DHCP custom configuration - (when|will) it be available?

Gertjan · Dec 16, 2019, 8:11 AM

@CapitanBlack said in DHCP custom configuration - (when|will) it be available?:

custom configuration to DHCPD config file?

You are using pfSense so you can use a GUI to setup the needed services.
pfSense will create, and recreate, the needed config file.
These config files are not read back in again to see if there are user edits. They are overwritten on the fly when the process needs to start.

Can you explain what are your needs ?

Not this :

?

CapitanBlack · Dec 16, 2019, 6:41 PM

I am integrating The Foreman/Katello (www.theforeman.org) with pfSense for automated VM's provisioning. I need to enable OMAPI by adding below config lines to DHCPD config file. So far I did it via a script (see below). The cron script itself works fine - I'm currently testing if Foreman-pfSense provisioning works as it should...
P.S. I will also need OMAPI key for the official BIND daemon running on pfSense. Thanks!

omapi-port 7911;
key omapi_key {
    algorithm HMAC-MD5;
    secret "==OMAPI-SECRET==";
};
omapi-key omapi_key;

DHCPD custom configuration watchdog

#!/bin/sh
# === /root/bin/dhcpd_custom_config_watchdog ===
#

# Adds custom config to the end of DHCP config file if it was not found.
# Custom DHCP config saved in '/var/dhcpd/etc/dhcpd.conf.omapi' file.
#

if ! grep -q omapi /var/dhcpd/etc/dhcpd.conf ; then

# Restart DHCPD to ensure it has the latest configuration
pfSsh.php playback restartdhcpd

echo "Save DHCPD command line..."
echo `ps axww | grep '[/]usr/local/sbin/dhcpd' | tr -s '[:blank:]' | grep -o '\/usr\/local\/sbin\/dhcpd.*'` > /var/tmp/dhcpd_cmdline
killall dhcpd

echo "Backing up DHCPD configuration file to '/var/dhcpd/etc/dhcpd.conf.bak'..."
cp -f /var/dhcpd/etc/dhcpd.conf /var/dhcpd/etc/dhcpd.conf.bak
echo "Applying custom configuration..."
cat /var/dhcpd/etc/dhcpd.conf.omapi >> /var/dhcpd/etc/dhcpd.conf

# Restart DHCPD with the original comand line...
eval $(cat /var/tmp/dhcpd_cmdline)

fi
# === /root/bin/dhcpd_custom_config_watchdog ===

Then install 'cron' package and add below line

Below screenshot explains how The Foreman uses ISC DHCPD and BIND for VM's provisioning.

jimp · Dec 16, 2019, 8:49 PM

There is an option to enable OMAPI coming in 2.5.0: https://redmine.pfsense.org/issues/7304

You might be able to adapt the diff on the issue to apply to 2.4.4

CapitanBlack · Dec 16, 2019, 11:54 PM

@jimp - thanks a lot! I (and many other Foreman enthusiast) need it for sure!

Can you please provide instruction on how to make and apply the diff?

CapitanBlack · Dec 17, 2019, 12:05 AM

NVM, figured it out...

CapitanBlack · Dec 17, 2019, 12:21 AM

CapitanBlack · Dec 17, 2019, 12:28 AM

Tested three most recent patches starting from 2577004fa21a13c6f00427e96334b051de5ab1a2 - all gives various patching errors...

My pfSense is 2.4.4-RELEASE-p3 (amd64)

Gertjan · Dec 17, 2019, 10:35 AM

Try against the latest "2.4.5 pre release" that became available very recently.

jimp · Dec 17, 2019, 2:11 PM

I do not expect that to apply cleanly, which is why I said you'd need to adapt it. Look at what changed, and make similar changes to your system by hand.

That said, it does apply cleanly to the 2.4.5 tree so it may be worth trying there.

CapitanBlack · Dec 17, 2019, 5:36 PM

Yes, thanks guys - I've deployed a new virtual firewall to try the patch.
Will post here...

thedudeabides · Oct 30, 2020, 6:05 PM

@jimp @CapitanBlack thank you (and everyone else involved) for making this a reality for the rest of us in the digital ether.

Having said that, I'd also like to leverage my already existing pfSense appliance to provide OMAPI/isc_bind (in order to act as a smartproxy for Foreman).

I saw that OMAPI made it into pfSense 2.5 which is great news. As of today, the latest community version is 2.4.5_1 (with 2.5 being tagged as an available experimental development snapshot).

Does that mean that if I want to consume these efforts I need to enable the pre-release devel channel on my CE box, and upgrade? Do you all use the paid-for version and develop against it?

thedudeabides · Jun 28, 2021, 6:20 PM

I updated to pfSense 2.5.0-DEVELOPMENT (amd64) and it was there and is working. Thank you everyone!

CapitanBlack · Jun 28, 2021, 6:24 PM

@thedudeabides - Hey bud! - could you share more details please? Did you manage Foreman to work with the pfSense DHCP service at the end? I'm working on this again and this time I'm determined to make it working.

Did you use SSHFS of added NFS server to pfSense for exporting the DHCP server config and lease files ?

thedudeabides · Jul 17, 2021, 1:04 AM

@capitanblack good to hear from you, sorry it took so long for me to respond. I’ve been slammed with other stuff and keep pushing it to the back burner. In short, I dropped that effort six months (or more) ago, and just picked it up again a couple weeks ago. Sounds like we are on the same page. I’ll have to go back to see what I did to get it working (pretty sure it was OMAPI + sshfs for sharing the lease files) but essentially after tying it into the pfSense, I decided that I wanted a separate infra VM to control everything with DHCP on it (as well as named) for environments where people won’t have a pfSense box. I’m in the middle of finishing a playbook that builds out both servers (infra and foreman) and configures and installs foreman to use the infra VM. Happy to share when it’s done.