DHCP Configuration wrong if provision interface is virtual

aft2d · November 27, 2018, 9:40pm

Problem:
Hi,
i have a small problem setting up unattended installation for my network setup.

Our servers have all one network interface. On this interface are public ip is assigned, which is the primary, and a private ip as secondary for management purposes.

# The primary network interface
auto eno1
iface eno1 inet static
        address 194.xxx.xxx.250
        netmask 255.255.255.128
	    network 194.xxx.xxx.128
        broadcast 194.xxx.xxx.255
        gateway 194.xxx.xxx.129
        dns-nameservers 127.0.0.1

auto eno1:0
iface eno1:0 inet static
        address 10.xx.xx.196
        netmask 255.255.255.0

The private network is completely out of routing. It has no gateway, it’s just for internal communication.
I want the unattended installation to work over that private interface.

I configured this in foreman:

The problem now is that the dhcp server(isc-dhcp) doesn’t get configured properly.
This is what foreman configures in the dhcpd.leases file:

host test.aternos.org {
  dynamic;
  hardware ethernet ea:b5:4e:2e:1d:72;
  fixed-address 194.xxx.xxx.250;
        supersede host-name = "test.xxxxxxx.org";
}

I get the same result if I enter the correct mac address into eth0:1.

It only writes the correct config into the leases file if:

I assign primary and provisioning to eth0 (However I have the wrong ip configured in dhcpd)
I enter different mac address at eth0:1 (However I have the wrong mac address configured then in dhcpd)

So I assume the problem is that foreman tries to do the correct configuration however because of that the mac address field is empty (bcs. it’s a virtual interface) it does this misconfig.

I don’t know if it is a bug or feature, but I assume if Foreman would correctly use the mac address of it’s physical interface for the virtual interface it should get the correct result:

Expected outcome:
A correct dhcpd configuration from the smart proxy:

host test.node.consul {
  dynamic;
  hardware ethernet ea:b5:4e:2e:1d:73;
  fixed-address 10.xx.xx.16;
        supersede server.filename = "pxelinux.0";
        supersede server.next-server = 0a:xx:xx:44;
        supersede host-name = "test.node.consul";
}

Foreman and Proxy versions:
Foreman: 1.20.0
Proxy: 1.20.0

Foreman and Proxy plugin versions:
No plugins installed.

lzap · November 29, 2018, 9:36am

Hello and welcome.

First off, I see your NICs are configured static, however you are trying to achieve DHCP configuration. Which interface do you want to have DHCP on? You can’t have both, this will never work. You need to pick one and the other must be statically configured as long as they share the same MAC address. There are tricks like MAC-VLAN in Linux which you could use as a workaround but Foreman does not natively supports that.

Note that we have a restriction which requires all alias interfaces to be configured on subnet with static flag set. That is too restrictive, we should probably verify on the host level that all interfaces with same MAC address (e.g. aliases) have only one subnet with DHCP mode on. I left a comment in the issue as I am not going to fix this now.

https://projects.theforeman.org/issues/9434

Now, to the question if Foreman supports this - this should work as long as you uncomment the constraint (see the issue above, visit github and find the line). If it does not it’s probably a bug.

aft2d · November 29, 2018, 3:00pm

Thanks for your reply, I really appreciate it.

On the OS itself I want all interfaces configured statically, that’s why I configured both subnets with static boot mode.
However to provision my servers via PXE I need a entry in the DHCP server.
I want that for this entry the subnet configured on the alias interface is used(10.x.x.0/24 one). So I set the physical interface as primary interface(because the subnet configured on this interface should be the main one on the OS with gateway etc.) and the alias as provision interface as this subnet should be entered into dhcp for pxe booting.

The problem for me is not really that I can not set an subnet to dhcp boot mode which is used on an alias interface, It’s more like that when build mode is enabled no correct dhcp entry is pushed to the dhcp server.

lzap · December 3, 2018, 2:35pm

So after some time spent digging in the code, I figured this out. It’s a bug!

First, you need to make sure your secondary (alias) interface has also some name. We require all interfaces which needs to be orchestrated on DHCP to have a name. Just create a dummy name, keep in mind Foreman will create DNS record for it if you have your domain associated with DNS proxy.

But then you hit a bug:

[app|D|55d|6ac] Task 'dhcp_create_52:54:00:6a:6d:52' already in 'Host::Managed Main' queue

Our orchestration queue has a mechanism to prevent multiple DHCP orchestration calls. It uses MAC address to identify duplicates however for NIC alias there are actually two NICs with same MAC address. Adding an extra information to the orchestration name allows orchestrating those.

Reproducer is simple, create a subnet with Internal DB IPAM, static mode (id=3 in my case) and a subnet with DHCP IPAM, static mode (id=9 in my case) and create a host with an alias as provisioning interface. It must have name associated too:

hammer -u admin -p changeme host create --name simple-13006 --organization MyOrg --location MyLoc --hostgroup 'CentOS 7.1' --interface identifier=eth0,mac=52:54:00:45:ae:90,primary=true,provision=false,domain_id=1,subnet_id=3 --interface identifier=eth0:1,mac=52:54:00:45:ae:90,primary=false,provision=true,domain_id=1,subnet_id=9,virtual=true,attached_to=eth0,name=prov-32042

Lucky day for you, patch is incoming see the issue:

https://projects.theforeman.org/issues/25610

lzap · December 3, 2018, 2:36pm

You should be able to hotfix your instance: