DHCP issues - UNABLE TO SAVE: Create DHCP Settings task failed

Hi guys, I'm trying to deploy my first host with foreman, but I'm getting
this error:

Create DHCP Settings for test.host.com task failed with the following
error: ERF12-6899 [ProxyAPI::ProxyException]: Unable to set DHCP entry
([RestClient::BadRequest]: 400 Bad Request) for proxy
https://foreman.test.com:8443/dhcp

I think I've tried everything (I've googled the same issue) and clearly I'm
missing something. Any help will be appreciated.

OS: CentOS Linux release 7.3.1611 (Core)PACKAGES:
foreman.noarch 1.15.3-1.el7
@foreman
foreman-cli.noarch 1.15.3-1.el7
@foreman
foreman-debug.noarch 1.15.3-1.el7
@foreman
foreman-installer.noarch 1:1.15.3-1.el7
@foreman
foreman-postgresql.noarch 1.15.3-1.el7
@foreman
foreman-proxy.noarch 1.15.3-1.el7
@foreman
foreman-release.noarch 1.15.3-1.el7
@foreman
foreman-release-scl.noarch 3-1.el7
@foreman
foreman-selinux.noarch 1.15.3-1.el7
@foreman

PROXY-LOG (IP adresses and hostnames were changed)

D, [2017-08-11T09:31:41.986957 ] DEBUG – : accept: 192.168.10.77:47446
D, [2017-08-11T09:31:41.988884 ] DEBUG – : Rack::Handler::WEBrick is
invoked.
D, [2017-08-11T09:31:41.989857 ] DEBUG – : verifying remote client
192.168.10.77 against trusted_hosts ["foreman.test.com"]
I, [2017-08-11T09:31:41.990393 ] INFO – : 192.168.10.77 - -
[11/Aug/2017:09:31:41 +0200] "GET /tftp/serverName HTTP/1.1" 200 17 0.0008

D, [2017-08-11T09:31:42.031099 ] DEBUG – : close: 192.168.10.77:47446
D, [2017-08-11T09:31:42.080941 ] DEBUG – : accept: 192.168.10.77:47448
D, [2017-08-11T09:31:42.082416 ] DEBUG – : Rack::Handler::WEBrick is
invoked.
D, [2017-08-11T09:31:42.083040 ] DEBUG – : verifying remote client
192.168.10.77 against trusted_hosts ["foreman.test.com"]
E, [2017-08-11T09:31:42.083463 ] ERROR – : No DHCP record for MAC
192.168.0.0/00:50:56:ba:c7:7f found
D, [2017-08-11T09:31:42.083501 ] DEBUG – : No DHCP record for MAC
192.168.0.0/00:50:56:ba:c7:7f found
I, [2017-08-11T09:31:42.083741 ] INFO – : 10.129.49.85 - -
[11/Aug/2017:09:31:42 +0200] "GET /dhcp/192.168.0.0/mac/00:50:56:ba:c7:7f
HTTP/1.1" 404 57 0.0008

D, [2017-08-11T09:31:42.125161 ] DEBUG – : close: 10.129.49.85:47448
D, [2017-08-11T09:31:42.153213 ] DEBUG – : accept: 10.129.49.85:47450
D, [2017-08-11T09:31:42.155696 ] DEBUG – : Rack::Handler::WEBrick is
invoked.
D, [2017-08-11T09:31:42.156719 ] DEBUG – : verifying remote client
192.168.10.77 against trusted_hosts ["foreman.test.com"]
E, [2017-08-11T09:31:42.157367 ] ERROR – : No DHCP records for IP
192.168.0.0/192.168.0.235 found
D, [2017-08-11T09:31:42.157458 ] DEBUG – : No DHCP records for IP
192.168.0.0/192.168.0.235 found
I, [2017-08-11T09:31:42.157826 ] INFO – : 192.168.10.77 - -
[11/Aug/2017:09:31:42 +0200] "GET /dhcp/192.168.0.0/ip/192.168.0.235
HTTP/1.1" 404 52 0.0012

D, [2017-08-11T09:31:42.199129 ] DEBUG – : close: 192.168.10.77:47450
D, [2017-08-11T09:31:43.591566 ] DEBUG – : accept: 192.168.10.77:47456
D, [2017-08-11T09:31:43.593712 ] DEBUG – : Rack::Handler::WEBrick is
invoked.
D, [2017-08-11T09:31:43.594789 ] DEBUG – : verifying remote client
192.168.10.77 against trusted_hosts ["foreman.test.com"]
I, [2017-08-11T09:31:43.595470 ] INFO – : 192.168.10.77 - -
[11/Aug/2017:09:31:43 +0200] "GET /tftp/serverName HTTP/1.1" 200 17 0.0009

