> Hello everyone!
>
> My name is Konstantin Orekhov with eBay. I'm evaluating Foreman
> Smart-proxies as separate tools to be used by our orchestration to provide
> RESTful interfaces to DHCP (ISC), TFTP and BMC services. After private
> email conversation with Ohad, he advised to post my questions and requests
> to this mailing list.
>
> I've started from DHCP one last week, and since I'm looking at it as
> replacement for existing functionality, I'm going through each of the
> existing use-cases and see what/how Foreman can do that for us and running
> into a lot of questions/concerns.
>
> * no global search by MAC or hostname - needs subnet, why?

main reason is that in theory (in sometimes in practice) the same mac can
exist in multiple subnets.

I dont mind to add a feature to the proxy to scan internally over all
subnets and return the lease info (afair, the code already supports that
and just need to expose it via the api).

> Unless I specify the subnet, I can't get the result although in
> dhcpd.leases itself there's no notion of the subnet, so this appears a
> internal Foreman requirement? To give a bit of context why we do that -
> during new node registration, IaaS does not know (or cares, for that
> matter) in which subnet the node is going to end up, it just needs to find
> its IP using BMC MAC address as a search string and ideally this should
> happen w/o going through all the subnets as this method could also be used
> by humans for troubleshooting efforts and I'd hate to have people to browse
> through hundreds (if not thousands) of subnets. The search very often
> happens on a hostname as well for the same reasons. Does this make sense to
> you?
>
> * Invalid IP issue -
> {"ip":"192.168.166.203","hostname":"blah","mac":"00:50:56:39:ac:40","filename":"pxegrub.0"}
> does not work even from RESTclients - I went through a bunch of posts by
> different people complaining that standard JSON input does not work for
> them from curl. Only the way Ohad described here
>
> https://github.com/ohadlevy/foreman-api-examples/blob/master/examples/proxy/curl_dhcp.shworks. What I also found is that I can't send the above string even through
> Simple RESTclient (in Chrome) or RESTclient in Firefox, all what I'm
> getting back is "Sinatra doesn¹t know this ditty. post '/dhcp/
> 192.168.166.0/192.168.166.203' do "Hello World" End". Any ideas?
>

Hmm… not sure, which version of sinatra are you using? there was a bug
with 1.3.2 (or similar afair), it should just work, and you can reuse the
proxy api binding found in foreman.

>
> * unused_ip does not honor pool/range… Is this by design?

it does, you just need to pass it (e.g. you define the stop-start range as
parameters).

> How does smart-proxy verifies that IP is unused?

it first excludes all reservations and leases, and then it tries to do
(afair) tcp and icmp pings, (we thought of adding arp ping later on but
never got to it), but if you already have a dhcp entry it would not even
try.
further, the proxy remembers the last offered ip address, so it would not
offer the same ip twice (unless there is only one left).

This functionality seems rather dangerous as it can pick up an IP that is
> non-responsive at the moment, but in reality used by some machine and
> statically configured. Just want to understand the underlying checks/safety
> measures. Also, when looking for a unused IP, wouldn't it make sense to
> honor dynamic pool/range defined in dhcpd.conf for a particular network (if
> defined, of course)? Come think of it - if pool or range is defined, DHCPd
> is limited to that range to give away for a reason, as the other IPs which
> could be managed in different way (statically assigned, etc.). IMHO,
> unused_ip should be constrained by that range just as well, however
> existing DHCP smart-proxy's capability to create reservations on any IP
> should stay, obviously.
>

it does respect the start-stop range, and afair, it can also accept a mac
address, so it would not offer a different ip for a host that already has a
lease.

>
> * nextserver is not honored (no record added) - this one seems like a bug
> to me, not sure if this was already reported to you.
> # curl -X POST http://dhcp:8443/dhcp/192.168.166.0 -d 'hostname=blah' -d
> 'ip=192.168.166.203' -d 'mac=00:50:56:39:ac:40' -d 'filename=pxegrub.0' -d
> 'nextserver=tftp.vip'
> # curl -X GET http://dhcp:8443/dhcp/192.168.166.0/192.168.166.203
>
> {"ip":"192.168.166.203","hostname":"blah","mac":"00:50:56:39:ac:40","filename":"pxegrub.0","subnet":"
> 192.168.166.0/255.255.255.0"}
>

not 100% sure, but it does work, as its used by all foreman users does
it show up correctly under the mini web ui (/dhcp)

> #
> As you can see above, no next-server added to the reservation
>
> * no user-defined options accepted - this one is mostly used by us for
> Solaris installs, but there could be a lot of other uses, I'd assume. For
> example, Sparc machine would need something like this in their DHCP
> reservation:
>

thats actually a limitation of the isc implementation, for example the
windows native dhcp support that… I would be happy to extend the isc
provider to support that too.

