ISC implementation is based on the omapi interface, which means:
  • No need for root permissions on your DHCP server
  • No need to restart (or "sync") your dhcp server after every modifications.


  • dhcpd configuration file:
    ensure you have the following line in your dhcpd.conf file (somewhere in the top first lines):
    omapi-port 7911;
  • configure the settings file to point to your dhcpd.conf and dhcpd.leases files (make sure they are readable by the smart-proxy user)
  • make sure the omshell command (/usr/bin/omshell) can be executed by the smart-proxy user.
  • make sure that /etc/dhcp and /etc/dhcp/dhcpd.conf has group foreman-proxy

Securing the dhcp API

The dhcpd api server will listen to any host. You might need to add a omapi_key to provide basic security.

Example generating a key on CentOS:

> yum install bind97
> dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key
> cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2-

On Debian, the dnssec-keygen utility is found in the bind9utils package.

1- Edit your "/etc/dhcpd.conf":

omapi-port 7911;
key omapi_key {
algorithm HMAC-MD5;
secret "XXXXXXXXX"; #<-The output from the generated key above.
omapi-key omapi_key;

2- Make sure you also add the omapi_key to your proxy's [[Smart-Proxy:Settingsyml#DHCP-section|settings.yml]]

3- Restart the dhcpd and foreman-proxy services


If everything works, you could browse your dhcp server data if you goto http://proxy:8443/dhcp

The next step is to set up appropriate Subnets in Foreman from the settings menu.

Sample dhcpd.conf

Updated by David Schmitt over 10 years ago ยท 12 revisions