Bug #14952
closed
dhcp_isc not respecting the :subnets: settings anymore
Description
even though I have a subset of subnets in my settings file, it is loading all of them as seen in /var/log/foreman-proxy/proxy.log
this was working fine before updating to 1.11
Updated by Daniel Gagnon almost 8 years ago
root@pxe-prod:~# cat /etc/foreman-proxy/settings.d/dhcp_isc.yml --- :enabled: true :server: 127.0.0.1 :omapi_port: 7911 :config: /etc/dhcp/dhcpd.conf :leases: /var/lib/dhcp/dhcpd.leases :key_name: omapi_key :key_secret: <masked> :subnets: [205.204.89.120/255.255.255.252, 67.212.69.224/255.255.255.224, 68.71.57.120/255.255.255.248, 67.212.68.184/255.255.255.248, 205.204.89.116/255.255.255.252, 205.204.89.172/255.255.255.252, 205.204.89.228/255.255.255.252, 205.204.89.188/255.255.255.252, 68.71.33.176/255.255.255.248, 205.204.89.212/255.255.255.252, 205.204.89.216/255.255.255.252, 205.204.89.220/255.255.255.252, 205.204.89.96/255.255.255.252, 205.204.89.194/255.255.255.252, 67.212.80.0/255.255.255.224, 205.204.89.198/255.255.255.252, 205.204.89.202/255.255.255.252, 205.204.89.204/255.255.255.252, 68.71.39.128/255.255.255.248, 205.204.89.208/255.255.255.252, 64.15.74.76/255.255.255.252, 67.212.91.0/255.255.255.0, 68.71.39.64/255.255.255.248, 67.212.81.64/255.255.255.224, 205.204.89.148/255.255.255.252, 68.71.44.8/255.255.255.248, 64.15.75.0/255.255.255.252, 209.44.107.48/255.255.255.240, 64.15.66.164/255.255.255.252, 64.15.69.108/255.255.255.252, 64.15.66.204/255.255.255.252, 68.71.39.104/255.255.255.248, 64.15.70.112/255.255.255.252, 67.212.71.16/255.255.255.240, 205.204.65.16/255.255.255.240, 68.71.44.200/255.255.255.248, 209.44.124.0/255.255.255.0, 10.35.21.0/255.255.255.0, 205.204.90.160/255.255.255.240, 67.212.79.128/255.255.255.224, 205.204.89.56/255.255.255.252, 67.212.82.68/255.255.255.252, 67.212.86.16/255.255.255.252]
==> /var/log/foreman-proxy/proxy.log <== D, [2016-05-06T17:32:56.852598 #18556] DEBUG -- : Added a subnet: 64.15.73.160 D, [2016-05-06T17:32:56.961527 #18556] DEBUG -- : Added a subnet: 64.15.73.192 D, [2016-05-06T17:32:57.070610 #18556] DEBUG -- : Added a subnet: 64.15.74.0 D, [2016-05-06T17:32:57.152759 #18556] DEBUG -- : Added a subnet: 64.15.74.16 D, [2016-05-06T17:32:57.264099 #18556] DEBUG -- : Added a subnet: 64.15.74.24 D, [2016-05-06T17:32:57.346740 #18556] DEBUG -- : Added a subnet: 64.15.74.32 D, [2016-05-06T17:32:57.457066 #18556] DEBUG -- : Added a subnet: 64.15.74.40 D, [2016-05-06T17:32:57.566518 #18556] DEBUG -- : Added a subnet: 64.15.74.48 D, [2016-05-06T17:32:57.649548 #18556] DEBUG -- : Added a subnet: 64.15.74.56
Updated by Daniel Gagnon almost 8 years ago
original implementation: https://github.com/theforeman/smart-proxy/pull/158
Updated by Dominic Cleal almost 8 years ago
- Related to Refactor #11081: Move DHCP providers to plugin-capable layout added
Updated by Dominic Cleal almost 8 years ago
- Related to Feature #5712: ISC DHCP server times out added
Updated by Dominic Cleal almost 8 years ago
- translation missing: en.field_release set to 155
Updated by Anonymous almost 8 years ago
After looking at the history of the feature, it appears that it was introduced purely due to performance-related issues. Are there any other considerations to keep it around (security issues, perhaps?). If not, I'd like to mention that https://github.com/theforeman/smart-proxy/pull/409 solves said issues for isc dhcpd, potentially making "subnets" option not very useful...
