Project

General

Profile

Actions

Bug #14952

closed

dhcp_isc not respecting the :subnets: settings anymore

Added by Daniel Gagnon about 8 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
DHCP
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

even though I have a subset of subnets in my settings file, it is loading all of them as seen in /var/log/foreman-proxy/proxy.log

this was working fine before updating to 1.11


Related issues 4 (0 open4 closed)

Related to Smart Proxy - Refactor #11081: Move DHCP providers to plugin-capable layoutClosed07/10/2015Actions
Related to Smart Proxy - Feature #5712: ISC DHCP server times outClosedJimmi Dyson05/14/2014Actions
Related to Smart Proxy - Bug #15143: DHCP :subnet: parameter no longer optionalDuplicate05/23/2016Actions
Related to Smart Proxy - Bug #15240: Couldn't enable plugin dhcp: Parameter 'subnets' is expected to have a non-empty valueClosed05/31/2016Actions
Actions #1

Updated by Daniel Gagnon about 8 years ago

root@pxe-prod:~# cat /etc/foreman-proxy/settings.d/dhcp_isc.yml
---
:enabled: true
:server: 127.0.0.1
:omapi_port: 7911
:config: /etc/dhcp/dhcpd.conf
:leases: /var/lib/dhcp/dhcpd.leases
:key_name: omapi_key
:key_secret: <masked>
:subnets: [205.204.89.120/255.255.255.252, 67.212.69.224/255.255.255.224, 68.71.57.120/255.255.255.248, 67.212.68.184/255.255.255.248, 205.204.89.116/255.255.255.252, 205.204.89.172/255.255.255.252, 205.204.89.228/255.255.255.252, 205.204.89.188/255.255.255.252, 68.71.33.176/255.255.255.248, 205.204.89.212/255.255.255.252, 205.204.89.216/255.255.255.252, 205.204.89.220/255.255.255.252, 205.204.89.96/255.255.255.252, 205.204.89.194/255.255.255.252, 67.212.80.0/255.255.255.224, 205.204.89.198/255.255.255.252, 205.204.89.202/255.255.255.252, 205.204.89.204/255.255.255.252, 68.71.39.128/255.255.255.248, 205.204.89.208/255.255.255.252, 64.15.74.76/255.255.255.252, 67.212.91.0/255.255.255.0, 68.71.39.64/255.255.255.248, 67.212.81.64/255.255.255.224, 205.204.89.148/255.255.255.252, 68.71.44.8/255.255.255.248, 64.15.75.0/255.255.255.252, 209.44.107.48/255.255.255.240, 64.15.66.164/255.255.255.252, 64.15.69.108/255.255.255.252, 64.15.66.204/255.255.255.252, 68.71.39.104/255.255.255.248, 64.15.70.112/255.255.255.252, 67.212.71.16/255.255.255.240, 205.204.65.16/255.255.255.240, 68.71.44.200/255.255.255.248, 209.44.124.0/255.255.255.0, 10.35.21.0/255.255.255.0, 205.204.90.160/255.255.255.240, 67.212.79.128/255.255.255.224, 205.204.89.56/255.255.255.252, 67.212.82.68/255.255.255.252, 67.212.86.16/255.255.255.252]
==> /var/log/foreman-proxy/proxy.log <==
D, [2016-05-06T17:32:56.852598 #18556] DEBUG -- : Added a subnet: 64.15.73.160
D, [2016-05-06T17:32:56.961527 #18556] DEBUG -- : Added a subnet: 64.15.73.192
D, [2016-05-06T17:32:57.070610 #18556] DEBUG -- : Added a subnet: 64.15.74.0
D, [2016-05-06T17:32:57.152759 #18556] DEBUG -- : Added a subnet: 64.15.74.16
D, [2016-05-06T17:32:57.264099 #18556] DEBUG -- : Added a subnet: 64.15.74.24
D, [2016-05-06T17:32:57.346740 #18556] DEBUG -- : Added a subnet: 64.15.74.32
D, [2016-05-06T17:32:57.457066 #18556] DEBUG -- : Added a subnet: 64.15.74.40
D, [2016-05-06T17:32:57.566518 #18556] DEBUG -- : Added a subnet: 64.15.74.48
D, [2016-05-06T17:32:57.649548 #18556] DEBUG -- : Added a subnet: 64.15.74.56
Actions #3