>
> option SUNW.JumpStart-server "$JUMPSERVER:<path-to-profiles>/$PROFILE";
> option SUNW.sysid-config-file-server =
> "$JUMPSERVER:<path-to-profiles>/$PROFILE";
>
> x86 clients use pxegrub, but we redefine the location of menu.lst file as
> we keep pxeconfig filenames uniformly named, so we'd need to run something
> like this:
>
> curl -X POST http://dhcp:8443/dhcp/192.168.166.0 -d 'hostname=blah' -d
> 'ip=192.168.166.203' -d 'nextserver=tftp.vip' -d 'mac=00:50:56:39:ac:40'
> -d 'option="grubmenu pxelinux.cfg/01-00-50-56-39-ac-40"' -d
> 'filename=pxegrub.0'
>
> I'd say having an ability to specify "option":"blah-blah-blah" is useful
> thing to have regardless of what it is used for, wouldn't you agree?
>
> agree

> * what is the difference between "hostname" and "name" JSON string in
> createNewReservation?
>

its a left over for api compatibility, they are the same.

>
> * is this the most complete description of APIs provided by smart-proxies?
> API - Smart Proxy - Foreman

currently yes, improvements are welcomed.

>
>
> Not related to DHCP smart-proxy:
>
> * a lot of broken links (anchors) on theforeman.org/manual/1.1 - good one
> Foreman :: Manual,
> bad ones something like this -
> Foreman (manuals/1.1/index.html is
> missing)
>

thanks! <hint>patches are welcomed </hint>

>
> I'd much appreciate your feedback, folks!
> Thanks!

Welcome!

Ohad

• no global search by MAC or hostname - needs subnet, why?
  >
  > main reason is that in theory (in sometimes in practice) the same mac can
  > exist in multiple subnets.
  >
  >
  Hmm, hard to imagine how that MAC would operate in such conditions, but
  even if that happens, the search should just return all found entries, IMHO.

>
> * Invalid IP issue -
>> {"ip":"192.168.166.203","hostname":"blah","mac":"00:50:56:39:ac:40","filename":"pxegrub.0"}
>> does not work even from RESTclients - I went through a bunch of posts by
>> different people complaining that standard JSON input does not work for
>> them from curl. Only the way Ohad described here
>>
>> https://github.com/ohadlevy/foreman-api-examples/blob/master/examples/proxy/curl_dhcp.shworks. What I also found is that I can't send the above string even through
>> Simple RESTclient (in Chrome) or RESTclient in Firefox, all what I'm
>> getting back is "Sinatra doesn¹t know this ditty. post '/dhcp/
>> 192.168.166.0/192.168.166.203' do "Hello World" End". Any ideas?
>>
>
> Hmm… not sure, which version of sinatra are you using? there was a bug
> with 1.3.2 (or similar afair), it should just work, and you can reuse the
> proxy api binding found in foreman.
>

Whichever came with foreman-proxy-1.1+ubuntu1. My
/usr/lib/ruby/vendor_ruby/sinatra/base.rb says "1.2.6".

>> * unused_ip does not honor pool/range… Is this by design?
>
> it does, you just need to pass it (e.g. you define the stop-start range as
> parameters).
>

This is where more complete API doc would help

> * nextserver is not honored (no record added) - this one seems like a bug
> to me, not sure if this was already reported to you.
>
>> # curl -X POST http://dhcp:8443/dhcp/192.168.166.0 -d 'hostname=blah' -d
>> 'ip=192.168.166.203' -d 'mac=00:50:56:39:ac:40' -d 'filename=pxegrub.0' -d
>> 'nextserver=tftp.vip'
>> # curl -X GET http://dhcp:8443/dhcp/192.168.166.0/192.168.166.203
>>
>> {"ip":"192.168.166.203","hostname":"blah","mac":"00:50:56:39:ac:40","filename":"pxegrub.0","subnet":"
>> 192.168.166.0/255.255.255.0"}
>>
>
> not 100% sure, but it does work, as its used by all foreman users does
> it show up correctly under the mini web ui (/dhcp)
>

That's what confuses me a lot - it should have been reported in many places
as this is high visibility for everyone. And to answer your question, no,
it does not show up in WebUI nor dhcpd.leases for me. The above curl call
creates the following in dhcpd.leases:

host blah {
dynamic;
hardware ethernet 00:50:56:39:ac:40;
fixed-address 192.168.166.203;
supersede server.filename = "pxegrub.0";
supersede host-name = "blah";
}

