Smart-proxy for every subnet you build on?

I am using Foreman 1.16.

I am trying to setup a smart proxy to be able to build on more than one subnet. So that during creation time the user selects the subnet to use and then the IP assigned during kickstart is from that subnet. Part of that configuration process was to manually add the subnet to /etc/dhcp/dhcpd.conf.

What seems to happen tho is the smart-proxy assigns space from the primary subnet configured (via dhcp).

Do I need to run a smart-proxy PER subnet or am I just missing a configuration option to allow this?

Can’t edit bloody subject “Smart-proxy for every SUBNET you build on?”

No that is not needed.
I have a config block per subnet in my dhcpd.conf and a corresponding
subnet in Foreman. I generated the first one with help of the setup
wizard in foreman and then cloned that part in my dhcpd.conf and for the
DNS the same procedure.
The proxy should be able to import the subnets from the dhcp service.

Regards,

Joop

Hum, thats sounds exactly like what I did. I copy/pasted the subnet block and added it to the dhcpd.conf, and restarted dhcpd. This is the bit I copied:

subnet XXX.XXX.XXX.0 netmask 255.255.255.0 {
  pool
  {
    range XXX.XXX.XXX.2 XXX.XXX.XXX.255;
  }
  option subnet-mask 255.255.255.0;
  option routers XXX.XXX.XXX.1;
}

Then I added the subnet to Foreman via the gui.

Done.
We don’t allow users editing their posts after 5 minutes since at that time emails have gone out to people who follow the discussion only by e-mail and we don’t want them to miss changes, so only moderators can edit posts (and we normally only do that to add tags or fix formatting issues on the web version).

1 Like

I’m running a similar setup with multiple subnet and it works fine. Don’t forget to restart dhcpd after editing the config file.
Once defined the subnet in Foreman you will be able to use for your deployment.
On the Network side you will also have to define an IP Helper address for DHCP request that targets to your dhcp server or you deployed server will not get any address, this should be configured on your router, another solution is to use a dhcp proxy in your subnet.

regards,
Arsène

I did restart dhcpd, foreman, foreman-proxy. I shouldn’t need a “IP helper address” as this subnet is on the same vlan as the other unless I am missing something? The devices to build are also within that vlan.

These are not the real ips but an example of how the host is configured:

Vlan1001:
10.10.0.0/24
10.20.0.0/24

smart-proxy
eth0: 10.10.0.10
dhcp/subnet1: 10.10.0.0/24
dhcp/subnet2: 10.20.0.0/24

Both subnets configured in foreman. When building a host using subnet2 on it’s sole interface the ip given is from subnet1.

I’ll dig deeper into IP helper to make sure I’m not missing something.

Do you have a gateway for each subnet? If this is the case you will need either an IP Helper Address or a dhcp proxy.
I’m not sure if this is possible to have 2 subnet on the same VLAN…

Would it be possible for you to try with an additional interface on the smart-proxy to have both subnet connected?

Okay, so I poked around in the /var/lib/dhcpd/dhcpd.leases file during my test and it has the correct IP listed there but DHCP is not giving it that.

host some.host.name.com {
  dynamic;
  hardware ethernet 00:50:56:84:XX:XX;
  fixed-address 10.20.0.8;
        supersede server.filename = "pxelinux.0";
        supersede server.next-server = c6:40:48:0a;
        supersede host-name = "some.host.name.com";
}

Instead of giving it 10.20.0.8 it gives it an IP that is next available in the 10.10.0.X subnet. Which seems odd because that config show it should get a fixed address 10.20.0.8.

I can’t look at my foreman config at the moment so this is from memory.
I think you need to edit the subnet within FM and set the proxy to use
with that subnet. I’ll try to give a better description when I can get
at my cluster with FM later today, if still needed.

Joop

Yeap, I’ve got the subnet2 within Foreman setup to use the smart-proxy for dhcp and tftp.

The leases file is append-only, are you sure you dont have this below your record:

host some.host.name.com {
  deleted;
}

This actually removes the entry from memory. From time to time, ISC DHCP “squashes” the file.

What we see quite often is running two DHCP server instances on one subnet, therefore Foreman-managed one is ignored. You can enforce it using authoritative option in dhcpd.conf IIRC.

