Managing only part of a DHCP subnet

Support
1

Hello All,

I'm evaluating Foreman for use in our dev/SI/UAT environments and had one
question:

We'd like to keep our current MS DHCP managing our current leases and add a
new subnet/range that foreman can allocate addresses in.

i.e. MS DHCP manages 2 subnets: 192.168.0.1/23, and 192.168.3.0/24.
Foreman would allocate addresses within 192.168.3.0/24 only and not touch
the other range.

My google-fu is failing me on finding an answer to this. Can anyone help?
If the answer is yes, the relevant dhcpd.conf and/or foreman-proxy
settings.yml would be very helpful.

Apart from that question, I've been really liking Foreman so far. Multiple
config groups and host group inheritance are very nice, and really useful
for our use cases. I also really like being able to run a Foreman instance
on my local desktop (within KVM/QEMU) and then use the same foreman config
but point it at EC2 or VSphere. The only thing I'm "missing" so far is
deploying from VSphere VM templates but I understand that's on the TODO:
list.

Many Thanks,

Anthony

2

Hi Anthony,

Can we see your foreman-proxy settings.yml? Do you have something like this
there?

:dhcp_subnets: [192.168.0.1/255.255.254.0, 192.168.3.0/255.255.255.0]

Best, hope we can solve this soon :slight_smile:

··· On Wed, Sep 3, 2014 at 6:05 PM, Anthony Clark wrote:

Hello All,

I’m evaluating Foreman for use in our dev/SI/UAT environments and had one
question:

We’d like to keep our current MS DHCP managing our current leases and add
a new subnet/range that foreman can allocate addresses in.

i.e. MS DHCP manages 2 subnets: 192.168.0.1/23, and 192.168.3.0/24.
Foreman would allocate addresses within 192.168.3.0/24 only and not
touch the other range.

My google-fu is failing me on finding an answer to this. Can anyone help?
If the answer is yes, the relevant dhcpd.conf and/or foreman-proxy
settings.yml would be very helpful.

Apart from that question, I’ve been really liking Foreman so far.
Multiple config groups and host group inheritance are very nice, and
really useful for our use cases. I also really like being able to run a
Foreman instance on my local desktop (within KVM/QEMU) and then use the
same foreman config but point it at EC2 or VSphere. The only thing I’m
"missing" so far is deploying from VSphere VM templates but I understand
that’s on the TODO: list.

Many Thanks,

Anthony


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato

@elobatoss
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30

3

If you're foreman server and pxeboot server are only in the 3.0 network
then everything should work. If not then maybe you could use something
like classes to restrict which mac addresses can get ips from the 3.0
network.
I use ISC and this construct:
class "ovirt" {
match if substring (hardware,1,8) = 00:1a:4a;
}

and then:
subnet 172.16.0.0 netmask 255.255.255.0 {
pool
{
range 172.16.0.100 172.16.0.200;
allow members of "ovirt";
}
}

Joop

··· On 3-9-2014 18:05, Anthony Clark wrote: > Hello All, > > I'm evaluating Foreman for use in our dev/SI/UAT environments and had > one question: > > We'd like to keep our current MS DHCP managing our current leases and > add a new subnet/range that foreman can allocate addresses in. > > i.e. MS DHCP manages 2 subnets: 192.168.0.1/23, and 192.168.3.0/24. > Foreman would allocate addresses within 192.168.3.0/24 only and not > touch the other range. > > My google-fu is failing me on finding an answer to this. Can anyone > help? If the answer is yes, the relevant dhcpd.conf and/or > foreman-proxy settings.yml would be very helpful. >
4

I don't yet have this deployed on the "production" nets I described above.

I'll play with the ISC DHCPD I have on a private kvm/qemu net. I think I
can set a range for, say, 192.168.122.10 to 192.168.122.99 for the
non-foreman DHCP addresses, then set .100 to .199 for the foreman
controlled addresses.