> * no user-defined options accepted - this one is mostly used by us for
>> Solaris installs, but there could be a lot of other uses, I'd assume. For
>> example, Sparc machine would need something like this in their DHCP
>> reservation:
>>
>
> thats actually a limitation of the isc implementation, for example the
> windows native dhcp support that… I would be happy to extend the isc
> provider to support that too.
>

I guess you're referring to additional configuration tasks that one has to
perform to introduce such options in dhcpd.conf? If yes, that would be
something up to an admin to do so, not Foreman smart-proxy. The latter
should just allow "option=blah" to be accepted and passed to omapi.
However, I'm not clear on a behavior of omapi/dhcpd in case where no option
were defined but yet foreman smart-proxy tries to add that into a
reservation. I'd expect some error in this case, which should be returned
to the user. Just my 2 cents.

> * no global search by MAC or hostname - needs subnet, why?
>>
>> main reason is that in theory (in sometimes in practice) the same mac can
>> exist in multiple subnets.
>>
>>
> Hmm, hard to imagine how that MAC would operate in such conditions, but
> even if that happens, the search should just return all found entries, IMHO.
>
I had the same response when i learned it for the first time, but when you
think on laptops moving between subnets that kind of trivial.

>
>
>>
>> * Invalid IP issue - {"ip":"192.168.166.203","**
>>> hostname":"blah","mac":"00:50:**56:39:ac:40","filename":"**pxegrub.0"}
>>> does not work even from RESTclients - I went through a bunch of posts by
>>> different people complaining that standard JSON input does not work for
>>> them from curl. Only the way Ohad described here
>>> https://github.com/ohadlevy/foreman-api-examples/blob/
>>> master/examples/proxy/curl_**dhcp.sh<https://github.com/ohadlevy/foreman-api-examples/blob/master/examples/proxy/curl_dhcp.sh>works. What I also found is that I can't send the above string even through
>>> Simple RESTclient (in Chrome) or RESTclient in Firefox, all what I'm
>>> getting back is "Sinatra doesn¹t know this ditty. post '/dhcp/
>>> 192.168.166.0/192.168.**166.203 <http://192.168.166.0/192.168.166.203>'
>>> do "Hello World" End". Any ideas?
>>>
>>
>> Hmm… not sure, which version of sinatra are you using? there was a bug
>> with 1.3.2 (or similar afair), it should just work, and you can reuse the
>> proxy api binding found in foreman.
>>
>
> Whichever came with foreman-proxy-1.1+ubuntu1. My
> /usr/lib/ruby/vendor_ruby/sinatra/base.rb says "1.2.6".
>
>
>>> * unused_ip does not honor pool/range… Is this by design?
>>
>> it does, you just need to pass it (e.g. you define the stop-start range
>> as parameters).
>>
>
> This is where more complete API doc would help
>
agreed

>
>
>> * nextserver is not honored (no record added) - this one seems like a bug
>> to me, not sure if this was already reported to you.
>>
>>> # curl -X POST http://dhcp:8443/dhcp/192.168.**166.0<http://192.168.166.0>-d 'hostname=blah' -d 'ip=192.168.166.203' -d 'mac=00:50:56:39:ac:40' -d
>>> 'filename=pxegrub.0' -d 'nextserver=tftp.vip'
>>> # curl -X GET http://dhcp:8443/dhcp/192.168.**166.0/192.168.166.203<http://192.168.166.0/192.168.166.203>
>>> {"ip":"192.168.166.203","hostname":"blah","mac":"00:50:
>>> 56:39:ac:40","filename":"pxegrub.0","subnet":"192.168.
>>> 166.0/255.255.255.0 <http://192.168.166.0/255.255.255.0>"}
>>>
>>
>> not 100% sure, but it does work, as its used by all foreman users does
>> it show up correctly under the mini web ui (/dhcp)
>>
>
> That's what confuses me a lot - it should have been reported in many
> places as this is high visibility for everyone. And to answer your
> question, no, it does not show up in WebUI nor dhcpd.leases for me. The
> above curl call creates the following in dhcpd.leases:
>
> host blah {
> dynamic;
> hardware ethernet 00:50:56:39:ac:40;
> fixed-address 192.168.166.203;
> supersede server.filename = "pxegrub.0";
> supersede host-name = "blah";
> }
>

try nextServer (capital s).