D, [2017-08-11T09:31:43.636936 ] DEBUG – : close: 192.168.10.77:47456
D, [2017-08-11T09:31:43.680521 ] DEBUG – : accept: 192.168.10.77:47458
D, [2017-08-11T09:31:43.682684 ] DEBUG – : Rack::Handler::WEBrick is
invoked.
D, [2017-08-11T09:31:43.684217 ] DEBUG – : verifying remote client
192.168.10.77 against trusted_hosts ["foreman.test.com"]
D, [2017-08-11T09:31:43.689003 ] DEBUG – : omshell: executed - set name =
"test.host.com"
D, [2017-08-11T09:31:43.689106 ] DEBUG – : nil
D, [2017-08-11T09:31:43.689160 ] DEBUG – : omshell: executed - set
ip-address = 192.168.0.235
D, [2017-08-11T09:31:43.689194 ] DEBUG – : nil
D, [2017-08-11T09:31:43.689238 ] DEBUG – : omshell: executed - set
hardware-address = 00:50:56:ba:84:83
D, [2017-08-11T09:31:43.689269 ] DEBUG – : nil
D, [2017-08-11T09:31:43.689303 ] DEBUG – : omshell: executed - set
hardware-type = 1
D, [2017-08-11T09:31:43.689330 ] DEBUG – : nil
D, [2017-08-11T09:31:43.689506 ] DEBUG – : omshell: executed - set
statements = "filename = "pxelinux.0"; next-server = 5b:d8:a8:4d; option
host-name = "test.host.com";"
D, [2017-08-11T09:31:43.689553 ] DEBUG – : nil
D, [2017-08-11T09:31:43.689592 ] DEBUG – : omshell: executed - create
D, [2017-08-11T09:31:43.689621 ] DEBUG – : nil
E, [2017-08-11T09:31:43.732670 ] ERROR – : Omshell failed:
> > > obj: <null>
, > obj: host
, > obj: host
, name = "test.host.com"
, > obj: host
, name = "test.host.com"
, ip-address = 0a:c4:00:eb
, > obj: host
, name = "test.host.com"
, ip-address = 0a:c4:00:eb
, hardware-address = 00:50:56:ba:84:83
, > obj: host
, name = "test.host.com"
, ip-address = 0a:c4:00:eb
, hardware-address = 00:50:56:ba:84:83
, hardware-type = 1
, > obj: host
, name = "test.host.com"
, ip-address = 0a:c4:00:eb
, hardware-address = 00:50:56:ba:84:83
, hardware-type = 1
, statements = "filename = "pxelinux.0"; next-server = 5b:d8:a8:4d; option
host-name = "test.host.com";"
, > can't open object: no key specified
, obj: host
, name = "test.host.com"
, ip-address = 0a:c4:00:eb
, hardware-address = 00:50:56:ba:84:83
, hardware-type = 1
, statements = "filename = "pxelinux.0"; next-server = 5b:d8:a8:4d; option
host-name = "test.host.com";"
, >
E, [2017-08-11T09:31:43.733422 ] ERROR – : Failed to add DHCP reservation
for testing.host.com (192.168.0.235 / 00:50:56:ba:84:83)
D, [2017-08-11T09:31:43.733472 ] DEBUG – : Failed to add DHCP reservation
for testing.host.com (192.168.0.235 / 00:50:56:ba:84:83)
(Proxy::DHCP::Error)
/usr/share/foreman-proxy/modules/dhcp_common/isc/omapi_provider.rb:97:in
report' /usr/share/foreman-proxy/modules/dhcp_common/isc/omapi_provider.rb:80:inom_disconnect'
/usr/share/foreman-proxy/modules/dhcp_common/isc/omapi_provider.rb:54:in
om_add_record' /usr/share/foreman-proxy/modules/dhcp_common/isc/omapi_provider.rb:30:inadd_record'
/usr/share/foreman-proxy/modules/dhcp/dhcp_api.rb:96:in block in <class:DhcpApi>' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:incall'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:in block in compile!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in[]'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (3 levels) in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:994:inroute_eval'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (2 levels) in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1015:inblock in
process_route'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:in catch' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:inprocess_route'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:973:in block in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:ineach'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:in route!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1085:inblock in
dispatch!'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in block in invoke' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:incatch'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in invoke' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1082:indispatch!'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in block in call!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:inblock in
invoke'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in catch' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:ininvoke'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in call!' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:895:incall'
/usr/share/gems/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/commonlogger.rb:33:incall'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:219:in call' /usr/share/foreman-proxy/lib/proxy/log.rb:109:incall'
/usr/share/foreman-proxy/lib/proxy/request_id_middleware.rb:9:in call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:incall'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:in
call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:incall'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in
call' /usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall'
/usr/share/gems/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:in
call' /usr/share/gems/gems/rack-1.6.4/lib/rack/nulllogger.rb:9:incall'
/usr/share/gems/gems/rack-1.6.4/lib/rack/head.rb:13:in call' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/show_exceptions.rb:25:incall'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:182:in call' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:2013:incall'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in block in call' /usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1787:insynchronize'
/usr/share/gems/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:66:inblock in call'
/usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:in each' /usr/share/gems/gems/rack-1.6.4/lib/rack/urlmap.rb:50:incall'
/usr/share/gems/gems/rack-1.6.4/lib/rack/builder.rb:153:in call' /usr/share/gems/gems/rack-1.6.4/lib/rack/handler/webrick.rb:88:inservice'
/usr/share/ruby/webrick/httpserver.rb:138:in service' /usr/share/ruby/webrick/httpserver.rb:94:inrun'
/usr/share/ruby/webrick/server.rb:295:in `block in start_thread'
I, [2017-08-11T09:31:43.733941 ] INFO – : 192.168.10.77 - -
[11/Aug/2017:09:31:43 +0200] "POST /dhcp/192.168.0.0 HTTP/1.1" 400 89 0.0502

