Project

General

Profile

ISC DHCP » History » Version 10

Marcello de Sousa, 05/26/2011 11:45 AM

1 1 Ohad Levy
h1. ISC DHCP
2 1 Ohad Levy
3 1 Ohad Levy
ISC implementation is based on the omapi interface, which means:
4 1 Ohad Levy
* No need for root permissions on your DHCP server
5 1 Ohad Levy
* No need to restart (or "sync") your dhcp server after every modifications.
6 1 Ohad Levy
7 1 Ohad Levy
8 1 Ohad Levy
h3. Configuration
9 1 Ohad Levy
10 1 Ohad Levy
* dhcpd configuration file: 
11 1 Ohad Levy
ensure you have the following line in your dhcpd.conf file (somewhere in the top first lines):
12 3 Ohad Levy
<pre>omapi-port 7911;</pre>
13 4 Ohad Levy
* configure the settings file to point to your dhcpd.conf and dhcpd.leases files (make sure they are readable by the smart-proxy user)
14 4 Ohad Levy
* make sure the omshell command (/usr/bin/omshell) can be executed by the smart-proxy user.
15 5 Ohad Levy
16 10 Marcello de Sousa
h3. Securing the dhcp API
17 10 Marcello de Sousa
18 10 Marcello de Sousa
The dhcpd api server will listen to any host. You might need to add a omapi_key to provide basic security. 
19 10 Marcello de Sousa
20 10 Marcello de Sousa
Example generating a key (on CentOS):
21 10 Marcello de Sousa
<pre>
22 10 Marcello de Sousa
> yum install bind97
23 10 Marcello de Sousa
> dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key
24 10 Marcello de Sousa
> cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2-
25 10 Marcello de Sousa
</pre>
26 10 Marcello de Sousa
27 10 Marcello de Sousa
1- Edit your "/etc/dhcpd.conf":
28 10 Marcello de Sousa
<pre>
29 10 Marcello de Sousa
omapi-port 7911;
30 10 Marcello de Sousa
key omapi_key {
31 10 Marcello de Sousa
algorithm HMAC-MD5;
32 10 Marcello de Sousa
secret "XXXXXXXXX"; #<-The output from the generated key above.
33 10 Marcello de Sousa
};
34 10 Marcello de Sousa
omapi-key omapi_key;
35 10 Marcello de Sousa
</pre>
36 10 Marcello de Sousa
37 10 Marcello de Sousa
2- Make sure you also add the omapi_key to your proxy's [[Smart-Proxy:Settingsyml#DHCP-section|settings.yml]]
38 10 Marcello de Sousa
39 10 Marcello de Sousa
3- Restart the dhcpd and foreman-proxy services
40 10 Marcello de Sousa
41 10 Marcello de Sousa
h3. Testing
42 5 Ohad Levy
43 8 Ohad Levy
If everything works, you could browse your dhcp server data if you goto http://proxy:8443/dhcp
44 6 Dis Connect
45 7 Ohad Levy
The next step is to set up appropriate Subnets in Foreman from the settings menu.
46 9 Ohad Levy
47 9 Ohad Levy
[[Sample dhcpd.conf]]