Best practices for configuring DHCP

What are the best practices for managing DHCP configurations? I am new to foreman and am loving it so far. I am asking this question because foreman-installer and theforeman/dhcp Puppet module both write into /etc/dhcp/dhcp.conf.

As part of the steps to set up configure bare-metal host provisioning through PXE, I set up the foreman proxy using the foreman installer (see Annex A). I was eventually able to provision a bare-metal host. I then configured DHCP host reservation as shown in Annex B. I confirmed that I was able to assign this IP address to the specified host.

Did I approach this the correct way?

When I tried to use theforeman/dhcp puppet module to manage host DHCP reservations as shown in Annex C, it resets the contents of /etc/dhcp/dhcpd.conf since many of these were not declared in the Puppet manifest site.pp. This made me wonder whether it was preferable to manage /etc/dhcp/dhcpd.conf from the Puppet manifest and reproduce foreman-installer's configurations.

Thanks!

Versions:

Foreman: 2.1
Puppet: 6.17.0
Distribution: CentOS 7.8.2003

Other relevant data:

Annex A

d1p-test-foreman02 $ sudo foreman-installer \
  --enable-foreman-proxy \
  --foreman-proxy-tftp=true \
  --foreman-proxy-tftp-servername=172.21.13.36 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-interface=eth1 \
  --foreman-proxy-dhcp-gateway=172.21.13.1 \
  --foreman-proxy-dhcp-nameservers="172.21.13.36" \
  --foreman-proxy-dns=true \
  --foreman-proxy-dns-interface=eth1 \
  --foreman-proxy-dns-zone=ldi.lan \
  --foreman-proxy-dns-reverse=13.21.172.in-addr.arpa \
  --foreman-proxy-dns-forwarders=10.0.2.3 \
  --foreman-proxy-foreman-base-url=https://d1p-test-foreman02.ldi.lan
d1p-test-foreman02 $ cat /etc/dhcp/dhcpd.conf omapi-port 7911;

default-lease-time 43200;
max-lease-time 86400;


not authoritative;


ddns-update-style none;

option domain-name "ldi.lan";
option domain-name-servers 172.21.13.36;
option ntp-servers none;

allow booting;
allow bootp;

option fqdn.no-client-update    on;  # set the "O" and "S" flag bits
option fqdn.rcode2            255;
option pxegrub code 150 = text ;




# required for UEFI HTTP boot
if substring(option vendor-class-identifier, 0, 10) = "HTTPClient" {
  option vendor-class-identifier "HTTPClient";
}
# promote vendor in dhcpd.leases
set vendor-string = option vendor-class-identifier;
# next server and filename options
next-server 172.21.13.36;
option architecture code 93 = unsigned integer 16 ;
if option architecture = 00:06 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:07 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:09 {
  filename "grub2/shim.efi";
} else {
  filename "pxelinux.0";
}

log-facility local7;

include "/etc/dhcp/dhcpd.hosts";
# ldi.lan
subnet 172.21.13.0 netmask 255.255.255.0 {
  pool
  {
    range 172.21.13.38 172.21.13.50;
  }

  option subnet-mask 255.255.255.0;
  option routers 172.21.13.1;
}

Annex B

d1p-test-foreman02 $ cat /etc/dhcp/dhcpd.hosts
# static DHCP hosts
host d1p-test-squid02.ldi.lan {
  hardware ethernet   80:00:27:91:e8:e3;
  fixed-address       172.21.13.38;
  ddns-hostname       "d1p-test-squid02.ldi.lan";
}

Annex C

d1p-test-foreman02 $ cat /etc/puppetlabs/code/environments/production/manifests/site.pp
node "d1p-test-foreman02.ldi.lan" {
  class { 'dhcp':
    interfaces => ['eth1'],
  }
  dhcp::host {
    'd1p-test-squid02.ldi.lan': mac => '80:00:27:91:e8:e3', ip => '172.21.13.38'
  }
}

Hello and welcome :slight_smile:

I am sure someone will have a better answer for you, but in the meantime I just wanted to point your attention to this guide in case you have not seen it: https://docs.theforeman.org/master/Provisioning_Guide/index-foreman.html#Configuring_Networking

Best of luck!

Hi Melanie, thanks for the welcome and the link to the resource!

Foreman itself does not touch dhcpd.conf, it does parse it but does not change it. Instead, it uses OMAPI to create entries in the leases file. All you need to do is to create all subnets via Puppet so it matches whats in Foreman database.

Our installer supports only one subnet via CLI, then you need to use hiera to define more subnets:

https://theforeman.org/2017/07/adding-new-subnet-for-provisioning.html

We should probably integrate this into our manual. Do you have the most up-to-date instructions @ekohl so we could integrate this into docs-ng? This is indeed a challenging for users to identify, we should tell them from the very beginning how to manage multiple networks.

1 Like

Foreman :: Plugin Manuals is the most current documentation. It’s in the Katello manual, but really not Katello specific.

Thanks for everyone’s answers. To be clear, it’s ok to run use the same DHCP server (e.g. on the Foreman or SmartProxy node) to serve both of these functions: (1) PXELinux and (2) assigning IP addresses to already-provisioned hosts?

If this was a question than yes, it is okay as long as you make sure your assignments are outside of Foreman DHCP range defined in your Subnet. Foreman can only do dynamic assignments (assuming ISC DHCP).

Thanks a lot lzap!

I am trying to configure /etc/dhcpd/dhcpd.conf using the theforeman/dhcp Puppet module but I am unable to “puppetize” many of the configurations set up by Foreman for UEFI boot:


# required for UEFI HTTP boot
if substring(option vendor-class-identifier, 0, 10) = "HTTPClient" {
  option vendor-class-identifier "HTTPClient";
}
# promote vendor in dhcpd.leases
set vendor-string = option vendor-class-identifier;
# next server and filename options
next-server 172.21.13.36;
option architecture code 93 = unsigned integer 16 ;
if option architecture = 00:06 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:07 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:09 {
  filename "grub2/shim.efi";
} else {
  filename "pxelinux.0";
}

Does anybody know how to approach this problem?