Bug #24146
closedForeman-Proxy DHCP ISC - DNS Search set wrong for multiple domains
Description
When setting the DHCP search domains in foreman-proxy, the values are being set incorrectly and causing the dhclient to reject the domain search.
Version: Foreman 1.16.2-1.el7
Summary
My configuration has three different domains that have to be searched so I set the Foreman-Proxy search domains to have that configured in the dhcpd.conf file, as expected. When testing against a host using the DHCP server on the Foreman host the dhclient on the host rejects the search being sent by DHCP since it not the expected format.
Details
Setting the dns-search:
# foreman-installer --foreman-proxy-dhcp-search-domains "mydomain.dick.jane.com","dick.net","jane.com"
Foreman Verbose Output:
+ option domain-search "mydomain.dick.jane.com,dick.net,jane.com";
Expected:
+ option domain-search "mydomain.dick.jane.com","dick.net","jane.com";
Diagnostics
With option domain-search "mydomain.dick.jane.com,dick.net,jane.com" set, the dhclient ignores the search options with the message:
dhclient[2951]: suspect value in domain_search option - discarded
Manually setting the options domain-search "mydomain.dick.jane.com","dick.net","jane.com" corrects the issue on the client, but each time foreman-install is run it reverts to the incorrect forem.
I searched through the various references to domain-search and domain_search under the /usr/share/foreman-installer/modules directory and found entries in /usr/share/foreman-installer/modules/dhcp/templates/dhcpd.pool.erb. When testing in irb this routine sets the parameters correctly.
<% if @search_domains and @search_domains.is_a? Array -%> option domain-search "<%= @search_domains.sort.join('", "') %>"; <% elsif @search_domains -%> option domain-search "<%= @search_domains.split(/[, ]+/).join('", "') %>"; <% end -%>
Tested in IRB
irb(main):014:0> search_domains = ['mydomain.dick.jane.com','dick.net','jane.com'] => ["mydomain.dick.jane.com", "dick.net", "jane.com"] irb(main):016:0> p search_domains.sort.join('", "') "dick.net\", \"jane.com\", \"mydomain.dick.jane.com" => "dick.net\", \"jane.com\", \"mydomain.dick.jane.com" irb(main):017:0> search_domains = "mydomain.dick.jane.com dick.net jane.com" => "mydomain.dick.jane.com dick.net jane.com" irb(main):018:0> p search_domains.split(/[, ]+/).join('", "') "mydomain.dick.jane.com\", \"dick.net\", \"jane.com" => "mydomain.dick.jane.com\", \"dick.net\", \"jane.com"
I haven't yet tracked down where foreman-proxy is setting this value to be the incorrect form:
"mydomain.dick.jane.com,dick.net,jane.com"
The only workaround I have found presently is to manually copy back in the dhcpd.conf backup file to change the settings to work correctly.
I am in the middle of a POC and can't upgrade to Foreman 1.17.1 at this time to see if the problem persists, but I didn't find any bug reports on this particular issue.
Files
Updated by James Perry over 6 years ago
Copy of the dhcpd.conf file created by foreman-installer with incorrect dns-search.
Updated by Peter Bray over 4 years ago
- Found in Releases 2.1.0 added
Greetings,
As a newbie to Foreman, I was able to reproduce this bug in Foreman 2.1.0rc1 on CentOS 8.1.
My workaround was to use the argument in form of:
--foreman-proxy-dhcp-search-domains 'sub1.example.com", "sub2.example.com'
Note: the balanced but odd use of double quotes within the single quotes ;-)
Which produced output:
option domain-search "sub1.example.com", "sub2.example.com";
This would suggest to me that the installer needs to be told a list of strings is valid, and give an appropriate example of how to provide such information on the command line.
Regards,
Peter
PS: The output is now inline with the sample from dhcp-options(5):
option domain-search domain-list;
The domain-search option specifies a ´search list´ of
Domain Names to be used by the client to locate not-fully-
qualified domain names. The difference between this option
and historic use of the domain-name option for the same
ends is that this option is encoded in RFC1035 compressed
labels on the wire. For example:
option domain-search "example.com", "sales.example.com",
"eng.example.com";
Updated by Peter Bray over 4 years ago
- Found in Releases deleted (
2.1.0)
False Alarm
I did say I was a foreman newbie, so sorry for the additional noise
The solution is simple: just use the option twice
sudo foreman-installer \ --foreman-proxy-dhcp-search-domains sub1.example.com \ --foreman-proxy-dhcp-search-domains sub2.example.com
I was confused by option being label in the plural, and didn't realise it could be specified twice.
Peter
Updated by Lukas Zapletal over 4 years ago
- Project changed from Smart Proxy to Installer
- Category set to External modules
- Status changed from New to Resolved
- Triaged changed from No to Yes