Hello all,
after a long journey, I have merged External IPAM support into Foreman core. This work made by @grizzthedj defines an IPAM Smart Proxy API which allows Foreman to allocate IPv4 and IPv6 addresses from an external authority. There is currently no module in Smart Proxy core, there is an “incubating” plugin and reference implementation for phpIPAM. Long term goal would be to have some implementations battle tested and then we can select some of them to be shipped with smart proxy - in that case we would do common extenralipam plugin and providers similarly to what we have today for other features.
To use this feature, install Smart Proxy phpIPAM (https://github.com/grizzthedj/smart_proxy_ipam - the project name is a bit off it should be smart_proxy_phpipam), refresh features of the proxy, select External IPAM when creating new Subnet, then pick External IPAM Smart Proxy on the Proxies tab.
That’s all, when creating new host, Foreman will request new IP through the API. Implementations must cache pre-allocated IP addresses in cache for some time to prevent race conditions, this code should move to common code in proxy so this don’t need to be duplicated.
There’s been some confusion around IPAM in Foreman, so I have put this into our documentation.
-
DHCP: the DHCP {SmartProxy} manages the assignment of IP addresses by finding the next available IP address starting from the first address of the range skipping all addresses that are reserved. Before assigning an IP address, {SmartProxy} sends an ICMP and TCP ping to verify whether the IP address is in use. {SmartProxy} DHCP module retains offered IP addresses for short period of time to prevent collisions during concurrent access, therefore temporary “holes” in the IP range can exist.
-
Internal DB: {Project} finds next available IP address from the Subnet range excluding all IP addresses from the {Project} database in sequence. Primary source of data is the database, not DHCP reservations. This IPAM is not safe when multiple hosts are being created in parallel, in that case use DHCP or Random DB IPAM instead.
-
Random DB: {Project} finds next available IP address from the Subnet range excluding all IP addresses from the {Project} database randomly. Primary source of data is the database, not DHCP reservations. This IPAM is safe to use with concurrent host creation as IP addresses are returned in random order minimizing chance of a conflict.
-
EUI-64: Extended Unique Identifier (EUI) 64bit IPv6 address generation, as per RFC2373, is obtained through the 48-bit MAC address.
-
External IPAM: Delegate IPAM to an external system through {SmartProxy} feature. {Project} currently does not ship with any external IPAM implementations, several plugins are in development.
We will show it how it works on the next demo. If you intend to create new implementation let us know so we can coordinate efforts to create a common smart proxy plugin just in time. Thanks to @grizzthedj for lot of work on this!