Updated by Dominic Cleal about 8 years ago

  • Related to Refactor #11081: Move DHCP providers to plugin-capable layout added
Actions #4

Updated by Dominic Cleal about 8 years ago

Actions #5

Updated by Dominic Cleal about 8 years ago

  • Translation missing: en.field_release set to 155
Actions #6

Updated by Anonymous about 8 years ago

After looking at the history of the feature, it appears that it was introduced purely due to performance-related issues. Are there any other considerations to keep it around (security issues, perhaps?). If not, I'd like to mention that https://github.com/theforeman/smart-proxy/pull/409 solves said issues for isc dhcpd, potentially making "subnets" option not very useful...

Actions #7

Updated by Anonymous about 8 years ago

  • Status changed from New to Need more information
Actions #8

Updated by Dominic Cleal about 8 years ago

While we may be able to remove it eventually, this is still a regression in 1.11 that should be fixed. The PR improving the speed isn't merged or released.

Actions #9

Updated by Anonymous about 8 years ago

  • Status changed from Need more information to Assigned
  • Assignee set to Anonymous
Actions #10

Updated by The Foreman Bot about 8 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/416 added
Actions #11

Updated by Daniel Gagnon about 8 years ago

The end goal is indeed to make loading faster / prevent timeouts. We have over 4k subnets and it takes like 30 minutes. https://github.com/theforeman/smart-proxy/pull/409 seems like it would achieve the same purpose, but I am not 100% sure as it seems like to be the parsing of the dhcpcd.conf file and not the lease file that takes up all the time.

If :subnets: is not usefull anymore, it should be removed from the default config files and documentation.

I second to keep the feature even if PR409 is applied. I can see it being usefull to ignore some ranges for setups with only one dhcp server.

Actions #12

Updated by Daniel Gagnon about 8 years ago

Applied https://github.com/theforeman/smart-proxy/pull/416 manually and it works / fixes my issue.

thanks

Actions #13

Updated by Anonymous about 8 years ago

Daniel -- if it is at all possible, it would be helpful if you could test https://github.com/theforeman/smart-proxy/pull/409 in your environment and report your experience either at http://projects.theforeman.org/issues/2687 or in the PR itself.

Actions #14

Updated by Daniel Gagnon about 8 years ago

Dmitri: I am running 1.11.1 , not develop. If you can provide a patch VS 1.11.1, I do not mind trying it.

Actions #15

Updated by Daniel Gagnon about 8 years ago

actually did run into an issue today, see the pastebin:

http://pastebin.com/RAU3KRJW

http://pastebin.com/NzpAMWTE

Actions #16

Updated by Anonymous about 8 years ago

Looks like 10.35.21.0 subnet is listed twice in the dhcpd.conf? Would you mind moving this conversation over to http://projects.theforeman.org/issues/2687?

Actions #17

Updated by Daniel Gagnon about 8 years ago

I have removed the duplicate subnet

Trying to delete the host: http://pastebin.com/PuqHvgiz

my issue is really with the setting not being applied. this has worked perfectly and is integrated into our production setting. we do not use IPAM, so no pinging and latency added to select the ip.

Actions #18

Updated by Daniel Gagnon about 8 years ago

Daniel Gagnon wrote:

Trying to delete the host: http://pastebin.com/PuqHvgiz

worked after trying a few times.

Actions #19

Updated by Anonymous about 8 years ago

You posted a fragment of foreman log, which doesn't show what caused the error on smart-proxy side.

Actions #20

Updated by Daniel Gagnon about 8 years ago

there was no error on the smart-proxy side as far as I can tell

Actions #21

Updated by Anonymous about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #22

Updated by Konstantin Orekhov about 8 years ago

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

Actions #23

Updated by Anonymous about 8 years ago

Konstantin Orekhov wrote:

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

None of this is supported. The original intent of this feature was to improve performance, there's a PR for isc dhcpd that should make this setting irrelevant: https://github.com/theforeman/smart-proxy/pull/409.

Actions #24

Updated by Dominic Cleal about 8 years ago

  • Related to Bug #15143: DHCP :subnet: parameter no longer optional added
Actions #25

Updated by Dominic Cleal about 8 years ago

  • Related to Bug #15240: Couldn't enable plugin dhcp: Parameter 'subnets' is expected to have a non-empty value added
Actions

Also available in: Atom PDF