>
>
>> * no user-defined options accepted - this one is mostly used by us for
>>> Solaris installs, but there could be a lot of other uses, I'd assume. For
>>> example, Sparc machine would need something like this in their DHCP
>>> reservation:
>>>
>>
>> thats actually a limitation of the isc implementation, for example the
>> windows native dhcp support that… I would be happy to extend the isc
>> provider to support that too.
>>
>
> I guess you're referring to additional configuration tasks that one has to
> perform to introduce such options in dhcpd.conf? If yes, that would be
> something up to an admin to do so, not Foreman smart-proxy. The latter
> should just allow "option=blah" to be accepted and passed to omapi.
> However, I'm not clear on a behavior of omapi/dhcpd in case where no option
> were defined but yet foreman smart-proxy tries to add that into a
> reservation. I'd expect some error in this case, which should be returned
> to the user. Just my 2 cents.
>

its both, 1. expect the settings to be there in the conf file and be able
to parse then, and 2. know how to add / remove them.

its not a major effort, but something which is not done yet.

Ohad

> it does, you just need to pass it (e.g. you define the stop-start range as
>>> parameters).
>>>
>>
>> This is where more complete API doc would help
>>
> agreed
>

Is start/stop range something discoverable through smart-proxy API (needs
to be done per subnet, obviously), BTW? I guess, I start reading the code
now instead of docs

> try nextServer (capital s).
>

Yes, this worked.

Thanks!

> I guess you're referring to additional configuration tasks that one has to
> perform to introduce such options in dhcpd.conf? If yes, that would be
> something up to an admin to do so, not Foreman smart-proxy. The latter
> should just allow "option=blah" to be accepted and passed to omapi.
> However, I'm not clear on a behavior of omapi/dhcpd in case where no option
> were defined but yet foreman smart-proxy tries to add that into a
> reservation. I'd expect some error in this case, which should be returned
> to the user. Just my 2 cents.
>
> its both, 1. expect the settings to be there in the conf file and be able
> to parse then, and 2. know how to add / remove them.
>
> its not a major effort, but something which is not done yet.
>

Well, that was exactly my point - do you really want to be in business of
verifying the options that user supplies? DHCP itself would reject things
it does not understand, you (a proxy) just pass that up to the user, that's
it. Let's take this as example I just tested with grubmenu option:

1. my dhcpd.conf has the following lines in it to define that:

Support for defining a pxegrub config file (both lines are required!)

option grubmenu code 150 = text;
option dhcp-parameter-request-list = concat(option
dhcp-parameter-request-list,bootmenu);

2. I created a reservation using the following command:

curl -X POST http://dhcp:8443/dhcp/192.168.166.0 -d 'hostname=blah' -d

'ip=192.168.166.203' -d 'nextServer=192.168.166.67' -d
'mac=00:50:56:39:ac:40' -d 'filename=pxegrub.0'

3. Which resulted in the following reservation scope in dhcpd.leases:
   host blah {
   dynamic;
   hardware ethernet 00:50:56:39:ac:40;
   fixed-address 192.168.166.203;
   supersede server.filename = "pxegrub.0";
   supersede server.next-server = c0:a8:a6:43;
   supersede host-name = "blah";
   }

4. I stopped the server and added the 1 line to the above resulting in this
   scope:
   host blah {
   dynamic;
   hardware ethernet 00:50:56:39:ac:40;
   fixed-address 192.168.166.203;
   supersede server.filename = "pxegrub.0";
   supersede server.next-server = c0:a8:a6:43;
   supersede host-name = "blah";
   supersede grubmenu = "pxelinux.cfg/01-00-50-56-39-ac-40";
   }

5. Started the DHCP server back and made sure that line was not deleted by
   dhcpd. Booted a client to make sure things actually worked and they did as
   my client booted into pxegrub and started looking for
   pxelinux.cfg/01-00-50-56-39-ac-40 file instead of default menu.lst-* stuff.

6. I stopped server and commented out 2 lines in dhcpd.conf described in
   [1].

7. Upon a start of server, it removed the grubmenu line from reservation
   scope keeping everything else in tact:

Apr 25 17:47:34 dhcp dhcpd: Internet Systems Consortium DHCP Server
4.1-ESV-R4
Apr 25 17:47:34 dhcp dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Apr 25 17:47:34 dhcp dhcpd: All rights reserved.
Apr 25 17:47:34 dhcp dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Apr 25 17:47:34 dhcp dhcpd: Internet Systems Consortium DHCP Server
4.1-ESV-R4
Apr 25 17:47:34 dhcp dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Apr 25 17:47:34 dhcp dhcpd: All rights reserved.
Apr 25 17:47:34 dhcp dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Apr 25 17:47:34 dhcp dhcpd: /var/lib/dhcp/dhcpd.leases line 11: no option
named grubmenu in space dhcp
Apr 25 17:47:34 dhcp dhcpd: supersede grubmenu =
Apr 25 17:47:34 dhcp dhcpd: ^
Apr 25 17:47:34 dhcp dhcpd: Wrote 0 class decls to leases file.
Apr 25 17:47:34 dhcp dhcpd: Wrote 0 deleted host decls to leases file.
Apr 25 17:47:34 dhcp dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 25 17:47:34 dhcp dhcpd: Wrote 4 leases to leases file.

