Foreman Proxy with MS DHCP

Having issues getting foreman fully communicating to a Windows 2008 R2
foreman-proxy. I can add the Smart Proxy on the foreman server and I see
the DNS and DHCP features. After that I start to have issues.

Before diving in, seems like the MS DHCP documentation is out of date.
RubyForge.org no longer exists and seems to be the only site hosting "Ruby
1.8.7 release 334". The link to rubyinstaller.org/downloads points to
rubyforge.org for release 334. Because of that, I am trying to use Ruby
1.8.7-p374 which might be the start of my problems.
Continuing with Ruby and Windows issues. My server doesn't have internet
access so I used the Wget method from the documentation which should have
the correct version of the gems. Is the --platform argument required? I
had issues with --platform, i went to the directory with the gems and
simply ran gem install * . Should mingw64 be used for W2K8 R2 since it is
only x64?

After adding the the smart proxy to foreman I can import a subnet, it has
the Network Address and Network mask but other information is missing. The
Scope options are explicitly set for this subnet, they're not global or
coming from a superscope. Is this normal?

When trying to create a new host that utilizes the DHCP server I get the
following error:
Create DHCP Settings for tsg05t.dev.local task failed with the following
error: ERF12-6899 [ProxyAPI::ProxyException]: Unable to set DHCP entry
([RestClient::BadRequest]: 400 Bad Request) for proxy
https://test1.dev.local:8443/dhcp

On the Windows server(test1.dev.local) the proxy was able to setup the DHCP
reservation with the correct settings. There are some error in the
proxy.log.

10.99.0.189 - - [22/Jul/2014 16:25:49] "GET /dhcp HTTP/1.1" 200 101 0.2184
puppet.dev.local - - [22/Jul/2014:16:25:49 Central Daylight Time] "GET
/dhcp HTTP/1.1" 200 101

  • -> /dhcp
    10.99.0.189 - - [22/Jul/2014 16:26:26] "GET /dhcp HTTP/1.1" 200 101 0.1872
    puppet.dev.local - - [22/Jul/2014:16:26:26 Central Daylight Time] "GET
    /dhcp HTTP/1.1" 200 101
  • -> /dhcp
    10.99.0.189 - - [22/Jul/2014 16:31:48] "GET /dhcp HTTP/1.1" 200 101 0.1872
    puppet.dev.local - - [22/Jul/2014:16:31:48 Central Daylight Time] "GET
    /dhcp HTTP/1.1" 200 101
  • -> /dhcp
    10.99.0.189 - - [22/Jul/2014 16:44:16] "GET
    /dhcp/10.99.1.0/unused_ip?mac=0050560101a5&from=10.99.1.51&to=10.99.1.99
    HTTP/1.1" 200 19 1.7316
    puppet.dev.local - - [22/Jul/2014:16:44:14 Central Daylight Time] "GET
    /dhcp/10.99.1.0/unused_ip?mac=0050560101a5&from=10.99.1.51&to=10.99.1.99
    HTTP/1.1" 200 19
  • ->
    /dhcp/10.99.1.0/unused_ip?mac=0050560101a5&from=10.99.1.51&to=10.99.1.99
    E, [2014-07-22T16:45:23.009895 #2220] ERROR – : Record
    10.99.1.0/00:50:56:01:01:a5 not found
    10.99.0.189 - - [22/Jul/2014 16:45:23] "GET
    /dhcp/10.99.1.0/00:50:56:01:01:a5 HTTP/1.1" 404 44 0.3588
    puppet.dev.local - - [22/Jul/2014:16:45:22 Central Daylight Time] "GET
    /dhcp/10.99.1.0/00:50:56:01:01:a5 HTTP/1.1" 404 44
  • -> /dhcp/10.99.1.0/00:50:56:01:01:a5
    E, [2014-07-22T16:45:23.493495 #2220] ERROR – : Record
    10.99.1.0/10.99.1.51 not found
    10.99.0.189 - - [22/Jul/2014 16:45:23] "GET /dhcp/10.99.1.0/10.99.1.51
    HTTP/1.1" 404 37 0.3432
    puppet.dev.local - - [22/Jul/2014:16:45:23 Central Daylight Time] "GET
    /dhcp/10.99.1.0/10.99.1.51 HTTP/1.1" 404 37
  • -> /dhcp/10.99.1.0/10.99.1.51
    E, [2014-07-22T16:45:25.115898 #2220] ERROR – : Netsh failed:

Changed the current scope context to 10.99.1.0 scope.

The specified option does not exist.

E, [2014-07-22T16:45:25.115898 #2220] ERROR – : Unknown error while
processing ''
10.99.0.189 - - [22/Jul/2014 16:45:25] "POST /dhcp/10.99.1.0 HTTP/1.1" 400
33 1.0296
puppet.dev.local - - [22/Jul/2014:16:45:23 Central Daylight Time] "POST
/dhcp/10.99.1.0 HTTP/1.1" 400 33

  • -> /dhcp/10.99.1.0

How can I determine what the non existent option is? Do I need to change
anything else in my config to get this working?

Also having issues with the "Suggest new" function when creating a new
host.

Its having an issue with the SDRF token authenticity. Here is the output
from production.log

Started POST "/subnets/freeip" for 10.99.0.189 at 2014-07-23 13:27:03 -0500
Processing by SubnetsController#freeip as JSON
Parameters: {"subnet_id"=>"4", "host_mac"=>"00:50:56:01:01:a5"}
WARNING: Can't verify CSRF token authenticity
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 8ms (Views: 0.2ms | ActiveRecord: 1.5ms)

Made progress. I was able to see the commands being passed to the OS from
foreman-proxy by going into settings.yml and changing :log_level: ERROR to
:log_level: DEBUG. Recreated the issue and looked at the output of the
proxy.log file.
DEBUG – : key: "PXEClient"
DEBUG – : executing: c:\windows\sysnative\cmd.exe /c c:\Windows\System32
netsh.exe -c dhcp server 10.99.0.200 scope 10.99.1.0 set
reservedoptionvalue 10.99.1.52 60 String ""
INFO – : Vendor class not found

Looking at the DHCP MMC and going through possible scope options I saw that
Option 60 was not a valid option on my server. Being related to PXE
booting I googled for what I needed to do to PXEboot with a Windows DHCP
server. The following article gave me the netsh commands to add DHCP
Option 60
http://msdn.microsoft.com/en-us/library/dd128762(v=winembedded.51).aspx

Once the option has been added I can now PXE boot a machine from foreman.

Couple of questions arise from all of this.

  1. Should foreman-proxy check for Option 60 on the server and add it as
    an option?
  2. Can this error be caught? I think it would have to be in the function
    as create time since the message returned is not very specific.
  3. Not sure what other tests would help but I have foreman-proxy running
    on a Win2k8 R2 server with Ruby 1.8.7-p374. The smart-proxy MS DHCP
    documentation should be updated with a version of Ruby that can actually be
    downloaded.
  4. If DHCP Option 60 doesn't get added by foreman-proxy itself, then it
    should be noted in the documentation that it is required for full
    functionality.