Hi All,
I have Foreman managing DNS via smart proxy on my DNS server.
When i create a 'New Host', Foreman creates the Openstack Instance just
fine, but times-out with SSH trying to resolve the new FQDN prior to
provisioning with the Error:
'Unable to save
Failed to get IP for test2.stack: The specified wait_for timeout (600
seconds) was exceeded'
On further inspection, Foreman is not calling the smart proxy:
-
nsupdate -k on the DNS server, and from the Foreman server creates
the DNS record correctly.
/var/log/syslog:
Jan 21 06:28:28 mydns named[825]: client 10.0.0.3#32705: updating zone
'stack/IN': adding an RR at 'test2.stack' A -
calling the smart proxy API from Foreman using curl also creates the
DNS record correctly.
curl -i -d "fqdn=test2.stack&value=10.0.0.4&type=A"
https://mydns.stack:8443/dns/ --insecure
/var/log/foreman-proxy/foreman-proxy.log:
D, [2014-01-21T06:28:28.163191 #910] DEBUG – : running
/usr/bin/nsupdate -k /etc/bind/rndc.key
D, [2014-01-21T06:28:28.165608 #910] DEBUG – : nsupdate: executed -
server 10.0.0.3
D, [2014-01-21T06:28:28.173745 #910] DEBUG – : nsupdate: executed -
update add test2.stack. 86400 A 10.0.0.4 -
with the smart proxy in 'debug' logging, there is no record of
Foreman attempting an API request to make a DNS record.
SSL certs on mydns.stack have been generated, and are accessible to
foreman-proxy.
all required domains resolve using the DNS server: foreman.stack
(10.0.0.2), mydns.stack (10.0.0.3)
i'm not using floating_ip's in Openstack - all created Instances have IP's
are on my local network.
Foreman server also has foreman-proxy configured to deal with Puppet,
Puppet CA, and TFTP.
Both smart proxies are added to Foreman, with mydns.stack is added to the
'stack' domain and used when creating a 'New Host'.
here is my foreman-proxy.conf from mydns.stack: (some commented options
removed to make it more readable)
···
--- # SSL Setup :ssl_certificate: /var/lib/puppet/ssl/certs/mydns.stack.pem :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/mydns.stack.pem#:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain
enable the daemon to run in the background
:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
port used by the proxy
:port: 8443
Enable TFTP management
:tftp: false
Enable DNS management
:dns: true
:dns_key: /etc/bind/rndc.key
use this setting if you are managing a dns server which is not localhost
though this proxy
:dns_server: 10.0.0.3
Enable DHCP management
:dhcp: false
The vendor can be either isc or native_ms
:dhcp_vendor: isc
enable PuppetCA management
:puppetca: false
:ssldir: /var/lib/puppet/ssl
:puppetdir: /etc/puppet
enable Puppet management
:puppet: false
#:puppet_conf: /etc/puppet/puppet.conf
Where our proxy log files are stored
filename or STDOUT
:log_file: /var/log/foreman-proxy/foreman-proxy.log
valid options are
WARN, DEBUG, Error, FATAL, INFO, UNKNOWN
:log_level: DEBUG
any input would be greatly appreciated - i feel like i’m missing something
really obvious here!