This tells me that a change required in foreman smart-proxy could be a very
simple one (for you, I mean :), not for me). Again for me, as a user, it
should look like this:

curl -X POST http://dhcp:8443/dhcp/192.168.166.0 -d 'hostname=blah' -d

'ip=192.168.166.203' -d 'nextServer=192.168.166.67' -d
'mac=00:50:56:39:ac:40' -d 'grubmenu=pxelinux.cfg/01-00-50-56-39-ac-40' -d
'filename=pxegrub.0'

where pxegrub could be anything known to dhcpd like domain-name,
ntp-servers or anything else that starts with "option" keyword. If user
tries to use some option that is not defined in dhcpd.conf, dhcpd will just
puke at the request and foreman proxy fail a request. But your code does
not need to be responsible for options validation. Again, that's in my
opinion.

Thanks!

Hello again, Ohad and folks!

With the general agreement on major points that I brought up (mainly, I'd
interested in these 2 for now - mac/hostname-based search across all
subnets and ability to specify DHCP options in createReservation call),
what would be the next steps? Does this get on an official roadmap somehow
or just just gets implemented in your copious spare time :). One a serious
note, what is the process? Do I fork the repo and try to implement this
myself and then do a pull request or do I wait in line for my requests to
get implemented by your group?

Please, let me know.
Thanks!

Konstantin.

This depends on how much involvement you want. Implementing it yourself
in a fork would be nice, but otherwise you should create an issue at
Issues - Foreman. Both creating an
issue and implementing it yourself is another option.

Hi,
I am adding (PR #580) hostgroup puppet class parameters inheritance.
The current status is that if a foreman user add a puppet class that accepts parameters to a hostgroup "base"
and add relevant values to the hostgroup, he will not have the values in a nested hostgroup "base/nested"

In this pull request I am changing that behavior, now "base/nested" will have the values of "base".
It is, however, possible to override the values in "base/nested".

This change is not backward compatible, I ask the list:

1. Do I need to add a new setting to turn this fix off?
2. Can I have it on by default?

Names for the new settings are welcome too, all I could think of was way too long, see subject line
Thanks,
Amos.

> This depends on how much involvement you want. Implementing it yourself
> in a fork would be nice, but otherwise you should create an issue at
> Issues - Foreman. Both creating an
> issue and implementing it yourself is another option.
>

Thanks, Ewoud! Exactly what I was looking for.

Submitted 2 feature requests:

Feature #2482: Global search in DHCP reservations/leases using MAC and/or hostname - Smart Proxy - Foreman for global MAC/hostname search.
BTW, I see there is another feature request for global MAC search and other
things filed as Feature #1508: Run a wide search on DHCP for IP address - Smart Proxy - Foreman, but it has not
seen any updates/activity for 10 months and I don't see it on a roadmap
either.

And another request is Feature #2483: DHCP smart-proxy API should accept any "option" in create reservation call - Smart Proxy - Foreman for
ability to specify any option in create reservation call as long as it is
in dhcpd.conf (accepted by ISC dhcpd).

Thanks!

> Hi,
> I am adding (PR #580) hostgroup puppet class parameters inheritance.
> The current status is that if a foreman user add a puppet class that accepts parameters to a hostgroup "base"
> and add relevant values to the hostgroup, he will not have the values in a nested hostgroup "base/nested"
>
> In this pull request I am changing that behavior, now "base/nested" will have the values of "base".
> It is, however, possible to override the values in "base/nested".
>
> This change is not backward compatible, I ask the list:
> 1. Do I need to add a new setting to turn this fix off?

Sounds like a good idea.

> 2. Can I have it on by default?

Yes, I would. We enabled param ENC support in 1.1 by default. A large
number of people use it and it was a very small number who it created
issues for, but they were able to switch it off.

> Names for the new settings are welcome too, all I could think of was way too long, see subject line

host_group_matchers_inheritance = true/false?

"When enabled, smart class parameter values will be inherited by child
host groups when matchers are used to match the parent."

I think setting names should be vaguely grammatical, so how about:
hostgroups_inherit_matchers

That could be host_groups, depending on how we decided the localisation
should be, ofc.

Greg