D, [2017-08-11T09:31:43.775232 ] DEBUG – : close: 192.168.10.77:47458

DHCPD CONFIG:

omapi-port 7911;
key omapi_key {
algorithm HMAC-MD5;
secret "secret";
};
omapi-key omapi_key;

ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.201 192.168.0.254;
filename "/pxelinux.0";
next-server 192.168.0.200;
}

log-facility local7;

PROXY SETTINGS::settings_directory: /etc/foreman-proxy/settings.d
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman.test.com.pem
:ssl_private_key:
/etc/puppetlabs/puppet/ssl/private_keys/foreman.test.com.pem
:trusted_hosts:

• foreman.test.com
  :foreman_url: https://foreman.test.com
  :api_url: http://foreman.test.com:9191
  :daemon: true
  :bind_host: '*'
  :https_port: 8443
  :log_file: /var/log/foreman-proxy/proxy.log
  :log_level: DEBUG
  :log_buffer: 2000
  :log_buffer_errors: 1000

*PROXY DHCP SETTING:*dhcp.yml

:enabled: https
:use_provider: dhcp_isc
:server: 127.0.0.1
:subnets:

• 192.168.0.201/255.255.255.0
• 192.168.0.254/255.255.255.0

dhcp_isc.yml:config: /etc/dhcp/dhcpd.conf
:leases: /var/lib/dhcpd/dhcpd.leases
:key_name: omapi_key
:key_value: secret

:omapi_port: 7911

duplicate of:
https://groups.google.com/forum/#!topic/foreman-users/tHk4vS2aEws

Im sorry for that!

Hello,

the subnets in dhcp.yml look suspicious, why you have them there? Also
these are not valid subnet addresses if I am not mistaken. Delete,
restart foreman-proxy.

Before you re-test verify that foreman-proxy see all subnet
definitions in dhcpd.conf, that would be:

curl -kvs --cert /etc/foreman/client_cert.pem --key
/etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem
https://$(hostname):9090/dhcp

Not sure if you have cert paths right, if you change

:enabled: https

to

:enabled: true

and restart, then you can simply hit http endpoint:

curl http://$(hostname):9090/dhcp

LZ

Modified setttings file:

:settings_directory: /etc/foreman-proxy/settings.d
:ssl_ca_file: /etc/puppetlabs/puppet/ssl/
certs/ca.pem
:ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foreman.test.com.pem
:ssl_private_key:
/etc/puppetlabs/puppet/ssl/private_keys/foreman.test.com.pem
:enabled: true
:trusted_hosts:

• foreman.test.com
  :foreman_url: https://foreman.test.com
  :api_url: http://foreman.test.com:9191
  :daemon: true
  :bind_host: '*'
  :https_port: 8443
  :log_file: /var/log/foreman-proxy/proxy.log
  :log_level: DEBUG
  :log_buffer: 2000
  :log_buffer_errors: 1000

*CURL returns nothing :*curl -vv http://foreman.test.com:9191/features
(/dhcp the same result)

• About to connect() to foreman.test.com port 9191 (#0)
• Trying 192.168.10.77…
• Connected to foreman.test.com <http://foreman.kajot.cz> (192.168.10.77)
  port 9191 (#0)
  > GET /features HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: foreman.test.com:9191
  > Accept: /

Here is relevant part of proxy.log after Smart proxy startup.

