Project

General

Profile

Bug #14952

dhcp_isc not respecting the :subnets: settings anymore

Added by Daniel Gagnon almost 3 years ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Category:
DHCP
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

even though I have a subset of subnets in my settings file, it is loading all of them as seen in /var/log/foreman-proxy/proxy.log

this was working fine before updating to 1.11


Related issues

Related to Smart Proxy - Refactor #11081: Move DHCP providers to plugin-capable layoutClosed2015-07-10
Related to Smart Proxy - Feature #5712: ISC DHCP server times outClosed2014-05-14
Related to Smart Proxy - Bug #15143: DHCP :subnet: parameter no longer optionalDuplicate2016-05-23
Related to Smart Proxy - Bug #15240: Couldn't enable plugin dhcp: Parameter 'subnets' is expected to have a non-empty valueClosed2016-05-31

Associated revisions

Revision f9514f6a (diff)
Added by Dmitri Dolguikh almost 3 years ago

Fixes #14952 - isc_dhcp respects :subnets setting now.

History

#1 Updated by Daniel Gagnon almost 3 years ago

root@pxe-prod:~# cat /etc/foreman-proxy/settings.d/dhcp_isc.yml
---
:enabled: true
:server: 127.0.0.1
:omapi_port: 7911
:config: /etc/dhcp/dhcpd.conf
:leases: /var/lib/dhcp/dhcpd.leases
:key_name: omapi_key
:key_secret: <masked>
:subnets: [205.204.89.120/255.255.255.252, 67.212.69.224/255.255.255.224, 68.71.57.120/255.255.255.248, 67.212.68.184/255.255.255.248, 205.204.89.116/255.255.255.252, 205.204.89.172/255.255.255.252, 205.204.89.228/255.255.255.252, 205.204.89.188/255.255.255.252, 68.71.33.176/255.255.255.248, 205.204.89.212/255.255.255.252, 205.204.89.216/255.255.255.252, 205.204.89.220/255.255.255.252, 205.204.89.96/255.255.255.252, 205.204.89.194/255.255.255.252, 67.212.80.0/255.255.255.224, 205.204.89.198/255.255.255.252, 205.204.89.202/255.255.255.252, 205.204.89.204/255.255.255.252, 68.71.39.128/255.255.255.248, 205.204.89.208/255.255.255.252, 64.15.74.76/255.255.255.252, 67.212.91.0/255.255.255.0, 68.71.39.64/255.255.255.248, 67.212.81.64/255.255.255.224, 205.204.89.148/255.255.255.252, 68.71.44.8/255.255.255.248, 64.15.75.0/255.255.255.252, 209.44.107.48/255.255.255.240, 64.15.66.164/255.255.255.252, 64.15.69.108/255.255.255.252, 64.15.66.204/255.255.255.252, 68.71.39.104/255.255.255.248, 64.15.70.112/255.255.255.252, 67.212.71.16/255.255.255.240, 205.204.65.16/255.255.255.240, 68.71.44.200/255.255.255.248, 209.44.124.0/255.255.255.0, 10.35.21.0/255.255.255.0, 205.204.90.160/255.255.255.240, 67.212.79.128/255.255.255.224, 205.204.89.56/255.255.255.252, 67.212.82.68/255.255.255.252, 67.212.86.16/255.255.255.252]
==> /var/log/foreman-proxy/proxy.log <==
D, [2016-05-06T17:32:56.852598 #18556] DEBUG -- : Added a subnet: 64.15.73.160
D, [2016-05-06T17:32:56.961527 #18556] DEBUG -- : Added a subnet: 64.15.73.192
D, [2016-05-06T17:32:57.070610 #18556] DEBUG -- : Added a subnet: 64.15.74.0
D, [2016-05-06T17:32:57.152759 #18556] DEBUG -- : Added a subnet: 64.15.74.16
D, [2016-05-06T17:32:57.264099 #18556] DEBUG -- : Added a subnet: 64.15.74.24
D, [2016-05-06T17:32:57.346740 #18556] DEBUG -- : Added a subnet: 64.15.74.32
D, [2016-05-06T17:32:57.457066 #18556] DEBUG -- : Added a subnet: 64.15.74.40
D, [2016-05-06T17:32:57.566518 #18556] DEBUG -- : Added a subnet: 64.15.74.48
D, [2016-05-06T17:32:57.649548 #18556] DEBUG -- : Added a subnet: 64.15.74.56

#3 Updated by Dominic Cleal almost 3 years ago

  • Related to Refactor #11081: Move DHCP providers to plugin-capable layout added

#4 Updated by Dominic Cleal almost 3 years ago

#5 Updated by Dominic Cleal almost 3 years ago

  • Legacy Backlogs Release (now unused) set to 155

#6 Updated by Dmitri Dolguikh almost 3 years ago

After looking at the history of the feature, it appears that it was introduced purely due to performance-related issues. Are there any other considerations to keep it around (security issues, perhaps?). If not, I'd like to mention that https://github.com/theforeman/smart-proxy/pull/409 solves said issues for isc dhcpd, potentially making "subnets" option not very useful...

