Managing DNS and DHCP for devices other than hosts?

I'm using Satellite 6.2. When you define a new host in sat6, it populates
dhcp and DNS, which is awesome.

But what about things other than hosts? I have several non-RHEL systems,
and several non-computer devices like routers which my office DNS and DHCP
need to serve.

What is the best/right way to add these systems to DNS and DHCP?

To update DNS, I've been using:

nsupdate -k /etc/rndc.conf forward.txt
nsupdate -k /etc/rndc.conf reverse.txt

where forward.txt has entries like

update add foo.xyz.lan <http://foo.tc.redhat.com> 86400 A 172.31.100.36
update add bar.xyz.lan <http://bar.tc.redhat.com> 86400 A 172.31.100.37
update add baz.xyz.lan <http://baz.tc.redhat.com> 86400 A 172.31.100.38
send

and reverse.txt has entries like

update add 36.100.31.172.in-addr.arpa 86400 PTR foo.
<http://foo.tc.redhat.com>xyz.lan <http://baz.tc.redhat.com>.
update add 37.100.31.172.in-addr.arpa 86400 PTR bar.
<http://bar.tc.redhat.com>xyz.lan <http://baz.tc.redhat.com>.
update add 38.100.31.172.in-addr.arpa 86400 PTR baz.
<http://baz.tc.redhat.com>xyz.lan <http://baz.tc.redhat.com>.
send

I am not sure what the best/right way to add static mappings to DHCP,
though. I am looking at "hammer host create," but I'm not actually creating
hosts, so that feels heavy handed. Any ideas?

Thanks!
Thomas

I have run into this problem also.
That and the Foreman installer jumping all over my dhcpd.conf and
shreading it then flushing it down the toilet… Well I may be a bit
overstating it there.

You could use omshell which is part of the DHCP package.

There is at lease 1 perl package that interfaces to omshell and you
could use to create a script to bundle your DNS and DHCP updates.

On the other hand if you just create the DHCP address the DHCP server
will populate your DNS when the lease is handed out.
That is provided that you have configured DHCP to do the DNS updates.

Foreman could do with some hooks (forgive me if this exists already) to
an external IPAM system.

··· On 04/28/2017 01:55 PM, thomas.cameron@camerontech.com wrote: > I'm using Satellite 6.2. When you define a new host in sat6, it > populates dhcp and DNS, which is awesome. > > But what about things other than hosts? I have several non-RHEL > systems, and several non-computer devices like routers which my office > DNS and DHCP need to serve. > > What is the best/right way to add these systems to DNS and DHCP? > > To update DNS, I've been using: > > nsupdate -k /etc/rndc.conf forward.txt > nsupdate -k /etc/rndc.conf reverse.txt > > where forward.txt has entries like > > update add foo.xyz.lan 86400 A 172.31.100.36 > update add bar.xyz.lan 86400 A 172.31.100.37 > update add baz.xyz.lan 86400 A 172.31.100.38 > send > > and reverse.txt has entries like > > update add 36.100.31.172.in-addr.arpa 86400 PTR foo. > xyz.lan . > update add 37.100.31.172.in-addr.arpa 86400 PTR bar. > xyz.lan . > update add 38.100.31.172.in-addr.arpa 86400 PTR baz. > xyz.lan . > send > > I am not sure what the best/right way to add static mappings to DHCP, > though. I am looking at "hammer host create," but I'm not actually > creating hosts, so that feels heavy handed. Any ideas? > > Thanks! > Thomas > -- > You received this message because you are subscribed to the Google > Groups "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to foreman-users+unsubscribe@googlegroups.com > . > To post to this group, send email to foreman-users@googlegroups.com > . > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.


Alvin Starr || voice: (905)513-7688
Netvel Inc. || Cell: (416)806-0133
alvin@netvel.net ||

The normal way our customers and users manage DHCP is simply using the
default /etc/dhcp/dhcpd.hosts which is included from dhcpd.conf by
default. This file is untouched by Foreman or Proxy. What is also
recommended is to change installer flag "dhcp managed" to off so it
won't overwrite the next run, this is important and bites every now
and then.

When making manual changes to DHCP keep in mind that foreman-proxy
does parse dhcpd.conf and all includes and our parser is limited and
does not understand full syntax of ISC DHCP. Recommended way is to
check everytime a change is performed:

#!/bin/bash
curl -ks --cert /etc/foreman/client_cert.pem --key
/etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem
https://$(hostname):9090/dhcp | json_reformat
dhcpd -t -cf /etc/dhcp/dhcpd.conf

This script prints out all subnets recognized and also verifies using
ISC DHCP, you should see no errors or missing subnets from the JSON
output. When our parser encounters a problem (e.g. nested curly braces
in older versions of Foreman or other unknown statements), it simply
drops an error message to the log and ignores the whole subnet.

