Foreman Proxy libvirt DHCP and DNS providers

This content is now covered in the foreman manual section General Foreman - Smart Proxies - Libvirt.

Since 2013, it is possible to modify libvirt network settings using virsh commands, either on live instance or permanent configuration (or both) thanks to this patch

Foreman version 1.4 or later, Foreman Proxy respectively, contains DHCP and DNS providers called virsh that communicates with libvirt via virsh command. This is excellent for development setup. With simple
steps, one can configure full provisioning on a box with libvirt. This setup is not meant for production.

In this howto, we will show how to configure machine with livirt foreman proxy providers.

We are using default libvirt installation without any changes. First, let's define TFTP root. Edit "default" virtual network and add 'tftp', 'bootp' and 'domain' elements.

     <forward mode='nat'/>
     <bridge name='virbr0' stp='on' delay='0' />
     <domain name="local.lan"/>
     <mac address='52:54:00:a6:01:5d'/>
     <ip address='' netmask=''>
       <tftp root='/var/tftpboot' />
         <range start='' end='' />
         <bootp file='pxelinux.0' server='' />

Make sure you restart the network with: virsh net-restart default.

Create a tftpboot directory, make sure it is accessible for account dnsmasq is running on (in Fedora this is nobody), set gid flag for newly copied files and copy necessary files to the new TFTP root directory:

    mkdir -p /var/tftpboot/{boot,pxelinux.cfg}
    yum -y install syslinux
    cp /usr/share/syslinux/{pxelinux.0,menu.c32,chain.c32,ldlinux.c32} /var/tftpboot
    chgrp -R nobody /var/tftpboot
    find /var/tftpboot/ -type d | xargs chmod g+s

Configure smart-proxy:

  • enable tftp
  • set correct tftp boot and set explicit tftp_servername
  • enable dns virsh provider
  • enable dhcp virsh provider
  • check virsh_network name ('default')

Important configuration values:

    :tftp: true
    :tftproot: /var/tftpboot
    :dns: true
    :dns_provider: virsh
    :dhcp: true
    :dhcp_vendor: virsh
    :virsh_network: default

Make sure the user foreman proxy will be running with has sudo and virsh commands available and password is not required for virsh command. Also make sure sudo does not require tty. Something like:

    Defaults !requiretty
    %users ALL=/usr/bin/virsh

Foreman is now configured for libvirt provisioning, you can now start both foreman and smart-proxy directly from git and work/debug/test on provisioning easily. There are some limitations tho:

  • reverse DNS entries are not created (libvirt XML does not support them)

Share your experiences on our development list.