Foreman-Proxy + DHCP Failover

llxp · August 17, 2020, 1:51pm

Problem:
I have one foreman instance and two isc-dhcp servers working in failover mode, sharing config using an nfs server.
I would like to use foreman-proxy to control both of the dhcpd servers to create the static leases, pxe file, etc.
I see here two ways of doing it:

Deploy one foreman-proxy instance on the foreman node and edit settings to control both dhcpd servers using remote-isc plugin.
Deploy two foreman-proxy instances on the dhcp nodes. And integrate them into the foreman instance.
Install Foreman-Proxy on both dhcp nodes with the default isc-dhcp (wipe installed isc-dhcp first) included in the foreman-installer. (and configure for high availability)

Is here anyone, who knows, how to configure the smartproxy in one of these ways, to support the control of both dhcp servers? (Using e.g. foreman-installer -i)

Expected outcome:
Control of both dhcp servers using foreman-proxy

Foreman and Proxy versions:
Foreman 2.1
Forean-Proxy 2.1 (?, included in the installer)

Foreman and Proxy plugin versions:
default/included in the installer

Distribution and version:
CentOS 8
dhcpd 4.3.6 (dnf install)

Other relevant data:

My current dhcpd configuration of both nodes is uploaded on the following gist:

gist.github.com

https://gist.github.com/llxp/ae88011d47f6b5d26b2ecd13c85b43b8

dhcpd.conf

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

# Set DNS name and DNS server's IP address or hostname
option domain-name            "domain-name.example.com";
option domain-name-servers    172.22.24.21, 172.22.24.22;

This file has been truncated. show original

gistfile1.txt

# subnet definition
subnet 172.22.24.0 netmask 255.255.255.0 {
    pool {
        # Range of IP addresses to allocate
        range 172.22.24.240 172.22.24.250;
        failover peer "failover-peer";
    }
    # Provide broadcast address
    option broadcast-address 172.22.24.255;
    # Set default gateway

This file has been truncated. show original

If this is a feature included in the newest build (2.2, nightly) please give a hint.

lzap · August 18, 2020, 2:35pm

If your config is shared, why would you want to manage both DHCP servers? Manage just one, the other will see the up-to-date data. The same goes for TFTP (it is just a folder on disk).

Or explain what exactly are you trying to achieve. Don’t understand.

llxp · August 18, 2020, 3:02pm

Thank you for your reply.

My Goal is to have a high available DHCP Server, which I can control using the smartproxy. But for this to Work I would either need

two smartproxies (in the DHCP Server itself installed), individually controlling one DHCP server or
one smartproxy, which would be capable of controlling both dhcp servers.

The Problem I see, is, that I would need to control the First and the second dhcp server as well, from the smartproxy, because all omapi calls to the first would fail, If the first dhcp server fails/is down.
At least If I choose the option to install only one smartproxy, the smartproxy would then need to be able to have both hosts registered to use the omapi port on both servers.

lzap · August 20, 2020, 7:16am

True. Well, we don’t have anything that can help you in this situation. Maybe some heartbeat with IP switchover? I think that’s an overkill for DHCP tho.

ekohl · August 27, 2020, 4:50pm

The installer does have support for setting up DHCP failover, though I have no personal experience with it. I’d recommend looking at foreman-installer --full-help. There’s some --foreman-proxy-dhcp-failover parameters.