I, [2017-08-11T13:50:21.447593 ] INFO – : Successfully initialized 'salt'
I, [2017-08-11T13:50:21.447681 ] INFO – : Successfully initialized
'foreman_proxy'
I, [2017-08-11T13:50:21.447747 ] INFO – : Successfully initialized 'tftp'
D, [2017-08-11T13:50:21.462982 ] DEBUG – : trying to find an ip address,
we got {:from=>"192.168.0.201", :to=>"192.168.0.254"}
D, [2017-08-11T13:50:21.463469 ] DEBUG – : Added a subnet: 192.168.0.0
I, [2017-08-11T13:50:21.463857 ] INFO – : Successfully initialized
'dhcp_isc'
I, [2017-08-11T13:50:21.463984 ] INFO – : Successfully initialized 'dhcp'
I, [2017-08-11T13:50:21.464053 ] INFO – : Successfully initialized
'puppetca'
I, [2017-08-11T13:50:21.464225 ] INFO – : Started puppet class cache
initialization
I, [2017-08-11T13:50:21.471090 ] INFO – : Successfully initialized
'puppet_proxy_puppet_api'
I, [2017-08-11T13:50:21.471505 ] INFO – : Successfully initialized
'puppet'
D, [2017-08-11T13:50:21.471596 ] DEBUG – : Log buffer API initialized,
available capacity: 2000/1000
I, [2017-08-11T13:50:21.471645 ] INFO – : Successfully initialized 'logs'
I, [2017-08-11T13:50:21.483375 ] INFO – : WEBrick 1.3.1
I, [2017-08-11T13:50:21.483550 ] INFO – : ruby 2.0.0 (2015-12-16)
[x86_64-linux]
D, [2017-08-11T13:50:21.483994 ] DEBUG – : TCPServer.new(0.0.0.0, 8443)
D, [2017-08-11T13:50:21.484414 ] DEBUG – : TCPServer.new(::, 8443)
W, [2017-08-11T13:50:21.484595 ] WARN – : TCPServer Error: Address
already in use - bind(2)

But that doesn't change the fact, that for some reason I'm unable to access
API.

And as an addition to previous information:

'dhcp_isc' settings: 'config': /etc/dhcp/dhcpd.conf (default), 'key_name':
omapi_key, 'key_value':secret, 'leases': /var/lib/dhcpd/dhcpd.leases
(default), 'leases_file_observer': inotify_leases_file_observer,
'omapi_port': 7911, 'server': 127.0.0.1, 'subnets': [], 'use_provider':
dhcp_isc

Dne pátek 11. srpna 2017 13:58:07 UTC+2 Michal Hagara napsal(a):

Ok so I've managed to do it like this:

curl -kvs --cert /etc/puppetlabs/puppet/ssl/certs/foreman.test.com.pem
–key /etc/puppetlabs/puppet/ssl/private_keys/foreman.test.com.pem --cacert
/etc/puppetlabs/puppet/ssl/certs/ca.pem https://foreman.test.com:8443/dhcp

• About to connect() to foreman.test.com port 8443 (#0)
• Trying 192.168.10.77…
• Connected to foreman.test.com (192.168.10.77) port 8443 (#0)
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• skipping SSL peer certificate verification
• NSS: client certificate from file
• start date: Aug 03 07:05:44 2017 GMT
• expire date: Aug 03 07:05:44 2022 GMT
• common name: foreman.test.com
• issuer: CN=Puppet CA: foreman.test.com
• SSL connection using TLS_RSA_WITH_AES_128_GCM_SHA256
• Server certificate:
• start date: Aug 03 07:05:44 2017 GMT
• expire date: Aug 03 07:05:44 2022 GMT
• common name: foreman.test.com
• issuer: CN=Puppet CA: foreman.test.com
  > GET /dhcp HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: foreman.test.com:8443
  > Accept: /
  >
  < HTTP/1.1 200 OK
  < Content-Type: application/json
  < Content-Length: 104
  < X-Content-Type-Options: nosniff
  < Server:
  < Date: Fri, 11 Aug 2017 12:52:01 GMT
  < Connection: Keep-Alive
  <
• Connection #0 to host foreman.test.com left intact
  [{"network":"192.168.196.0.0","netmask":"255.255.255.0","options":{"range":["192.168.0.201","192.168.0.254"]}}]

Dne pátek 11. srpna 2017 14:29:04 UTC+2 Michal Hagara napsal(a):

Anyone?

> [{"network":"192.168.196.0.0","netmask":"255.255.255.0","options":{"range":["192.168.0.201","192.168.0.254"]}}]

This means DHCP proxy module now sees your network but I do not
understand why it reads non-sense:

192.168.196.0.0

It should be:

192.168.0.0

Have you manually edited this line? Show me your "subnets" declaration
in dhcpd.conf again.

Also what is your Subnet definition in Foreman? Verify your address,
netmask and reservation match what you have in dhcpd.conf. The range
is recommended to be set outside of your DHCP pool.

LZ