Foreman - with dns_nsupdate - key format help

I trashed my old Foreman / EL 7 host due to a database upgrade error, and rather than fix it, I decided this would be the time to move to the current 2.2 build on EL 8 rather than try to keep up on El7.

I have provisioning working just fine with ddns updates for the network via dhcp and foreman updating the same dns server with the same key. I thought nothing of it and blew away the box and did a nice clean install. few little problems, mostly user error, until I hit this problem.

I setup ddns in dhcp (for outside of foreman hosts on the network such as a phone or something) with a new key with dnssec-keygen, great no problems, then tried to configure foreman to be able to update / create / delete dns records using the dns_nsupdate process. I stumbled across and error trapping bug that I’ll raise, but realised that I had this problem with my old install too and can’t work around it, so I want to fix it and at worst right a community blog post to explain it, at best maybe patch the installer to allow this to setup properly.

if anyone has dns_nsupdate configured properly and working, I’d appreciate looking at the format of the file you’ve pointed at in dns_nsupdate.yaml as ddns and nsupdate require different formats, if I use the key that works with nsupdate -k on the command line with foreman the smart proxy doesn’t load dns_nsupdate , if I point it at the same format / actual key as ddns foreman is happy, but cannot update the dns server as the key is ‘wrong’ and foreman doesn’t trap this (the bug I came across).

If anyone can share the format of the file they have pointed at in dns_nsupdate.yaml that will help me write this up properly

Expected outcome:

just an example key file format to get this clear in my head and the documentation

Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Distribution and version:
Other relevant data:
If I can get this working I can provide better detail / correct detail in the bug report against foremans error handling of nsupdate.

Hello ikonia,

I am using Foreman on Ubuntu 18.04, but i think this should not matter here.

The key i am using looks like this:

# file: dns.key
key foremankey {
     algorithm hmac-sha512;
     secret "redacted-key-content";