Dhcp smart proxy with isc dhcp 4.2.5 and 4.3.5

Christian_Froestl · November 2, 2016, 2:00pm

Hi all,

I like to set up a foreman in our environment to realize a new provisioning
structure. Therefore I like to use the following smart proxies: tftp,dns,
dhcp and realm.
Right now, the dns and realm proxy works great, but I have some trouble
with the dhcp proxy.
I am using isc dhcpd in version 4.3.5 at the moment, but same iussues with
4.2.5.

problem description:
I have configured dhcpd smart proxy, via ssl, so i can connect to dhcp
smart proxy with a gui
https://foreman.example.com:8443/dhcp/172.16.4.0

Right now, I have no active reservations.
GUI:

{"reservations":[],"leases":[]}

dhcpd.leases~:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";

dhcpd.leases:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";

If I add a new host within the foreman gui, the new host will automatically
added to dhcpd config dhcpd.leases and the host will be successfully added
in foreman, but I can not see the update in the smart proxy gui.

GUI:

{"reservations":[],"leases":[]}

dhcpd.leases~:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";

dhcpd.leases:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";
host ervin-strini.example.com {
dynamic;
hardware ethernet 08:00:27:91:db:83;
fixed-address 172.16.4.16;
supersede server.filename = "pxelinux.0";
supersede server.next-server = ac:10:04:23;
supersede host-name = "ervin-strini.example.com";
}

If I now try to delete the host, the smart-proxy cannot delete the host,
because it is not found.
I, [2016-11-02T14:32:27.839325 #19788] INFO – : 172.16.4.35 - -
[02/Nov/2016:14:32:27 +0100] "DELETE /
dhcp/172.16.4.0/08:00:27:91:db:83 HTTP/1.1" 404 50 0.0015

If I now restart the dhcpd service the config will be written to
dhcpd.leases~.

dhcpd.leases~:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";
host ervin-strini.example.com {
dynamic;
hardware ethernet 08:00:27:91:db:83;
fixed-address 172.16.4.16;
supersede server.filename = "pxelinux.0";
supersede server.next-server = ac:10:04:23;
supersede host-name = "ervin-strini.example.com";
}

dhcpd.leases:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";
host ervin-strini.example.com {
dynamic;
hardware ethernet 08:00:27:91:db:83;
fixed-address 172.16.4.16;
supersede server.filename = "pxelinux.0";
supersede server.next-server = ac:10:04:23;
supersede host-name = "ervin-strini.example.com";
}

After restarting the foreman-proxy, I can see the dhcpd Config in the smart
proxy gui:

{"reservations":[{"hostname":"ervin-strini.example.com","ip":"172.16.4.16","mac":"08:00:27:91:db:83"}],"leases":[]}

If I now delete the host in foreman, the DELETE call will run successfully and the dhcpd.leases added the entry "deleted". But the entry in the gui is still existing.

I, [2016-11-02T14:41:02.909534 #20924] INFO – : 172.16.4.35 - - [02/Nov/2016:14:41:02 +0100] "DELETE /dhcp/172.16.4.0/08:00:27:91:db:83 HTTP/1.1" 200 - 0.0603

GUI:

{"reservations":[{"hostname":"ervin-strini.example.com","ip":"172.16.4.16","mac":"08:00:27:91:db:83"}],"leases":[]}

dhcpd.leases

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
host ervin-strini.example.com {
dynamic;
hardware ethernet 08:00:27:91:db:83;
fixed-address 172.16.4.16;
supersede server.filename = "pxelinux.0";
supersede server.next-server = ac:10:04:23;
supersede host-name = "ervin-strini.example.com";
}
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";
host ervin-strini.example.com {
dynamic;
deleted;
}

If I now try to readd the host in foreman, it cannot be created because of
a duplicate entry in dhcpd.

After restarting foreman-proxy the GUI will list the correct values, that
no host has a lease.
GUI:

{"reservations":[],"leases":[]}

After restarting dhcpd the dhcpd.leases changed to

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";

and the dhcpd.leases~ changed to:

authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;
host ervin-strini.example.com {
dynamic;
hardware ethernet 08:00:27:91:db:83;
fixed-address 172.16.4.16;
supersede server.filename = "pxelinux.0";
supersede server.next-server = ac:10:04:23;
supersede host-name = "ervin-strini.example.com";
}
server-duid "\000\001\000\001\037\253\024\317\010\000'9\011w";
host ervin-strini.example.com {
dynamic;
deleted;
}

Now I can recreate the host and get automatically a new IP provided by the
dhcpd.
Why I have to restart all services after each entry or delete to have a
working setup?

My setup:
dhcpd runs on host ipa01. foreman runs on host foreman.
dhcp directory from ipa01 is mounted via nfs to foreman on /mnt/ipa01/dhcp

[root@foreman:/mnt/ipa01/dhcp ] $ ll
total 16
drwxrwxr-x 2 root foreman-proxy 35 Mar 10 2016 dhclient.d
-rwxrwxr-x 1 root foreman-proxy 120 Nov 19 2015 dhcpd6.conf
-rwxrwxr-x 1 root foreman-proxy 1550 Nov 2 12:22 dhcpd.conf
-rw-r–r-- 1 root root 556 Nov 2 14:44 dhcpd.leases
-rw-r–r-- 1 root root 612 Nov 2 14:41 dhcpd.leases~
[root@foreman:/mnt/ipa01/dhcp ] $

dhcp.yml

···

--- :enabled: true :use_provider: dhcp_isc :server: 172.16.4.32 :subnets: - 172.16.4.0/255.255.255.0

dhcp_isc.yml

:config: /mnt/ipa01/dhcp/dhcpd.conf
:leases: /mnt/ipa01/dhcp/dhcpd.leases
:key_name: omapi-key
:key_secret:
:omapi_port: 7911

dhcpd.conf on ipa01

Configuration file for ISC dhcpd instance on kahn.dev.iathh

lease-file-name “/etc/dhcp/dhcpd.leases”;

DDNS settings

ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;
omapi-port 7911;
key omapi-key {
algorithm hmac-md5;
secret ;
}
omapi-key omapi-key;
log-facility local0;

subnet declaration

subnet 172.16.4.0 netmask 255.255.255.0 {
option routers 172.16.4.1;
option subnet-mask 255.255.255.0;
option domain-name “example.com”;
option domain-name-servers 172.16.4.32;
option ntp-servers 172.16.4.1;
range dynamic-bootp 172.16.4.100 172.16.4.200;
default-lease-time 21600;
max-lease-time 43200;
}

OS: CentOS 7.2.1511
Kernel: 3.10.0
Foreman Version: 1.13.1

Dominic_Cleal2 · November 3, 2016, 9:19am

I think the issue is using NFS to share the leases file - if you're
running foreman-proxy on a different server and using NFS to access the
leases, foreman-proxy will be unable to monitor for changes in the lease
file via inotify.

You could file a feature request for some other type of monitoring for
NFS, e.g. mtime based, but it wouldn't be as reliable as running the
foreman-proxy process on the same server as the DHCP daemon.

Regarding your second post to this mailing list, please don't repost
within a day.

···

On 02/11/16 14:00, Christian Froestl wrote: > Why I have to restart all services after each entry or delete to have a > working setup? > > My setup: > dhcpd runs on host ipa01. foreman runs on host foreman. > dhcp directory from ipa01 is mounted via nfs to foreman on /mnt/ipa01/dhcp

–
Dominic Cleal
dominic@cleal.org