Foreman does not add DNS records on New Host

Support
1

Hi All,

I have Foreman managing DNS via smart proxy on my DNS server.

When i create a 'New Host', Foreman creates the Openstack Instance just
fine, but times-out with SSH trying to resolve the new FQDN prior to
provisioning with the Error:
'Unable to save
Failed to get IP for test2.stack: The specified wait_for timeout (600
seconds) was exceeded'

On further inspection, Foreman is not calling the smart proxy:

  1. nsupdate -k on the DNS server, and from the Foreman server creates
    the DNS record correctly.
    /var/log/syslog:
    Jan 21 06:28:28 mydns named[825]: client 10.0.0.3#32705: updating zone
    'stack/IN': adding an RR at 'test2.stack' A

  2. calling the smart proxy API from Foreman using curl also creates the
    DNS record correctly.
    curl -i -d "fqdn=test2.stack&value=10.0.0.4&type=A"
    https://mydns.stack:8443/dns/ --insecure
    /var/log/foreman-proxy/foreman-proxy.log:
    D, [2014-01-21T06:28:28.163191 #910] DEBUG – : running
    /usr/bin/nsupdate -k /etc/bind/rndc.key
    D, [2014-01-21T06:28:28.165608 #910] DEBUG – : nsupdate: executed -
    server 10.0.0.3
    D, [2014-01-21T06:28:28.173745 #910] DEBUG – : nsupdate: executed -
    update add test2.stack. 86400 A 10.0.0.4

  3. with the smart proxy in 'debug' logging, there is no record of
    Foreman attempting an API request to make a DNS record.

SSL certs on mydns.stack have been generated, and are accessible to
foreman-proxy.

all required domains resolve using the DNS server: foreman.stack
(10.0.0.2), mydns.stack (10.0.0.3)

i'm not using floating_ip's in Openstack - all created Instances have IP's
are on my local network.

Foreman server also has foreman-proxy configured to deal with Puppet,
Puppet CA, and TFTP.

Both smart proxies are added to Foreman, with mydns.stack is added to the
'stack' domain and used when creating a 'New Host'.

here is my foreman-proxy.conf from mydns.stack: (some commented options
removed to make it more readable)

··· --- # SSL Setup :ssl_certificate: /var/lib/puppet/ssl/certs/mydns.stack.pem :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/mydns.stack.pem

#:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain

enable the daemon to run in the background

:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid

port used by the proxy

:port: 8443

Enable TFTP management

:tftp: false

Enable DNS management

:dns: true
:dns_key: /etc/bind/rndc.key

use this setting if you are managing a dns server which is not localhost

though this proxy
:dns_server: 10.0.0.3

Enable DHCP management

:dhcp: false

The vendor can be either isc or native_ms

:dhcp_vendor: isc

enable PuppetCA management

:puppetca: false
:ssldir: /var/lib/puppet/ssl
:puppetdir: /etc/puppet

enable Puppet management

:puppet: false
#:puppet_conf: /etc/puppet/puppet.conf

Where our proxy log files are stored

filename or STDOUT

:log_file: /var/log/foreman-proxy/foreman-proxy.log

valid options are

WARN, DEBUG, Error, FATAL, INFO, UNKNOWN

:log_level: DEBUG

any input would be greatly appreciated - i feel like i’m missing something
really obvious here!

2

Hi there,

Sadly, you're hitting an open issue - Foreman currently requires that you
select a floating IP network to get an IP from, which is then used for SSH
connectivity. Because it uses the Fog method which retrieves only
requested floating_ip_addresses, it won't notice ones on the same range
that weren't requested.

If you're feeling brave, you could update to Foreman 1.4rc1 and then test
out my patch to lift this restriction, which you can find at [1]. Obviously
I can't recommend doing this in production, but if you have a test area
which you are happy to break, I'd love feedback on the patch.

Thanks,
Greg

[1]https://github.com/theforeman/foreman/pull/1149

3

Hi Greg,

thanks for the feedback - we'd come to this conclusion already after
sniffing around the code after i posted.

as soon as i re-added the floating IP's, it all worked.

i'd love to help out and give 1.4rc1 a try, but i dont have a testing
environment setup.

cheers!
rowy.

··· On Tuesday, January 21, 2014 5:41:25 PM UTC+8, Greg Sutcliffe wrote: > > Hi there, > > Sadly, you're hitting an open issue - Foreman currently requires that you > select a floating IP network to get an IP from, which is then used for SSH > connectivity. Because it uses the Fog method which retrieves *only* > requested floating_ip_addresses, it won't notice ones on the same range > that weren't requested. > > If you're feeling brave, you could update to Foreman 1.4rc1 and then test > out my patch to lift this restriction, which you can find at [1]. Obviously > I can't recommend doing this in production, but if you have a test area > which you are happy to break, I'd love feedback on the patch. > > Thanks, > Greg > > [1]https://github.com/theforeman/foreman/pull/1149 >