We do not support Kea yet, but I plan to write dnsmasq provider, I already have a prototype locally:
http://projects.theforeman.org/issues/13806 LZ On Wed, May 3, 2017 at 4:39 PM, Alvin Starr <[email protected]> wrote: > ArguablyISC DHCPis a little broken. > > I use dhcpd.hosts and also disable the "dhcpmanaged" flag. > In my environment which is somewhat developmental my foreman server can go > down for longish periods. > > For Foreman to interactwith ISC DHCP it really needs to be running on a > system under foreman's control. > To manage the DHCP server foreman uses omshell and /var/lib/dhcpd/*. > So foreman outages cause DHCP outages or re-addressing that gives my > firewall licensing problems. > > I took a kick at trying to use failover to manage my problem but it seems > that you need to add static leases to both servers using omapi and I wrote a > omshell wrapper script to talk to both servers but in the end I abandoned > this because it just seemed too delicate and there was no clean and clear > way to recover once a failover occurred. > > I have it working but I am not happy with the result. > Its just kind of clumsy. > > > If there were a nice wrapper for ISC that would make it remotely > administerable then it would be possible to have the DCHP server not reside > on the foreman server. > > I have not really looked at it but I wonder how well ISC Kea would work as a > DHCP server under foreman. > > > On 05/03/2017 07:25 AM, Lukas Zapletal wrote: >> >> The normal way our customers and users manage DHCP is simply using the >> default /etc/dhcp/dhcpd.hosts which is included from dhcpd.conf by >> default. This file is untouched by Foreman or Proxy. What is also >> recommended is to change installer flag "dhcp managed" to off so it >> won't overwrite the next run, this is important and bites every now >> and then. >> >> When making manual changes to DHCP keep in mind that foreman-proxy >> does parse dhcpd.conf and all includes and our parser is limited and >> does not understand full syntax of ISC DHCP. Recommended way is to >> check everytime a change is performed: >> >> #!/bin/bash >> curl -ks --cert /etc/foreman/client_cert.pem --key >> /etc/foreman/client_key.pem --cacert /etc/foreman/proxy_ca.pem >> https://$(hostname):9090/dhcp | json_reformat >> dhcpd -t -cf /etc/dhcp/dhcpd.conf >> >> This script prints out all subnets recognized and also verifies using >> ISC DHCP, you should see no errors or missing subnets from the JSON >> output. When our parser encounters a problem (e.g. nested curly braces >> in older versions of Foreman or other unknown statements), it simply >> drops an error message to the log and ignores the whole subnet. >> >> The script was initially published at >> https://access.redhat.com/solutions/2988341 >> >> The same goes for DNS, but I haven't created any kind of checking >> script. Also I recommend to turn off DNS management in the installer. >> If you create such a script please share it. >> >> I actually created a work item to add this kind of check into >> foreman-maintain: https://github.com/iNecas/foreman_maintain/issues/46 >> >> On Tue, May 2, 2017 at 3:06 PM, Alvin Starr <[email protected]> wrote: >>> >>> I have run into this problem also. >>> That and the Foreman installer jumping all over my dhcpd.conf and >>> shreading >>> it then flushing it down the toilet... Well I may be a bit overstating it >>> there. >>> >>> >>> You could use omshell which is part of the DHCP package. >>> >>> There is at lease 1 perl package that interfaces to omshell and you could >>> use to create a script to bundle your DNS and DHCP updates. >>> >>> On the other hand if you just create the DHCP address the DHCP server >>> will >>> populate your DNS when the lease is handed out. >>> That is provided that you have configured DHCP to do the DNS updates. >>> >>> Foreman could do with some hooks (forgive me if this exists already) to >>> an >>> external IPAM system. >>> >>> >>> >>> On 04/28/2017 01:55 PM, [email protected] wrote: >>> >>> I'm using Satellite 6.2. When you define a new host in sat6, it populates >>> dhcp and DNS, which is awesome. >>> >>> But what about things other than hosts? I have several non-RHEL systems, >>> and >>> several non-computer devices like routers which my office DNS and DHCP >>> need >>> to serve. >>> >>> What is the best/right way to add these systems to DNS and DHCP? >>> >>> To update DNS, I've been using: >>> >>> nsupdate -k /etc/rndc.conf forward.txt >>> nsupdate -k /etc/rndc.conf reverse.txt >>> >>> where forward.txt has entries like >>> >>> update add foo.xyz.lan 86400 A 172.31.100.36 >>> update add bar.xyz.lan 86400 A 172.31.100.37 >>> update add baz.xyz.lan 86400 A 172.31.100.38 >>> send >>> >>> and reverse.txt has entries like >>> >>> update add 36.100.31.172.in-addr.arpa 86400 PTR foo.xyz.lan. >>> update add 37.100.31.172.in-addr.arpa 86400 PTR bar.xyz.lan. >>> update add 38.100.31.172.in-addr.arpa 86400 PTR baz.xyz.lan. >>> send >>> >>> I am not sure what the best/right way to add static mappings to DHCP, >>> though. I am looking at "hammer host create," but I'm not actually >>> creating >>> hosts, so that feels heavy handed. Any ideas? >>> >>> Thanks! >>> Thomas >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> Alvin Starr || voice: (905)513-7688 >>> Netvel Inc. || Cell: (416)806-0133 >>> [email protected] || >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> > > -- > Alvin Starr || voice: (905)513-7688 > Netvel Inc. || Cell: (416)806-0133 > [email protected] || > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
