Foreman SmartProxy Install - Force DHCP to Not Be Authoritative of Subnet

azurepancake · July 24, 2020, 1:06pm

Problem:
I am trying to install a Foreman SmartProxy using the below command:

foreman-installer --scenario foreman-proxy-content \
  --certs-tar-file "/root/server.example.net-certs.tar" \
  --foreman-proxy-content-parent-fqdn "hqret-foreman.odretail.net" \
  --foreman-proxy-register-in-foreman "true" \
  --foreman-proxy-foreman-base-url "https://foreman-master.example.net" \
  --foreman-proxy-trusted-hosts "foreman-master.example.net" \
  --foreman-proxy-trusted-hosts "server.example.net" \
  --foreman-proxy-oauth-consumer-key "blah" \
  --foreman-proxy-oauth-consumer-secret "blah" \
  --puppet-server-foreman-url "https://foreman-master.example.net" \
  --foreman-proxy-dhcp "true" \
  --foreman-proxy-dhcp-gateway "10.59.152.1" \
  --foreman-proxy-dhcp-nameservers "10.92.128.40" \
  --foreman-proxy-dhcp-network "10.59.152.0" \
  --foreman-proxy-dhcp-netmask "255.255.255.224" \
  --foreman-proxy-dhcp-range "10.59.152.3 10.59.152.20" \
  --foreman-proxy-dhcp-subnets "10.59.152.0/24" \
  --foreman-proxy-dhcp-interface "enp6s0" \
  --foreman-proxy-plugin-discovery-install-images "true"

However, I get the below error messages:

Service[dhcpd]: Failed to call refresh: Systemd restart for dhcpd failed!
systemd[1]: Starting DHCPv4 Server Daemon...
dhcpd[12976]: Internet Systems Consortium DHCP Server 4.2.5
dhcpd[12976]: Copyright 2004-2013 Internet Systems Consortium.
dhcpd[12976]: All rights reserved.
dhcpd[12976]: For info, please visit https://www.isc.org/software/dhcp/
dhcpd[12976]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
dhcpd[12976]: Internet Systems Consortium DHCP Server 4.2.5
dhcpd[12976]: Copyright 2004-2013 Internet Systems Consortium.
dhcpd[12976]: All rights reserved.
dhcpd[12976]: For info, please visit https://www.isc.org/software/dhcp/
dhcpd[12976]: Wrote 1 leases to leases file.
dhcpd[12976]: No subnet declaration for enp6s0 (10.59.24.175).
dhcpd[12976]: ** Ignoring requests on enp6s0.  If this is not what
systemd[1]: dhcpd.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start DHCPv4 Server Daemon.
systemd[1]: Unit dhcpd.service entered failed state.
systemd[1]: dhcpd.service failed.

So the crux of the issue here I think is that the systems which this SmartProxy needs to serve DHCP to are on a different subnet than the SmartProxy its self.

The SmartProxy is on: 10.59.24.0/24
The clients are on: 10.59.152.0/27

Now if I add the below stanza to my /etc/dhcp/dhcpd.conf:

subnet 10.59.24.0 netmask 255.255.255.0 {
       not authoritative;
}

I can then start the service just fine. I also don’t want this DHCP service to be authoritative of the 10.59.24.0/24 subnet, as another DHCP server is (I know this may sound a little crazy, but we have our reasons).

So I can update the DHCP daemon configuration file and re-run the foreman-installer, but it just overwrites it again. I’m very new to this, but I imagine Puppet is doing this?

What I’m wondering at this point, is there a command-line option I can pass to foreman-installer to make the DHCP daemon not authoritative of that subnet, or perhaps I need to update the file on the Puppet master?

Expected outcome:
I would like the SmartProxy to install with no errors if possible, configuring the DHCP daemon configuration to not be authoritative of the subnet which the SmartProxy main network interface is configured for.

I understand this may be an unusual requirement, so if there is a way to work around this, I would be happy to try it!

Foreman and Proxy versions: 3.12

Foreman and Proxy plugin versions: N/A

Distribution and version: CentOS 7

Other relevant data: N/A

azurepancake · July 24, 2020, 6:23pm

To temporarily work around this, I set --foreman-proxy-dhcp to “false” and now have the proxy up and running. I can manage DHCP on my own for the time being, as I experiment with Foreman.

I would still like to see if I can resolve this issue however, if anyone has any tips.

gafferman · March 31, 2022, 1:36pm

Running foreman (& proxy) on a separate subnet from the one being managed.
I’m getting this too “No subnet declaration for ()”. I can create a line in /etc/dhcp/dhcpd.conf :
subnet netmask 255.255.255.255 {}
and DHCP will start. But will break again whenever I run foreman-installer. Are people just manually adding this line each time?

gafferman · March 31, 2022, 8:42pm

Auto formatting butchered my last message, and can’t edit it. Let’s try again:
I’m getting this too “No subnet declaration for ()”. I can create a line in /etc/dhcp/dhcpd.conf :
subnet IP_OF_PROXY netmask 255.255.255.255 {}

Replace IP_OF_PROXY with your proxy’s IP

moritzdietz · April 24, 2023, 7:59pm

I just ran into this myself. Basically what you need to do is this:

Either you stop using the Foreman / Satellite Puppet based installer to manage the DHCP configuration or
You use a couple installer flags to basically configure a dummy entry which doesn’t do anything

I ended up using the second way and so far haven’t had any issues but far from perfect - I guess it’s a limitation of the DHCP module used by Foreman / Satellite.
Additionally I found this: https://theforeman.org/2017/07/adding-new-subnet-for-provisioning.html and followed the custom-hiera suggestion to configure my other networks.

foreman-installer --verbose-log-level INFO \
--foreman-proxy-dhcp-nameservers "1.1.1.1,1.0.0.1" \
--foreman-proxy-dhcp-netmask '255.255.255.255' \
--foreman-proxy-dhcp-network '10.0.0.1'

This resulted in the following lines in my dhcpd.conf:

# <some domain string>
subnet 10.0.0.1 netmask 255.255.255.255 {

  option subnet-mask 255.255.255.255;
}

(I couldn’t find a way how to get rid of the option for this subnet)

You might have to use some --reset-foreman-proxy-dhcp options to fix the stuff already in your answers.yaml

Hope this helps