You need to use either a dhcp helper on your gateway or tell the dhcp server about your network topology with the shared-network stanza.

There is a serverfault discussion here regarding this topic and the need for a dhcp helper on the gateway between the subnets: https://serverfault.com/questions/210591/configuring-a-dhcp-server-to-serve-multiple-subnets-on-the-same-vlan

If you do not want to deploy a dhcp helper, confer with ISC: https://www.isc.org/wp-content/uploads/2017/08/dhcp41conf.html#REFERENCE:%20DECLARATIONS

1 Like

I don’t understand well, please help me:

  1. Could Foreman create several subnets themselves or I need to edit the file manually?

  2. Could Foreman manage different IP subnets on the different L2 segments, routed to the Foreman for DHCP service through the DHCP-helpers?

  1. Our installer only sets one subnet for you, you can add more via hiera options. Foreman itself does manage the subnets, but is unable to add new subnets, you need to do this via puppet or manually.

  2. Foreman can manage as many subnets as possible, for each subnet you can associate one or zero DHCP servers that will be used to send managements commands (create or delete IP reservation).

1 Like

Sounds sad :’(

I might be off base here, but in my experience with people new to Foreman, there’s a disconnect between Foreman Subnets and DHCP Subnets. It seems like people assume that if you go into Foreman and create a subnet, it will magically be configured on a DHCP server somewhere. Is that what’s happening here?

Foreman Subnets are really just Data inside Foreman. They’re either imported from the smart proxy(s) or manually defined in Foreman’s UI. They do not translate into actual DHCP server configuration. In fact, it took my a while to grasp this - the IP Range data in a Foreman Subnet is not intended to be a dynamic DHCP scope. It is simply the range of IP addresses that Foreman uses to assign Static Leases for provisioning from. It probably should not overlap or match up to any dynamic scopes you have configured in your DHCP server for that subnet.

DHCP Subnets, on the other hand, are configured in your DHCP server software. As Lukas mentions, the Foreman Installer can configure simple subnets on a DHCP server, by the various arguments and hiera data it can use. Lukas can correct me, but I do not think it can setup more complex DHCP configurations with many subnets, options and dynamic scopes. I believe even the OP’s configuration would be out of scope for the Foreman Installer. The OP didn’t reply about how he ended up configuring his DHCP server or subnet router’s dhcp_helper to understand that two IP subnets exist in the same VLAN. But it seemed to me that his problem had little to do with Foreman.

2 Likes

I’ve not replied mainly because I’m still working out how best to resolve the problem. I’m aware foreman doesn’t deal with complex DHCP configurations itself… which was why I came here to ask how others had done it. I’ve consulted with my ip-eng colleagues about various points made in the thread and it’s more complex than just “dhcp helper ip” configurations unfortunately.

You are right this is not a “foreman configured problem”, this is a issue with DHCP. However even with a working dhcp configuration I could not get pxe boots to get the proper space tho after that they did.

I was hoping the solution would be easily resolved but it’s not. I’ve got about 10 other projects right now so it’s been something I’ve just been reading and tweaking in the meantime.

1 Like

:grin: Hi @Mike_Wilson, I didn’t mean to call you out for not replying… it was just that @mmalchuk jumped in and might have confused the topic a bit…for me at least :rofl:

Excellent analysis, thanks. I will add to that that the scope of features is mainly limited by the ISC DHCP API (called OMAPI - https://en.wikipedia.org/wiki/OMAPI) and we designed our DHCP API around that. It is technically possible to extend our API to add a subnet, but this would need to actually write dhcpd.conf and there are many reasons to avoid that, from security over puppetization of DHCP configuration to 3rd party DHCP plugins. I think it’s better to have small and clean API doing the job nicely than complex API with many plugins not implementing some features.

We are open to suggestions or improvements tho. We have a plugin provision_setup which is little bit outdated now which helped with initial provisioning configuration, maybe it’s just better documentation or something else that could help newcomers to understand this concept. If we agree that three sentences on Subnet page would explain things, let’s find them and add them. Or maybe a dashboard “welcome” or “new to foreman” could do the job. Honestly, the idea of built-in super short but good enough manual as a dashboard widget is something I have in my mind for a long time - it’s just difficult to write the content, it must be excellently written to be able to convince our community we need that (because the obvious concern is - we have our manual).