The script was initially published at
https://access.redhat.com/solutions/2988341

The same goes for DNS, but I haven't created any kind of checking
script. Also I recommend to turn off DNS management in the installer.
If you create such a script please share it.

I actually created a work item to add this kind of check into
foreman-maintain: https://github.com/iNecas/foreman_maintain/issues/46

··· On Tue, May 2, 2017 at 3:06 PM, Alvin Starr wrote: > I have run into this problem also. > That and the Foreman installer jumping all over my dhcpd.conf and shreading > it then flushing it down the toilet... Well I may be a bit overstating it > there. > > > You could use omshell which is part of the DHCP package. > > There is at lease 1 perl package that interfaces to omshell and you could > use to create a script to bundle your DNS and DHCP updates. > > On the other hand if you just create the DHCP address the DHCP server will > populate your DNS when the lease is handed out. > That is provided that you have configured DHCP to do the DNS updates. > > Foreman could do with some hooks (forgive me if this exists already) to an > external IPAM system. > > > > On 04/28/2017 01:55 PM, thomas.cameron@camerontech.com wrote: > > I'm using Satellite 6.2. When you define a new host in sat6, it populates > dhcp and DNS, which is awesome. > > But what about things other than hosts? I have several non-RHEL systems, and > several non-computer devices like routers which my office DNS and DHCP need > to serve. > > What is the best/right way to add these systems to DNS and DHCP? > > To update DNS, I've been using: > > nsupdate -k /etc/rndc.conf forward.txt > nsupdate -k /etc/rndc.conf reverse.txt > > where forward.txt has entries like > > update add foo.xyz.lan 86400 A 172.31.100.36 > update add bar.xyz.lan 86400 A 172.31.100.37 > update add baz.xyz.lan 86400 A 172.31.100.38 > send > > and reverse.txt has entries like > > update add 36.100.31.172.in-addr.arpa 86400 PTR foo.xyz.lan. > update add 37.100.31.172.in-addr.arpa 86400 PTR bar.xyz.lan. > update add 38.100.31.172.in-addr.arpa 86400 PTR baz.xyz.lan. > send > > I am not sure what the best/right way to add static mappings to DHCP, > though. I am looking at "hammer host create," but I'm not actually creating > hosts, so that feels heavy handed. Any ideas? > > Thanks! > Thomas > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > > > -- > Alvin Starr || voice: (905)513-7688 > Netvel Inc. || Cell: (416)806-0133 > alvin@netvel.net || > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.


Later,
Lukas @lzap Zapletal

ArguablyISC DHCPis a little broken.

I use dhcpd.hosts and also disable the "dhcpmanaged" flag.
In my environment which is somewhat developmental my foreman server can
go down for longish periods.

For Foreman to interactwith ISC DHCP it really needs to be running on a
system under foreman's control.
To manage the DHCP server foreman uses omshell and /var/lib/dhcpd/*.
So foreman outages cause DHCP outages or re-addressing that gives my
firewall licensing problems.

I took a kick at trying to use failover to manage my problem but it
seems that you need to add static leases to both servers using omapi and
I wrote a omshell wrapper script to talk to both servers but in the end
I abandoned this because it just seemed too delicate and there was no
clean and clear way to recover once a failover occurred.

I have it working but I am not happy with the result.
Its just kind of clumsy.

If there were a nice wrapper for ISC that would make it remotely
administerable then it would be possible to have the DCHP server not
reside on the foreman server.

I have not really looked at it but I wonder how well ISC Kea would work
as a DHCP server under foreman.