Updated by Anonymous almost 8 years ago
- Status changed from New to Need more information
Updated by Dominic Cleal almost 8 years ago
While we may be able to remove it eventually, this is still a regression in 1.11 that should be fixed. The PR improving the speed isn't merged or released.
Updated by Anonymous almost 8 years ago
- Status changed from Need more information to Assigned
- Assignee set to Anonymous
Updated by The Foreman Bot almost 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/416 added
Updated by Daniel Gagnon almost 8 years ago
The end goal is indeed to make loading faster / prevent timeouts. We have over 4k subnets and it takes like 30 minutes. https://github.com/theforeman/smart-proxy/pull/409 seems like it would achieve the same purpose, but I am not 100% sure as it seems like to be the parsing of the dhcpcd.conf file and not the lease file that takes up all the time.
If :subnets: is not usefull anymore, it should be removed from the default config files and documentation.
I second to keep the feature even if PR409 is applied. I can see it being usefull to ignore some ranges for setups with only one dhcp server.
Updated by Daniel Gagnon almost 8 years ago
Applied https://github.com/theforeman/smart-proxy/pull/416 manually and it works / fixes my issue.
thanks
Updated by Anonymous almost 8 years ago
Daniel -- if it is at all possible, it would be helpful if you could test https://github.com/theforeman/smart-proxy/pull/409 in your environment and report your experience either at http://projects.theforeman.org/issues/2687 or in the PR itself.
Updated by Daniel Gagnon almost 8 years ago
Dmitri: I am running 1.11.1 , not develop. If you can provide a patch VS 1.11.1, I do not mind trying it.
Updated by Daniel Gagnon almost 8 years ago
actually did run into an issue today, see the pastebin:
Updated by Anonymous almost 8 years ago
Looks like 10.35.21.0 subnet is listed twice in the dhcpd.conf? Would you mind moving this conversation over to http://projects.theforeman.org/issues/2687?
Updated by Daniel Gagnon almost 8 years ago
I have removed the duplicate subnet
Trying to delete the host: http://pastebin.com/PuqHvgiz
my issue is really with the setting not being applied. this has worked perfectly and is integrated into our production setting. we do not use IPAM, so no pinging and latency added to select the ip.
Updated by Daniel Gagnon almost 8 years ago
Daniel Gagnon wrote:
Trying to delete the host: http://pastebin.com/PuqHvgiz
worked after trying a few times.
Updated by Anonymous almost 8 years ago
You posted a fragment of foreman log, which doesn't show what caused the error on smart-proxy side.
Updated by Daniel Gagnon almost 8 years ago
there was no error on the smart-proxy side as far as I can tell
Updated by Anonymous almost 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset f9514f6a464a35317d5f2510434fa59aa4cf8ebb.
Updated by Konstantin Orekhov almost 8 years ago
Is negating of a subnet and regular expressions supported in :subnets" filter?
For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:
:subnets: [ !192.168.*.*/255.255.255.0 ]
OR this:
:subnets: [ !192.168.*.*/* ]
Another example is to exclude all subnets with a particular netmask:
:subnets: [ !*/255.255.255.252 ]
Updated by Anonymous almost 8 years ago
Konstantin Orekhov wrote:
Is negating of a subnet and regular expressions supported in :subnets" filter?
For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:
:subnets: [ !192.168.*.*/255.255.255.0 ]
OR this:
:subnets: [ !192.168.*.*/* ]
Another example is to exclude all subnets with a particular netmask:
:subnets: [ !*/255.255.255.252 ]
None of this is supported. The original intent of this feature was to improve performance, there's a PR for isc dhcpd that should make this setting irrelevant: https://github.com/theforeman/smart-proxy/pull/409.
Updated by Dominic Cleal almost 8 years ago
- Related to Bug #15143: DHCP :subnet: parameter no longer optional added
Updated by Dominic Cleal almost 8 years ago
- Related to Bug #15240: Couldn't enable plugin dhcp: Parameter 'subnets' is expected to have a non-empty value added