Project

General

Profile

ISC DHCP » History » Revision 10

Revision 9 (Ohad Levy, 05/02/2011 08:28 AM) → Revision 10/12 (Marcello de Sousa, 05/26/2011 11:45 AM)

h1. ISC DHCP 

 ISC implementation is based on the omapi interface, which means: 
 * No need for root permissions on your DHCP server 
 * No need to restart (or "sync") your dhcp server after every modifications. 


 h3. Configuration 

 * dhcpd configuration file:  
 ensure you have the following line in your dhcpd.conf file (somewhere in the top first lines): 
 <pre>omapi-port 7911;</pre> 
 * configure the settings file to point to your dhcpd.conf and dhcpd.leases files (make sure they are readable by the smart-proxy user) 
 * make sure the omshell command (/usr/bin/omshell) can be executed by the smart-proxy user. 

 h3. Securing the dhcp API 

 The dhcpd api server will listen to any host. You might need to add a omapi_key to provide basic security.  

 Example generating a key (on CentOS): 
 <pre> 
 > yum install bind97 
 > dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key 
 > cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2- 
 </pre> 

 1- Edit your "/etc/dhcpd.conf": 
 <pre> 
 omapi-port 7911; 
 key omapi_key { 
 algorithm HMAC-MD5; 
 secret "XXXXXXXXX"; #<-The output from the generated key above. 
 }; 
 omapi-key omapi_key; 
 </pre> 

 2- Make sure you also add the omapi_key to your proxy's [[Smart-Proxy:Settingsyml#DHCP-section|settings.yml]] 

 3- Restart the dhcpd and foreman-proxy services 

 h3. Testing 

 


 If everything works, you could browse your dhcp server data if you goto http://proxy:8443/dhcp 

 The next step is to set up appropriate Subnets in Foreman from the settings menu. 

 [[Sample dhcpd.conf]]