Description of problem: When we have the DHCP capsule server behind a firewall and the requests from port 7 which is used for checking the TCP pingable on free IP is refused. Satellite considers the IP address is used and it failed to provide the free IP (autosuggest). Version-Release number of selected component (if applicable): Red Hat Satellite 6.4 Actual results: Satellite capsule failed to provide free IP. Expected results: Satellite should use ping if it fails with TCP. Additional info: pingable code file:- "/usr/share/foreman-proxy/modules/dhcp_common/free_ips.rb" ~~~ logger.debug "Searching for free IP - pinging #{possible_ip}." if tcp_pingable?(possible_ip) || icmp_pingable?(possible_ip) logger.debug "Found a pingable IP(#{possible_ip}) address which does not have a Proxy::DHCP record." else logger.debug "Found free IP #{possible_ip} out of a total of #{num_of_addresses} free IPs." return possible_ip end ~~~ As the connection is refused satellite consider the IPs is pingable even if its free. Tested modified code:- ~~~ logger.debug "Searching for free IP - pinging #{possible_ip}." if !tcp_pingable?(possible_ip) logger.debug "Found free IP #{possible_ip} out of a total of #{num_of_addresses} free IPs." return possible_ip elsif !icmp_pingable?(possible_ip) logger.debug "Found free IP #{possible_ip} out of a total of #{num_of_addresses} free IPs." return possible_ip else logger.debug "Found a pingable IP(#{possible_ip}) address which does not have a Proxy::DHCP record." end ~~~
Valid backlog item. Workaround: Remove the code which performs the pings completely.
Created redmine issue https://projects.theforeman.org/issues/27692 from this bug
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27692 has been resolved.
Tested on Sat 6.7 Snap 10 using following steps: 1. create an isolated network managed by a separate capsule with DHCP enabled, with a very small DHCP range (e.g. a pool of 5 addresses) 2. connect a client to the network and manually assign an address (which is not leased out by the DHCP server, of course) from the DHCP range to it 3. run a manual creation of a new host on the Satellite, assign the host to the isolated network, and click the "Suggest new" link a few times. With ping_free_ip: true Satellite will suggest addresses not leased out by the DHCP server, and WILL NOT suggest the address manually assigned in the step 2, because it has been pinged and determined as taken in the real-time. With ping_free_ip: false Satellite will suggest addresses not leased out by the DHCP server, and WILL suggest the address manually assigned in the step 2, because the DHCP db is its only source of info, and no checking pings are made.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454