#7 Updated by Dmitri Dolguikh almost 3 years ago

  • Status changed from New to Need more information

#8 Updated by Dominic Cleal almost 3 years ago

While we may be able to remove it eventually, this is still a regression in 1.11 that should be fixed. The PR improving the speed isn't merged or released.

#9 Updated by Dmitri Dolguikh almost 3 years ago

  • Status changed from Need more information to Assigned
  • Assignee set to Dmitri Dolguikh

#10 Updated by The Foreman Bot almost 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/416 added

#11 Updated by Daniel Gagnon almost 3 years ago

The end goal is indeed to make loading faster / prevent timeouts. We have over 4k subnets and it takes like 30 minutes. https://github.com/theforeman/smart-proxy/pull/409 seems like it would achieve the same purpose, but I am not 100% sure as it seems like to be the parsing of the dhcpcd.conf file and not the lease file that takes up all the time.

If :subnets: is not usefull anymore, it should be removed from the default config files and documentation.

I second to keep the feature even if PR409 is applied. I can see it being usefull to ignore some ranges for setups with only one dhcp server.

#12 Updated by Daniel Gagnon almost 3 years ago

Applied https://github.com/theforeman/smart-proxy/pull/416 manually and it works / fixes my issue.

thanks

#13 Updated by Dmitri Dolguikh almost 3 years ago

Daniel -- if it is at all possible, it would be helpful if you could test https://github.com/theforeman/smart-proxy/pull/409 in your environment and report your experience either at http://projects.theforeman.org/issues/2687 or in the PR itself.

#14 Updated by Daniel Gagnon almost 3 years ago

Dmitri: I am running 1.11.1 , not develop. If you can provide a patch VS 1.11.1, I do not mind trying it.

#15 Updated by Daniel Gagnon almost 3 years ago

actually did run into an issue today, see the pastebin:

http://pastebin.com/RAU3KRJW

http://pastebin.com/NzpAMWTE

#16 Updated by Dmitri Dolguikh almost 3 years ago

Looks like 10.35.21.0 subnet is listed twice in the dhcpd.conf? Would you mind moving this conversation over to http://projects.theforeman.org/issues/2687?

#17 Updated by Daniel Gagnon almost 3 years ago

I have removed the duplicate subnet

Trying to delete the host: http://pastebin.com/PuqHvgiz

my issue is really with the setting not being applied. this has worked perfectly and is integrated into our production setting. we do not use IPAM, so no pinging and latency added to select the ip.

#18 Updated by Daniel Gagnon almost 3 years ago

Daniel Gagnon wrote:

Trying to delete the host: http://pastebin.com/PuqHvgiz

worked after trying a few times.

#19 Updated by Dmitri Dolguikh almost 3 years ago

You posted a fragment of foreman log, which doesn't show what caused the error on smart-proxy side.

#20 Updated by Daniel Gagnon almost 3 years ago

there was no error on the smart-proxy side as far as I can tell

#21 Updated by Anonymous almost 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#22 Updated by Konstantin Orekhov almost 3 years ago

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

#23 Updated by Dmitri Dolguikh almost 3 years ago

Konstantin Orekhov wrote:

Is negating of a subnet and regular expressions supported in :subnets" filter?

For example, if I wanted to exclude particular subnets w/o having to specify the ones I want, could I do this:

:subnets: [ !192.168.*.*/255.255.255.0 ]

OR this:

:subnets: [ !192.168.*.*/* ]

Another example is to exclude all subnets with a particular netmask:

:subnets: [ !*/255.255.255.252 ]

None of this is supported. The original intent of this feature was to improve performance, there's a PR for isc dhcpd that should make this setting irrelevant: https://github.com/theforeman/smart-proxy/pull/409.

#24 Updated by Dominic Cleal almost 3 years ago

  • Related to Bug #15143: DHCP :subnet: parameter no longer optional added

#25 Updated by Dominic Cleal almost 3 years ago

  • Related to Bug #15240: Couldn't enable plugin dhcp: Parameter 'subnets' is expected to have a non-empty value added

Also available in: Atom PDF