Project

General

Profile

ISC DHCP » History » Version 12

David Schmitt, 05/05/2013 02:44 PM
added debian hint

1 1 Ohad Levy
h1. ISC DHCP
2 1 Ohad Levy
3 1 Ohad Levy
ISC implementation is based on the omapi interface, which means:
4 1 Ohad Levy
* No need for root permissions on your DHCP server
5 1 Ohad Levy
* No need to restart (or "sync") your dhcp server after every modifications.
6 1 Ohad Levy
7 1 Ohad Levy
8 1 Ohad Levy
h3. Configuration
9 1 Ohad Levy
10 1 Ohad Levy
* dhcpd configuration file: 
11 1 Ohad Levy
ensure you have the following line in your dhcpd.conf file (somewhere in the top first lines):
12 3 Ohad Levy
<pre>omapi-port 7911;</pre>
13 4 Ohad Levy
* configure the settings file to point to your dhcpd.conf and dhcpd.leases files (make sure they are readable by the smart-proxy user)
14 4 Ohad Levy
* make sure the omshell command (/usr/bin/omshell) can be executed by the smart-proxy user.
15 11 Florian Koch
* make sure that /etc/dhcp and /etc/dhcp/dhcpd.conf has group foreman-proxy
16 11 Florian Koch
17 5 Ohad Levy
18 10 Marcello de Sousa
h3. Securing the dhcp API
19 10 Marcello de Sousa
20 10 Marcello de Sousa
The dhcpd api server will listen to any host. You might need to add a omapi_key to provide basic security. 
21 10 Marcello de Sousa
22 12 David Schmitt
Example generating a key on CentOS:
23 10 Marcello de Sousa
<pre>
24 10 Marcello de Sousa
> yum install bind97
25 10 Marcello de Sousa
> dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key
26 10 Marcello de Sousa
> cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2-
27 1 Ohad Levy
</pre>
28 12 David Schmitt
29 12 David Schmitt
On Debian, the dnssec-keygen utility is found in the bind9utils package.
30 10 Marcello de Sousa
31 10 Marcello de Sousa
1- Edit your "/etc/dhcpd.conf":
32 10 Marcello de Sousa
<pre>
33 10 Marcello de Sousa
omapi-port 7911;
34 10 Marcello de Sousa
key omapi_key {
35 10 Marcello de Sousa
algorithm HMAC-MD5;
36 10 Marcello de Sousa
secret "XXXXXXXXX"; #<-The output from the generated key above.
37 10 Marcello de Sousa
};
38 10 Marcello de Sousa
omapi-key omapi_key;
39 10 Marcello de Sousa
</pre>
40 10 Marcello de Sousa
41 10 Marcello de Sousa
2- Make sure you also add the omapi_key to your proxy's [[Smart-Proxy:Settingsyml#DHCP-section|settings.yml]]
42 10 Marcello de Sousa
43 10 Marcello de Sousa
3- Restart the dhcpd and foreman-proxy services
44 10 Marcello de Sousa
45 10 Marcello de Sousa
h3. Testing
46 5 Ohad Levy
47 8 Ohad Levy
If everything works, you could browse your dhcp server data if you goto http://proxy:8443/dhcp
48 6 Dis Connect
49 7 Ohad Levy
The next step is to set up appropriate Subnets in Foreman from the settings menu.
50 9 Ohad Levy
51 9 Ohad Levy
[[Sample dhcpd.conf]]