Smart Proxy for provisioning - deployment with puppet

Hi there,

I am attempting to deploy a provisioning smart proxy using puppet. I have foreman and puppet (ca/master) installed on a machine, and I am working to create a Role/Profile deployment for additional provisioning smart proxies at remote locations using TheForeman’s puppet modules. Is the right forum for such a question? Should I go to the Github issue trackers for the modules instead?

Anyway, the question is basically about how I might be able to determine why the puppet-foreman_proxy module’s proxydhcp.pp isn’t applying a subnet declaration in /etc/dhcp/dhcpd.conf for me. The code is basically:

class profile::foreman::proxy {

  class { '::foreman_proxy':
    puppet                 => true,
    puppetca               => false,
    tftp                   => true,
    dhcp                   => true,
    dhcp_subnet            => "${facts['network']}/${facts['netmask']}",
    dhcp_gateway           => "${facts['network']}1",  ## the .1 address is always the gateway
    dhcp_search_domains    => $facts['domain'],
   #  <snip> some other not dhcp related parameters


The /etc/dhcp/dhcpd.conf file on the designated system has nothing after the include /etc/dhcp/dhcpd.hosts line. As a result, the dhcpd service fails to start with no dhcp subnets defined.

On a Foreman-Installer based smart-proxy, I don’t have any additional dhcp related params in the answer file that aren’t included in the puppet code above, and it functions as expected. The /etc/dhcp/dhcpd.conf file has a subnet declaration after the include /etc/dhcp/dhcpd.hosts line.

I’m trying to figure out what I’m missing, but making a puppet run with --debug is next to no help, because these pieces are part of template processing in the theforeman/dhcp module/resource that’s called from theforeman/puppet-foreman_proxy module.

Could anyone provide any insight? Thanks!

At a first glance, that looks correct. I would start with a test case using rspec-puppet:

describe 'profile::foreman::proxy' do
  # Uses
  on_supported_os.each do |os, facts|
    let (:facts) { facts.merge(domain: '') }
    it { contain_class('foreman_proxy::proxydhcp') }
    it { contain_class('dhcp') }
    it { contain_dhcp__pool('') }

While writing this example, it looks like you may be passing in incorrect values (for which we don’t have good types). The dhcp_subnet parameter doesn’t exist. There is dhcp_subnets, but that doesn’t affect the DHCP server config. What you probably intended was:

dhcp_network        => $facts['network'],
dhcp_netmask        => $facts['netmask'],
dhcp_search_domains => [$facts['domain']],

The dhcp_subnet param is actually used as dhcp_subnets in the code, the example was a retype, not a cut/paste, as my code is hosted in an isolated network. I specified that because the comments in the module suggest it makes things faster.

I have tried many iterations and none have worked. I had first attempted to not define any of the dhcp params beyond dhcp => true to see how much the modules would do with defaults. I will go back and reset using the minimal params you provide and see what happens.

An alternative approach is the more manual one: set dhcp_managed => false and include dhcp and dhcp::pool yourself. It gives you more control. foreman_proxy::proxydhcp (and foreman_proxy::proxydns) are weird classes because they’re more like profiles. Most of our modules just manage one piece of software and pull in something if needed by including the class without parameters. It also gives this one special subnet/domain where in reality we can manage any number of them. However, I don’t have a proper solution with how to replace this.

Ok, I think I’ve got this working now.

On a side note, a nice feature enhancement would be to add the ability to specify an NTP server, for the dhcp server to hand out as an option.