We have a zillion subnets

viwon · April 3, 2019, 6:53pm

Problem:
We have a zillion subnets in our global organization(only a slight exaggeration, its probably more like 1000). Granted not all of them will be used for provisioning but there are probably hundreds of places because we could be building Linux systems in almost every major city. And I REALLY don’t want to have to define each and every one of them.

At first I tried to just create a big 10.x.x.x/8 subnet. But then I realized that the systems will NOT get a default route!?

It seems very weird that even though a default route and DNS server(s) are shown as “optional” in the subnet definition screens, that there is no way to actually enter them when creating a new host and they can only come from pre-defined subnets.

Is there a way to enable editing of dns and default routes on the interface edit pages for a host?

Expected outcome:
Not have to define every single subnet in the org just to provide DNS and default routes to new systems.

Foreman and Proxy versions:
1.20.2

Foreman and Proxy plugin versions:

Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)

logs

TimoGoebel · April 3, 2019, 11:10pm

… what you could do is change the templates to get the data from host parameters. Foreman is pretty flexible, there is not a lot you cannot do with it. I’m not sure I would recommend such an approach, though.
What you probably want to do is get the subnets from your IPAM system and create them in Foreman via the API.

viwon · April 5, 2019, 5:28pm

Looks like I am going to write a script like suggested to suck them all out of our IPAM and try to keep the subnets in foreman in-sync with the IPAM. Biggest difficultly looks to be to somehow keep track of what subnets should also have which smart proxy associated them.

ekohl · April 5, 2019, 5:36pm

If the proxies are also the DHCP servers, you can import subnets from them. Perhaps it would be easier to start there and then compare to your IPAM?

lzap · April 8, 2019, 1:35pm

Smart proxy should be also in your IPAM, can you leverage some information from your IPAM software that would help them associating them? For example “data center” or “region” flag or whatever you use, then all subnets in the same data center will likely be accessible through the proxy.

Share the script with us, this sounds pretty useful.