3b5a082782 3.11 -> 3.11
945efd1e89..a0897f370a 3.10 -> 3.10
fee9c30400..a01abc6aea 3.9 -> 3.9
19304383d0..cc38b08b1a 3.8 -> 3.8
66d2ac68ae..572c1dc359 3.7 -> 3.7
76152e0863..bfea15f1d9 3.6 -> 3.6
7dcbb43a2d..981a9bdad5 3.5 -> 3.5

Jun 03 '24 09:06 Lennonka

@pcfe There are cherry-pick conflicts on 3.4 and possibly 3.3, however, we might be retiring those versions soon, so you don't have to file another PR. Versions older than 3.3 are no longer maintained.

Jun 03 '24 09:06 Lennonka

Fixes Foreman Support #22332 - document multiple pxdns

Testresults

using ; as separator

using , as separator