[E] Disabling all modules in the group ['dhcp_isc', 'dhcp']

Problem:
when try to install the installer

foreman-installer
–enable-foreman-proxy
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=$FM_DPL_IFACE_IP
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=$FM_DPL_IFACE
–foreman-proxy-dhcp-gateway=$FM_DEFAULT_GATEWAY
–foreman-proxy-dhcp-range="$FM_DPL_NW_DHCP_START_IP $FM_DPL_NW_DHCP_END_IP"
–foreman-proxy-dhcp-nameservers="$FM_DPL_IFACE_IP"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=$IFACE
–foreman-proxy-dns-zone=localdomain
–foreman-proxy-dns-reverse=$DNS_REVERSE
–foreman-proxy-foreman-base-url=https://$FM_HOSTNAME
–foreman-proxy-oauth-consumer-key=$OAUTH_KEY
–foreman-proxy-oauth-consumer-secret=$OAUTH_SECRET
–foreman-configure-epel-repo=false
–foreman-configure-scl-repo=false

i am getting below error
Proxy abc.localdomain has failed to load one or more features (DHCP), check /var/log/foreman-proxy/proxy.log for configuration errors

under /var/log/foreman-proxy/proxy.log
------- Disabling all modules in the group [‘dhcp_isc’, ‘dhcp’] due to a failure in one of them: File at ‘/etc/dhcp/dhcpd.conf’ defined in ‘config’ parameter doesn’t exist or is unreadable

Expected outcome:
Ok
Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:
foreman-installer-2.1.3
Centos - 7.8
Other relevant data:

Hello,
Looks like the fix for Bug #30489: CVE-2020-14335 world-readable OMAPI secret - Installer - Foreman in 2.1.3 was incorrect and causes this issue. We’ve opened Bug #30962: dhcpd.conf file-ACLs are reset - Installer - Foreman to track fixing it properly. As a workaround you should allow the foreman-proxy user access to read /etc/dhcp/dhcpd.conf using ACL.

still getting the same error , below are the permission set

[root@abc ~]# ls -tlr /etc/dhcp/dhcpd.conf
-rw-r-----+ 1 root root 1633 Oct  5 03:21 /etc/dhcp/dhcpd.conf
[root@abc ~]# getfacl /etc/dhcp/dhcpd.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/dhcp/dhcpd.conf
# owner: root
# group: root
user::rw-
user:foreman-proxy:r--
group::r--
mask::r--
other::---

can you share getfacl /etc/dhcp as well?

[root@abc ~]# setfacl -m "u:foreman-proxy:r--" /etc/dhcp/
[root@abc ~]# getfacl /etc/dhcp/
getfacl: Removing leading '/' from absolute path names
# file: etc/dhcp/
# owner: root
# group: foreman-proxy
user::rwx
user:foreman-proxy:r-x
group::r-x
mask::r-x
other::r-x

Permissions seem to be fine. What are you doing when running into the error again?

i have been trying to run the command,
foreman-installer
–enable-foreman-proxy
–foreman-proxy-tftp=true
–foreman-proxy-tftp-servername=$FM_DPL_IFACE_IP
–foreman-proxy-dhcp=true
–foreman-proxy-dhcp-interface=$FM_DPL_IFACE
–foreman-proxy-dhcp-gateway=$FM_DEFAULT_GATEWAY
–foreman-proxy-dhcp-range="$FM_DPL_NW_DHCP_START_IP $FM_DPL_NW_DHCP_END_IP"
–foreman-proxy-dhcp-nameservers="$FM_DPL_IFACE_IP"
–foreman-proxy-dns=true
–foreman-proxy-dns-interface=$IFACE
–foreman-proxy-dns-zone=localdomain
–foreman-proxy-dns-reverse=$DNS_REVERSE
–foreman-proxy-foreman-base-url=https://$FM_HOSTNAME
–foreman-proxy-oauth-consumer-key=$OAUTH_KEY
–foreman-proxy-oauth-consumer-secret=$OAUTH_SECRET