··· On 05/03/2017 07:25 AM, Lukas Zapletal wrote: > The normal way our customers and users manage DHCP is simply using the > default /etc/dhcp/dhcpd.hosts which is included from dhcpd.conf by > default. This file is untouched by Foreman or Proxy. What is also > recommended is to change installer flag "dhcp managed" to off so it > won't overwrite the next run, this is important and bites every now > and then. > > When making manual changes to DHCP keep in mind that foreman-proxy > does parse dhcpd.conf and all includes and our parser is limited and > does not understand full syntax of ISC DHCP. Recommended way is to > check everytime a change is performed: > > #!/bin/bash > curl -ks --cert /etc/foreman/client_cert.pem --key > /etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem > https://$(hostname):9090/dhcp | json_reformat > dhcpd -t -cf /etc/dhcp/dhcpd.conf > > This script prints out all subnets recognized and also verifies using > ISC DHCP, you should see no errors or missing subnets from the JSON > output. When our parser encounters a problem (e.g. nested curly braces > in older versions of Foreman or other unknown statements), it simply > drops an error message to the log and ignores the whole subnet. > > The script was initially published at > https://access.redhat.com/solutions/2988341 > > The same goes for DNS, but I haven't created any kind of checking > script. Also I recommend to turn off DNS management in the installer. > If you create such a script please share it. > > I actually created a work item to add this kind of check into > foreman-maintain: https://github.com/iNecas/foreman_maintain/issues/46 > > On Tue, May 2, 2017 at 3:06 PM, Alvin Starr wrote: >> I have run into this problem also. >> That and the Foreman installer jumping all over my dhcpd.conf and shreading >> it then flushing it down the toilet... Well I may be a bit overstating it >> there. >> >> >> You could use omshell which is part of the DHCP package. >> >> There is at lease 1 perl package that interfaces to omshell and you could >> use to create a script to bundle your DNS and DHCP updates. >> >> On the other hand if you just create the DHCP address the DHCP server will >> populate your DNS when the lease is handed out. >> That is provided that you have configured DHCP to do the DNS updates. >> >> Foreman could do with some hooks (forgive me if this exists already) to an >> external IPAM system. >> >> >> >> On 04/28/2017 01:55 PM, thomas.cameron@camerontech.com wrote: >> >> I'm using Satellite 6.2. When you define a new host in sat6, it populates >> dhcp and DNS, which is awesome. >> >> But what about things other than hosts? I have several non-RHEL systems, and >> several non-computer devices like routers which my office DNS and DHCP need >> to serve. >> >> What is the best/right way to add these systems to DNS and DHCP? >> >> To update DNS, I've been using: >> >> nsupdate -k /etc/rndc.conf forward.txt >> nsupdate -k /etc/rndc.conf reverse.txt >> >> where forward.txt has entries like >> >> update add foo.xyz.lan 86400 A 172.31.100.36 >> update add bar.xyz.lan 86400 A 172.31.100.37 >> update add baz.xyz.lan 86400 A 172.31.100.38 >> send >> >> and reverse.txt has entries like >> >> update add 36.100.31.172.in-addr.arpa 86400 PTR foo.xyz.lan. >> update add 37.100.31.172.in-addr.arpa 86400 PTR bar.xyz.lan. >> update add 38.100.31.172.in-addr.arpa 86400 PTR baz.xyz.lan. >> send >> >> I am not sure what the best/right way to add static mappings to DHCP, >> though. I am looking at "hammer host create," but I'm not actually creating >> hosts, so that feels heavy handed. Any ideas? >> >> Thanks! >> Thomas >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-users+unsubscribe@googlegroups.com. >> To post to this group, send email to foreman-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> Alvin Starr || voice: (905)513-7688 >> Netvel Inc. || Cell: (416)806-0133 >> alvin@netvel.net || >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-users+unsubscribe@googlegroups.com. >> To post to this group, send email to foreman-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. > >


Alvin Starr || voice: (905)513-7688
Netvel Inc. || Cell: (416)806-0133
alvin@netvel.net ||

We do not support Kea yet, but I plan to write dnsmasq provider, I
already have a prototype locally:

