Foreman 3.X: foreman-installer custom-hiera not honouring DHCP options

ikonia · July 31, 2024, 11:19am

Problem:
foreman-installer is not honouring additional parameters for the DHCP puppet module used by the installer when set in custom hiera configuring a DHCP server on the foreman node. Specifically dhcp::dnsdomain
Expected outcome:
pass custom parameters from dhcp::dnsdomain set in custom hiera into foreman-dhcp puppet module used by foreman-installer to configure dhcp server as part of foreman install process.

Foreman and Proxy versions:

Foreman and Proxy plugin versions:
3.X
Distribution and version:
RHEL 9.4 / Rocky 9.4 (Assume all EL9)
Other relevant data:

setting forward and reverse domain names in custom-hiera as part of foreman installer as so

dhcp::dnsdomain:
      - forwardlocal.com
      - 100.168.192.in-addr.arpa

should configure a forward and reverse domain name in the dhcpd.conf file on the foreman node post install for DDNS updates, referencing other parameters that are honoured in custom-hiera. eg:

zone forwardlocal.com {
  primary 192.168.100.1;
  key DDNS_UPDATE;
}

zone 100.168.192.in-addr.arpa. {
  primary 192.168.100.1;
  key DDNS_UPDATE;
}

These entries are missing.

There is also a conflict as part of the install process where faster is overriding custom-hiera parameters,

eg: the dhcp.conf post install looks like this.

ddns-domainname "local";
ddns-rev-domainname "100.168.192.in-addr.arpa";

zone local. {
  primary 192.168.100.1;
  key no-dns-ddns-key;
}

in this example, facter is setting the zone ‘local’ despite custom-hiera specifying forward local.com and the reverse dns zone is totally missing.

If I pass in these parameters to the foreman-dhcp module outside of foreman-installer using a default common.yaml hiera file

dhcp::dnsdomain:
      - forwardlocal.com
      - 12.24.172.in-addr.arpa

the dhcpd.conf is mostly correctly set (facter is still overriding one parameters ddns-domainname) but the rest are correctly set and no parameters are missing, so foreman installer is not passing in these parameters correctly.

ddns-domainname "local";
ddns-rev-domainname "12.24.172.in-addr.arpa";

# Key from bind
include "/etc/bind/keys.d/test.key";
zone forwardlocal.com. {
  primary 10.0.1.20;
  key no-dns-ddns-key;
}
zone 12.24.172.in-addr.arpa. {
  primary 10.0.1.20;
  key no-dns-ddns-key;
}

ekohl · July 31, 2024, 2:32pm

You can’t set parameters that are explicitly passed to a class. Looking at the code, dnsdomain is one of those.

github.com

theforeman/puppet-foreman_proxy/blob/6a3724ac984164f87c7968fa523a4e9e75e24408/manifests/proxydhcp.pp#L65-L75


      
          class { 'dhcp':
            dnsdomain     => $foreman_proxy::dhcp_option_domain,
            nameservers   => $nameservers,
            interfaces    => [$foreman_proxy::dhcp_interface] + $foreman_proxy::dhcp_additional_interfaces,
            pxeserver     => $ip,
            pxefilename   => $foreman_proxy::dhcp_pxefilename,
            ipxe_filename => $_dhcp_ipxefilename,
            omapi_name    => $foreman_proxy::dhcp_key_name,
            omapi_key     => $foreman_proxy::dhcp_key_secret,
            conf_dir_mode => $conf_dir_mode,
          }

Looks like you need to use --foreman-proxy-dhcp-option-dnsdomain to set it. Repeat it to set multiple values.

You pasted the dhcp::dnsdomain but I think you intended to show the dhcp::ddns_domainname and dhcp::ddns_rev_domainname parts.

ikonia · July 31, 2024, 7:56pm

ahh, so the foreman installer sets that as part of the class, where in my ‘outside of foreman’ example I didn’t set it in the class so the hiera options are taken in. That’s hugely helpful, I couldn’t see why the installed ignored it, but outside the installer worked.

I actually (I think) did mean to use dhcp::dnsdomain, as from my reading that’s what set the ‘zone’ part of the dhcpd.conf, but now that you’ve commented on it, I will double check, so thank you

ikonia · August 1, 2024, 12:39pm

unless I’m misreading this dhcp::dnsdomain is what’s used in the dhcpd.conf ERB template to set the zone update and key for the DDNS forward and reverse zones.

# Key from bind
<% if @dnsupdatekey and !@dnsupdatekey.empty? -%>
include "<%= @dnsupdatekey %>";
<% end -%>
<% @dnsdomain.each do |dom| -%>
zone <%= dom %>. {
  primary <%= @dnsupdateserver_real %>;
<% if @dnsupdatekey and !@dnsupdatekey.empty? -%>
  key <%= @dnskeyname%>;
<% end -%>

the dhcp::ddns_domainname & `dhcp::ddns_rev_domainname are correct though, I’d missed that they where being used to set the

ddns-domainname and ddns-rev-domainname params in the dhcpd.conf

An interesting spot on using --foreman-proxy-dhcp-option-dnsdomain I hadn’t realised this could be used in this way, so I’ll give this a test today.

ikonia · August 1, 2024, 1:32pm

a minor typo in your response when I was testing, the correct answer is --foreman-proxy-dhcp-option-domain but it was an easy find and your post put helped me find what I’d missed when browsing the code. Great spot @ekohl this really opened up my config with the installer. Thank you