Foreman » Smart Proxy

h1. ISC DHCP

ISC implementation is based on the omapi interface, which means:

* No need for root permissions on your DHCP server

* No need to restart (or "sync") your dhcp server after every modifications.

h3. Configuration

* dhcpd configuration file: 

ensure you have the following line in your dhcpd.conf file (somewhere in the top first lines):

<pre>omapi-port 7911;</pre>

* configure the settings file to point to your dhcpd.conf and dhcpd.leases files (make sure they are readable by the smart-proxy user)

* make sure the omshell command (/usr/bin/omshell) can be executed by the smart-proxy user.

* make sure that /etc/dhcp and /etc/dhcp/dhcpd.conf has group foreman-proxy

h3. Securing the dhcp API

The dhcpd api server will listen to any host. You might need to add a omapi_key to provide basic security. 

Example generating a key on CentOS:

<pre>

> yum install bind97

> dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key

> cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2-

</pre>

On Debian, the dnssec-keygen utility is found in the bind9utils package.

1- Edit your "/etc/dhcpd.conf":

<pre>

omapi-port 7911;

key omapi_key {

algorithm HMAC-MD5;

secret "XXXXXXXXX"; #<-The output from the generated key above.

};

omapi-key omapi_key;

</pre>

2- Make sure you also add the omapi_key to your proxy's [[Smart-Proxy:Settingsyml#DHCP-section|settings.yml]]

3- Restart the dhcpd and foreman-proxy services

h3. Testing

If everything works, you could browse your dhcp server data if you goto http://proxy:8443/dhcp

The next step is to set up appropriate Subnets in Foreman from the settings menu.

[[Sample dhcpd.conf]]