http://projects.theforeman.org/issues/13806

LZ

··· On Wed, May 3, 2017 at 4:39 PM, Alvin Starr wrote: > ArguablyISC DHCPis a little broken. > > I use dhcpd.hosts and also disable the "dhcpmanaged" flag. > In my environment which is somewhat developmental my foreman server can go > down for longish periods. > > For Foreman to interactwith ISC DHCP it really needs to be running on a > system under foreman's control. > To manage the DHCP server foreman uses omshell and /var/lib/dhcpd/*. > So foreman outages cause DHCP outages or re-addressing that gives my > firewall licensing problems. > > I took a kick at trying to use failover to manage my problem but it seems > that you need to add static leases to both servers using omapi and I wrote a > omshell wrapper script to talk to both servers but in the end I abandoned > this because it just seemed too delicate and there was no clean and clear > way to recover once a failover occurred. > > I have it working but I am not happy with the result. > Its just kind of clumsy. > > > If there were a nice wrapper for ISC that would make it remotely > administerable then it would be possible to have the DCHP server not reside > on the foreman server. > > I have not really looked at it but I wonder how well ISC Kea would work as a > DHCP server under foreman. > > > On 05/03/2017 07:25 AM, Lukas Zapletal wrote: >> >> The normal way our customers and users manage DHCP is simply using the >> default /etc/dhcp/dhcpd.hosts which is included from dhcpd.conf by >> default. This file is untouched by Foreman or Proxy. What is also >> recommended is to change installer flag "dhcp managed" to off so it >> won't overwrite the next run, this is important and bites every now >> and then. >> >> When making manual changes to DHCP keep in mind that foreman-proxy >> does parse dhcpd.conf and all includes and our parser is limited and >> does not understand full syntax of ISC DHCP. Recommended way is to >> check everytime a change is performed: >> >> #!/bin/bash >> curl -ks --cert /etc/foreman/client_cert.pem --key >> /etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem >> https://$(hostname):9090/dhcp | json_reformat >> dhcpd -t -cf /etc/dhcp/dhcpd.conf >> >> This script prints out all subnets recognized and also verifies using >> ISC DHCP, you should see no errors or missing subnets from the JSON >> output. When our parser encounters a problem (e.g. nested curly braces >> in older versions of Foreman or other unknown statements), it simply >> drops an error message to the log and ignores the whole subnet. >> >> The script was initially published at >> https://access.redhat.com/solutions/2988341 >> >> The same goes for DNS, but I haven't created any kind of checking >> script. Also I recommend to turn off DNS management in the installer. >> If you create such a script please share it. >> >> I actually created a work item to add this kind of check into >> foreman-maintain: https://github.com/iNecas/foreman_maintain/issues/46 >> >> On Tue, May 2, 2017 at 3:06 PM, Alvin Starr wrote: >>> >>> I have run into this problem also. >>> That and the Foreman installer jumping all over my dhcpd.conf and >>> shreading >>> it then flushing it down the toilet... Well I may be a bit overstating it >>> there. >>> >>> >>> You could use omshell which is part of the DHCP package. >>> >>> There is at lease 1 perl package that interfaces to omshell and you could >>> use to create a script to bundle your DNS and DHCP updates. >>> >>> On the other hand if you just create the DHCP address the DHCP server >>> will >>> populate your DNS when the lease is handed out. >>> That is provided that you have configured DHCP to do the DNS updates. >>> >>> Foreman could do with some hooks (forgive me if this exists already) to >>> an >>> external IPAM system. >>> >>> >>> >>> On 04/28/2017 01:55 PM, thomas.cameron@camerontech.com wrote: >>> >>> I'm using Satellite 6.2. When you define a new host in sat6, it populates >>> dhcp and DNS, which is awesome. >>> >>> But what about things other than hosts? I have several non-RHEL systems, >>> and >>> several non-computer devices like routers which my office DNS and DHCP >>> need >>> to serve. >>> >>> What is the best/right way to add these systems to DNS and DHCP? >>> >>> To update DNS, I've been using: >>> >>> nsupdate -k /etc/rndc.conf forward.txt >>> nsupdate -k /etc/rndc.conf reverse.txt >>> >>> where forward.txt has entries like >>> >>> update add foo.xyz.lan 86400 A 172.31.100.36 >>> update add bar.xyz.lan 86400 A 172.31.100.37 >>> update add baz.xyz.lan 86400 A 172.31.100.38 >>> send >>> >>> and reverse.txt has entries like >>> >>> update add 36.100.31.172.in-addr.arpa 86400 PTR foo.xyz.lan. >>> update add 37.100.31.172.in-addr.arpa 86400 PTR bar.xyz.lan. >>> update add 38.100.31.172.in-addr.arpa 86400 PTR baz.xyz.lan. >>> send >>> >>> I am not sure what the best/right way to add static mappings to DHCP, >>> though. I am looking at "hammer host create," but I'm not actually >>> creating >>> hosts, so that feels heavy handed. Any ideas? >>> >>> Thanks! >>> Thomas >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to foreman-users+unsubscribe@googlegroups.com. >>> To post to this group, send email to foreman-users@googlegroups.com. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> Alvin Starr || voice: (905)513-7688 >>> Netvel Inc. || Cell: (416)806-0133 >>> alvin@netvel.net || >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to foreman-users+unsubscribe@googlegroups.com. >>> To post to this group, send email to foreman-users@googlegroups.com. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> > > -- > Alvin Starr || voice: (905)513-7688 > Netvel Inc. || Cell: (416)806-0133 > alvin@netvel.net || > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.


Later,
Lukas @lzap Zapletal