[root@localhost ~]# foreman-installer --enable-foreman-proxy --foreman-proxy-tftp=true --foreman-proxy-tftp-servername=$FM_DPL_IFACE_IP --foreman-proxy-dhcp=true --foreman-proxy-dhcp-interface=$FM_DPL_IFACE --foreman-proxy-dhcp-gateway=$FM_DEFAULT_GATEWAY --foreman-proxy-dhcp-range="$FM_DPL_NW_DHCP_START_IP $FM_DPL_NW_DHCP_END_IP" --foreman-proxy-dhcp-nameservers="$FM_DPL_IFACE_IP" --foreman-proxy-dns=true --foreman-proxy-dns-interface=$FM_DPL_IFACE --foreman-proxy-dns-zone=localdomain --foreman-proxy-dns-reverse=$DNS_REVERSE --foreman-proxy-foreman-base-url=https://$FM_HOSTNAME --foreman-proxy-oauth-consumer-key=$OAUTH_KEY --foreman-proxy-oauth-consumer-secret=$OAUTH_SECRET
Proxy abc.localdomain has failed to load one or more features (DHCP), check /var/log/foreman-proxy/proxy.log for configuration errors
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:70:in validate_features!' /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:59:in refresh_features!’
/usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:48:in features=' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:195:in call_provider’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:506:in set' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:568:in sync’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:239:in sync' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:in sync_if_needed’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:88:in block in perform_changes' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:87:in each’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:87:in perform_changes' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:in evaluate’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:259:in apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:279:in eval_resource’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:183:in call' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:183:in block (2 levels) in evaluate’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.4.0/benchmark.rb:308:in realtime’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:183:in block in evaluate’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:121:in traverse' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:173:in evaluate’
/opt/theforeman/tfm/root/usr/share/gems/gems/kafo-4.1.0/modules/kafo_configure/lib/puppet/parser/functions/add_progress.rb:30:in evaluate_with_trigger' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:239:in block (2 levels) in apply’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.4.0/benchmark.rb:308:in realtime’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:238:in block in apply’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:161:in with_destination' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/report.rb:146:in as_logging_destination’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:237:in apply' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:182:in block (2 levels) in apply_catalog’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:518:in block in thinmark' /opt/puppetlabs/puppet/lib/ruby/2.4.0/benchmark.rb:308:in realtime’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:517:in thinmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:181:in block in apply_catalog’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:231:in block in benchmark' /opt/puppetlabs/puppet/lib/ruby/2.4.0/benchmark.rb:308:in realtime’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:230:in benchmark' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:180:in apply_catalog’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:382:in run_internal' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:230:in block in run’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:263:in override’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/configurer.rb:207:in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:355:in apply_catalog’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:280:in block (2 levels) in main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in override’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:263:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:280:in block in main’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in override' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:263:in override’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:233:in main' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:174:in run_command’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in block in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:689:in exit_on_fail’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:375:in run' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:139:in run’
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:77:in execute' /opt/puppetlabs/puppet/bin/puppet:5:in ’
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[abc.localdomain]/features: change from [“DNS”, “HTTPBoot”, “Logs”, “Puppet”, “Puppet CA”, “TFTP”] to [“DHCP”, “DNS”, “HTTPBoot”, “Logs”, “Puppet”, “Puppet CA”, “TFTP”] failed: Proxy abc.localdomain has failed to load one or more features (DHCP), check /var/log/foreman-proxy/proxy.log for configuration errors
Installing Done [100%] […]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/foreman-installer/foreman.log

It’s possible that the installer is overriding the permissions you set manually, can you check if they are still the same after the installer finishes running?

 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[abc.localdomain]/features: change from ["DNS", "HTTPBoot", "Logs", "Puppet", "Puppet CA", "TFTP"] to ["DHCP", "DNS", "HTTPBoot", "Logs", "Puppet", "Puppet CA", "TFTP"] failed: Proxy abc.localdomain has failed to load one or more features (DHCP), check /var/log/foreman-proxy/proxy.log for configuration errors
Installing             Done                                               [100%] [.....................................................................................]
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/foreman-installer/foreman.log
[root@localhost ~]# getfacl /etc/dhcp/
getfacl: Removing leading '/' from absolute path names
# file: etc/dhcp/
# owner: root
# group: foreman-proxy
user::rwx
user:foreman-proxy:r-x
group::r-x
mask::r-x
other::r-x

[root@localhost ~]# getfacl /etc/dhcp/dhcpd.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/dhcp/dhcpd.conf
# owner: root
# group: root
user::rw-
user:foreman-proxy:r-x          #effective:r--
group::r--
mask::r--
other::---

permission seems to be correct

What if you try to start the proxy without the installer? do you still get the same error?

[root@abc ~]# systemctl restart foreman-proxy
[root@abc ~]# systemctl status foreman-proxy
● foreman-proxy.service - Foreman Proxy
Loaded: loaded (/usr/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-10-05 04:53:40 PDT; 7s ago
Main PID: 495 (ruby)
Tasks: 12
CGroup: /system.slice/foreman-proxy.service
└─495 ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize

Oct 05 04:53:39 abc.localdomain systemd[1]: Starting Foreman Proxy…
Oct 05 04:53:40 abc.localdomain systemd[1]: Started Foreman Proxy.

re-runed the installer after restarting the proxy, now it executed successfully

Foreman-installer is installed but when checked in the GUI, smart-proxy, DHCP feature is not enabled and the issue is still "Disabling all modules in the group [‘dhcp_isc’, ‘dhcp’] due to a failure in one of them: File at ‘/etc/dhcp/dhcpd.conf’ defined in ‘config’ parameter doesn’t exist or is unreadable "