I don't have a :dhcp_subnets: setting in either foreman/settings.yaml or
foreman-proxy/settings.yml

I do have 'dhcp_range: "192.168.122.100 192.168.122.199"'
in foreman/foreman-installer-answers.yaml

Here's my foreman-proxy/settings.yml:

cat foreman-proxy/settings.yml

··· --- :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem :ssl_certificate: /var/lib/puppet/ssl/certs/test-foreman02.fm.example.com.pem :ssl_private_key: /var/lib/puppet/ssl/private_keys/test-foreman02.fm.example.com.pem

:daemon: true:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid

:port: 8443

:tftp: true:tftproot: /var/lib/tftpboot/
:tftp_servername: 192.168.122.2

:dns: true
:dns_provider: nsupdate
:dns_key: /var/named/chroot/etc/Kforeman.+157+61460.key
:dns_server: 127.0.0.1
:dns_ttl: 86400

:dhcp: true# valid vendors:
:dhcp_vendor: isc
:dhcp_config: /etc/dhcp/dhcpd.conf
:dhcp_leases: /var/lib/dhcpd/dhcpd.leases

:virsh_network: default

:puppetca: true
:ssldir: /var/lib/puppet/ssl
:puppetdir: /etc/puppet

:puppet: true
:puppet_conf: /etc/puppet/puppet.conf

:customrun_cmd: /bin/false
:customrun_args: -ay -f -s

:puppetssh_sudo: false
:puppetssh_command: /usr/bin/puppet agent --onetime --no-usecacheonfailure

:bmc: false
:bmc_default_provider: ipmitool

:realm: false

:realm_provider: freeipa

:realm_keytab: /etc/foreman-proxy/freeipa.keytab
:realm_principal: realm-proxy@EXAMPLE.COM

:freeipa_remove_dns: true

:log_file: /var/log/foreman-proxy/proxy.log

On Thursday, September 4, 2014 3:13:40 AM UTC-4, Daniel Lobato wrote:

Hi Anthony,

Can we see your foreman-proxy settings.yml? Do you have something like
this there?

:dhcp_subnets: [192.168.0.1/255.255.254.0, 192.168.3.0/255.255.255.0]

Best, hope we can solve this soon :slight_smile:

On Wed, Sep 3, 2014 at 6:05 PM, Anthony Clark <dizzy...@gmail.com > <javascript:>> wrote:

Hello All,

I’m evaluating Foreman for use in our dev/SI/UAT environments and had one
question:

We’d like to keep our current MS DHCP managing our current leases and add
a new subnet/range that foreman can allocate addresses in.

i.e. MS DHCP manages 2 subnets: 192.168.0.1/23, and 192.168.3.0/24.
Foreman would allocate addresses within 192.168.3.0/24 only and not
touch the other range.

My google-fu is failing me on finding an answer to this. Can anyone
help? If the answer is yes, the relevant dhcpd.conf and/or foreman-proxy
settings.yml would be very helpful.

Apart from that question, I’ve been really liking Foreman so far.
Multiple config groups and host group inheritance are very nice, and
really useful for our use cases. I also really like being able to run a
Foreman instance on my local desktop (within KVM/QEMU) and then use the
same foreman config but point it at EC2 or VSphere. The only thing I’m
"missing" so far is deploying from VSphere VM templates but I understand
that’s on the TODO: list.

Many Thanks,

Anthony


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com
<javascript:>.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato

@elobatoss
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30

5

That is an awesome idea. I'll explore using that since as far as I know,
foreman will always give out MAC addresses with consistent prefixes.

Thanks!

··· On Thursday, September 4, 2014 3:16:39 AM UTC-4, jvandewege wrote: > > On 3-9-2014 18:05, Anthony Clark wrote: > > Hello All, > > > > I'm evaluating Foreman for use in our dev/SI/UAT environments and had > > one question: > > > > We'd like to keep our current MS DHCP managing our current leases and > > add a new subnet/range that foreman can allocate addresses in. > > > > i.e. MS DHCP manages 2 subnets: 192.168.0.1/23, and 192.168.3.0/24. > > Foreman would allocate addresses within 192.168.3.0/24 only and not > > touch the other range. > > > > My google-fu is failing me on finding an answer to this. Can anyone > > help? If the answer is yes, the relevant dhcpd.conf and/or > > foreman-proxy settings.yml would be very helpful. > > > If you're foreman server and pxeboot server are only in the 3.0 network > then everything should work. If not then maybe you could use something > like classes to restrict which mac addresses can get ips from the 3.0 > network. > I use ISC and this construct: > class "ovirt" { > match if substring (hardware,1,8) = 00:1a:4a; > } > > and then: > subnet 172.16.0.0 netmask 255.255.255.0 { > pool > { > range 172.16.0.100 172.16.0.200; > allow members of "ovirt"; > } > } > > Joop > >