Project

General

Profile

Bug #24146

Foreman-Proxy DHCP ISC - DNS Search set wrong for multiple domains

Added by James Perry about 2 years ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
External modules
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

When setting the DHCP search domains in foreman-proxy, the values are being set incorrectly and causing the dhclient to reject the domain search.

Version: Foreman 1.16.2-1.el7

Summary
My configuration has three different domains that have to be searched so I set the Foreman-Proxy search domains to have that configured in the dhcpd.conf file, as expected. When testing against a host using the DHCP server on the Foreman host the dhclient on the host rejects the search being sent by DHCP since it not the expected format.

Details
Setting the dns-search:

# foreman-installer --foreman-proxy-dhcp-search-domains "mydomain.dick.jane.com","dick.net","jane.com" 

Foreman Verbose Output:

 +  option domain-search "mydomain.dick.jane.com,dick.net,jane.com"; 

Expected:

 +  option domain-search "mydomain.dick.jane.com","dick.net","jane.com"; 

Diagnostics
With option domain-search "mydomain.dick.jane.com,dick.net,jane.com" set, the dhclient ignores the search options with the message:

dhclient[2951]: suspect value in domain_search option - discarded

Manually setting the options domain-search "mydomain.dick.jane.com","dick.net","jane.com" corrects the issue on the client, but each time foreman-install is run it reverts to the incorrect forem.

I searched through the various references to domain-search and domain_search under the /usr/share/foreman-installer/modules directory and found entries in /usr/share/foreman-installer/modules/dhcp/templates/dhcpd.pool.erb. When testing in irb this routine sets the parameters correctly.

<% if @search_domains and @search_domains.is_a? Array -%>
option domain-search "<%= @search_domains.sort.join('", "') %>";
<% elsif @search_domains -%>
option domain-search "<%= @search_domains.split(/[, ]+/).join('", "') %>";
<% end -%>

Tested in IRB

irb(main):014:0> search_domains = ['mydomain.dick.jane.com','dick.net','jane.com'] => ["mydomain.dick.jane.com", "dick.net", "jane.com"]
irb(main):016:0> p search_domains.sort.join('", "') "dick.net\", \"jane.com\", \"mydomain.dick.jane.com" => "dick.net\", \"jane.com\", \"mydomain.dick.jane.com" 

irb(main):017:0> search_domains = "mydomain.dick.jane.com dick.net jane.com" => "mydomain.dick.jane.com dick.net jane.com" 
irb(main):018:0> p search_domains.split(/[, ]+/).join('", "') "mydomain.dick.jane.com\", \"dick.net\", \"jane.com" => "mydomain.dick.jane.com\", \"dick.net\", \"jane.com" 

I haven't yet tracked down where foreman-proxy is setting this value to be the incorrect form:

"mydomain.dick.jane.com,dick.net,jane.com"

The only workaround I have found presently is to manually copy back in the dhcpd.conf backup file to change the settings to work correctly.

I am in the middle of a POC and can't upgrade to Foreman 1.17.1 at this time to see if the problem persists, but I didn't find any bug reports on this particular issue.

dhcp.conf dhcp.conf 1.05 KB James Perry, 07/03/2018 01:15 PM

History

#1 Updated by James Perry about 2 years ago

Copy of the dhcpd.conf file created by foreman-installer with incorrect dns-search.

#2 Updated by Peter Bray 4 months ago

  • Found in Releases 2.1.0 added

Greetings,

As a newbie to Foreman, I was able to reproduce this bug in Foreman 2.1.0rc1 on CentOS 8.1.

My workaround was to use the argument in form of:
--foreman-proxy-dhcp-search-domains 'sub1.example.com", "sub2.example.com'

Note: the balanced but odd use of double quotes within the single quotes ;-)

Which produced output:
option domain-search "sub1.example.com", "sub2.example.com";

This would suggest to me that the installer needs to be told a list of strings is valid, and give an appropriate example of how to provide such information on the command line.

Regards,
Peter

PS: The output is now inline with the sample from dhcp-options(5):

option domain-search domain-list;
The domain-search  option  specifies  a  ┬┤search  list┬┤  of
Domain Names to be used by the client to locate not-fully-
qualified domain names. The difference between this option
and historic use of the domain-name option for the same
ends is that this option is encoded in RFC1035 compressed
labels on the wire. For example:
option domain-search "example.com", "sales.example.com",
"eng.example.com";

#3 Updated by Peter Bray 4 months ago

  • Found in Releases deleted (2.1.0)

False Alarm

I did say I was a foreman newbie, so sorry for the additional noise

The solution is simple: just use the option twice

sudo foreman-installer \
   --foreman-proxy-dhcp-search-domains sub1.example.com \
   --foreman-proxy-dhcp-search-domains sub2.example.com

I was confused by option being label in the plural, and didn't realise it could be specified twice.

Peter

#4 Updated by Lukas Zapletal 4 months ago

  • Triaged changed from No to Yes
  • Status changed from New to Resolved
  • Category set to External modules
  • Project changed from Smart Proxy to Installer

Also available in: Atom PDF