Foreman » Smart Proxy

root@pxe-prod:~# cat /etc/foreman-proxy/settings.d/dhcp_isc.yml
---
:enabled: true
:server: 127.0.0.1
:omapi_port: 7911
:config: /etc/dhcp/dhcpd.conf
:leases: /var/lib/dhcp/dhcpd.leases
:key_name: omapi_key
:key_secret: <masked>
:subnets: [205.204.89.120/255.255.255.252, 67.212.69.224/255.255.255.224, 68.71.57.120/255.255.255.248, 67.212.68.184/255.255.255.248, 205.204.89.116/255.255.255.252, 205.204.89.172/255.255.255.252, 205.204.89.228/255.255.255.252, 205.204.89.188/255.255.255.252, 68.71.33.176/255.255.255.248, 205.204.89.212/255.255.255.252, 205.204.89.216/255.255.255.252, 205.204.89.220/255.255.255.252, 205.204.89.96/255.255.255.252, 205.204.89.194/255.255.255.252, 67.212.80.0/255.255.255.224, 205.204.89.198/255.255.255.252, 205.204.89.202/255.255.255.252, 205.204.89.204/255.255.255.252, 68.71.39.128/255.255.255.248, 205.204.89.208/255.255.255.252, 64.15.74.76/255.255.255.252, 67.212.91.0/255.255.255.0, 68.71.39.64/255.255.255.248, 67.212.81.64/255.255.255.224, 205.204.89.148/255.255.255.252, 68.71.44.8/255.255.255.248, 64.15.75.0/255.255.255.252, 209.44.107.48/255.255.255.240, 64.15.66.164/255.255.255.252, 64.15.69.108/255.255.255.252, 64.15.66.204/255.255.255.252, 68.71.39.104/255.255.255.248, 64.15.70.112/255.255.255.252, 67.212.71.16/255.255.255.240, 205.204.65.16/255.255.255.240, 68.71.44.200/255.255.255.248, 209.44.124.0/255.255.255.0, 10.35.21.0/255.255.255.0, 205.204.90.160/255.255.255.240, 67.212.79.128/255.255.255.224, 205.204.89.56/255.255.255.252, 67.212.82.68/255.255.255.252, 67.212.86.16/255.255.255.252]

==> /var/log/foreman-proxy/proxy.log <==
D, [2016-05-06T17:32:56.852598 #18556] DEBUG -- : Added a subnet: 64.15.73.160
D, [2016-05-06T17:32:56.961527 #18556] DEBUG -- : Added a subnet: 64.15.73.192
D, [2016-05-06T17:32:57.070610 #18556] DEBUG -- : Added a subnet: 64.15.74.0
D, [2016-05-06T17:32:57.152759 #18556] DEBUG -- : Added a subnet: 64.15.74.16
D, [2016-05-06T17:32:57.264099 #18556] DEBUG -- : Added a subnet: 64.15.74.24
D, [2016-05-06T17:32:57.346740 #18556] DEBUG -- : Added a subnet: 64.15.74.32
D, [2016-05-06T17:32:57.457066 #18556] DEBUG -- : Added a subnet: 64.15.74.40
D, [2016-05-06T17:32:57.566518 #18556] DEBUG -- : Added a subnet: 64.15.74.48
D, [2016-05-06T17:32:57.649548 #18556] DEBUG -- : Added a subnet: 64.15.74.56

original implementation: https://github.com/theforeman/smart-proxy/pull/158

After looking at the history of the feature, it appears that it was introduced purely due to performance-related issues. Are there any other considerations to keep it around (security issues, perhaps?). If not, I'd like to mention that https://github.com/theforeman/smart-proxy/pull/409 solves said issues for isc dhcpd, potentially making "subnets" option not very useful...

While we may be able to remove it eventually, this is still a regression in 1.11 that should be fixed. The PR improving the speed isn't merged or released.

The end goal is indeed to make loading faster / prevent timeouts. We have over 4k subnets and it takes like 30 minutes. https://github.com/theforeman/smart-proxy/pull/409 seems like it would achieve the same purpose, but I am not 100% sure as it seems like to be the parsing of the dhcpcd.conf file and not the lease file that takes up all the time.

If :subnets: is not usefull anymore, it should be removed from the default config files and documentation.

I second to keep the feature even if PR409 is applied. I can see it being usefull to ignore some ranges for setups with only one dhcp server.

Applied https://github.com/theforeman/smart-proxy/pull/416 manually and it works / fixes my issue.

thanks

Daniel -- if it is at all possible, it would be helpful if you could test https://github.com/theforeman/smart-proxy/pull/409 in your environment and report your experience either at http://projects.theforeman.org/issues/2687 or in the PR itself.

Dmitri: I am running 1.11.1 , not develop. If you can provide a patch VS 1.11.1, I do not mind trying it.

actually did run into an issue today, see the pastebin:

http://pastebin.com/RAU3KRJW

http://pastebin.com/NzpAMWTE

Looks like 10.35.21.0 subnet is listed twice in the dhcpd.conf? Would you mind moving this conversation over to http://projects.theforeman.org/issues/2687?

I have removed the duplicate subnet

Trying to delete the host: http://pastebin.com/PuqHvgiz

my issue is really with the setting not being applied. this has worked perfectly and is integrated into our production setting. we do not use IPAM, so no pinging and latency added to select the ip.

Daniel Gagnon wrote:

Trying to delete the host: http://pastebin.com/PuqHvgiz

worked after trying a few times.

You posted a fragment of foreman log, which doesn't show what caused the error on smart-proxy side.

there was no error on the smart-proxy side as far as I can tell

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

Konstantin Orekhov wrote:

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

None of this is supported. The original intent of this feature was to improve performance, there's a PR for isc dhcpd that should make this setting irrelevant: https://github.com/theforeman/smart-proxy/pull/409.