Problem:
I’m running Foreman, ISC DHCPD and Smart Proxy on one libvirt host and cannot get the Proxy to invoke nsupdate to update a remote BIND server. There are no log entries of nsupdate attempts from the Proxy.
Expected outcome:
BIND nsupdate to be issued by the proxy to remote server.
Foreman and Proxy versions:
1.21.2 with proxy functions TFTP, Puppet, Puppet CA, Logs, Dynflow, SSH, DNS, and DHCP
Foreman and Proxy plugin versions:
foreman-tasks 0.14.5
foreman_ansible 2.3.3
foreman_cockpit 2.0.3
foreman_default_hostgroup 5.0.0
foreman_dhcp_browser 0.0.8
foreman_remote_execution 1.7.0
foreman_setup 6.0.0
Other relevant data:
Foreman was installed via Debian Repositories and configured using foreman-installer.
Version: Foreman 1.21.2
Host Environment: KVM/libvirt
Host OS: Debian 9.8
Turning on DEBUG level logging on the the proxy, I do not get any further log entries concerning nsupdate invocation, but the initialization log entries lead me to believe the configuration should allow for nsupdate invocation.
As the foreman-proxy user, I can succesfully manually run nsupdate with the key configured in dns_nsupdate.yml.
grep dns /var/log/foreman-proxy/proxy.log
2019-04-27T07:22:21 [D] 'dns' settings: 'dns_ttl': 86400 (default), 'enabled': https, 'use_provider': dns_nsupdate (default)
2019-04-27T07:22:21 [D] 'dns' ports: 'http': false, 'https': true
2019-04-27T07:22:21 [D] 'tftp' settings: 'enabled': https, 'tftp_connect_timeout': 10 (default), 'tftp_dns_timeout': 10 (default), 'tftp_read_timeout': 60 (default), 'tftproot': /srv/tftp
2019-04-27T07:22:21 [D] Providers ['dns_nsupdate'] are going to be configured for 'dns'
2019-04-27T07:22:21 [D] 'dns_nsupdate' settings: 'dns_key': /etc/bind/foreman.key, 'dns_server': ns0.mydomain, 'dns_ttl': 86400, 'use_provider': dns_nsupdate
2019-04-27T07:22:21 [I] Successfully initialized 'dns_nsupdate'
2019-04-27T07:22:21 [I] Successfully initialized 'dns'
grep dns /etc/foreman-installer/scenarios.d/foreman-answers.yaml
dns: true
dns_listen_on: https
dns_managed: true
dns_provider: nsupdate
dns_interface: enp8s0
dns_zone: free2air.net
dns_reverse:
dns_server: ns0.mydomain
dns_ttl: 86400
dns_tsig_keytab: "/etc/foreman-proxy/dns.keytab"
dns_tsig_principal: foremanproxy/foreman.mydomain@MYDOMAIN
dns_forwarders: []
freeipa_remove_dns: true
dns_alt_names: []
foreman_proxy::plugin::dns::infoblox: false
foreman_proxy::plugin::dns::powerdns: false
cat /etc/foreman-proxy/settings.d/dns.yml
---
# DNS management
:enabled: https
:use_provider: dns_nsupdate
cat /etc/foreman-proxy/settings.d/dns_nsupdate.yml
---
#
# Configuration file for 'nsupdate' dns provider
#
:dns_key: /etc/bind/foreman.key
:dns_server: ns0.mydomain
grep log /etc/foreman-proxy/settings.yml
# Uncomment and modify if you want to change the location of the log file or use STDOUT or SYSLOG values
:log_file: /var/log/foreman-proxy/proxy.log
# Uncomment and modify if you want to change the log level
:log_level: DEBUG
# The maximum size of a log file before it's rolled (in MiB)
# The maximum age of a log file before it's rolled (in seconds). Also accepts 'daily', 'weekly', or 'monthly'.
# Number of log files to keep
# Logging pattern for file-based loging
#:file_logging_pattern: '%d %.8X{request} [%.1l] %m'
# Logging pattern for syslog or journal loging
#:system_logging_pattern: '%.8X{request} [%.1l] %m'
:log_buffer: 2000
:log_buffer_errors: 1000
Thanks in advance for any suggestions or tips to investigate this further!
Adam.