Description of problem: As per BZ (https://bugzilla.redhat.com/show_bug.cgi?id=1744528), we have an option to disable ping_free_ip for DHCP service but we dont have a Custom hiera or Satellite installer option to configure the settings permanently. Version-Release number of selected component (if applicable): Red Hat Satellite 6.7 How reproducible: Steps to Reproduce: 1. create an isolated network managed by a separate capsule with DHCP enabled, with a very small DHCP range (e.g. a pool of 5 addresses) 2. connect a client to the network and manually assign an address (which is not leased out by the DHCP server, of course) from the DHCP range to it 3. run a manual creation of a new host on the Satellite, assign the host to the isolated network, and click the "Suggest new" link a few times. With ping_free_ip: true Satellite will suggest addresses not leased out by the DHCP server, and WILL NOT suggest the address manually assigned in the step 2, because it has been pinged and determined as taken in the real-time. With ping_free_ip: false Satellite will suggest addresses not leased out by the DHCP server, and WILL suggest the address manually assigned in the step 2, because the DHCP db is its only source of info, and no checking pings are made. Actual results: When running Satellite-installer dhcp.yml file ping_free_ip settings is removed. Expected results: We should have ping_free_ip settings with customer hiera or Satellite installer options. Additional info:
Created redmine issue https://projects.theforeman.org/issues/31415 from this bug
Upstream bug assigned to ekohlvan
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/31415 has been resolved.
Verified on 6.10 Snap4 Verification points: 1- New option added for configuring the ping-free-ip in installer. # satellite-installer --help ...... --foreman-proxy-dhcp-ping-free-ip Perform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs. (current: true) 2- By default value of ping-free-ip is true 3- Changed the value using satellite-installer from default to 'false' and it changed successfully. # satellite-installer --foreman-proxy-dhcp-ping-free-ip false 2021-06-14 08:10:13 [NOTICE] [root] Loading installer configuration. This will take some time. 2021-06-14 08:10:19 [NOTICE] [root] Running installer with log based terminal output at level NOTICE. ............... Candlepin orphaned consumers: [] Success! 4- Checked the updated option in satellite-helper and found value changed. # satellite-installer --help ........ --foreman-proxy-dhcp-ping-free-ip Perform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs. (current: false) 5- checked the value of ping_free_ip in /etc/foreman-proxy/settings.d/dhcp.yml and it is correct. # less /etc/foreman-proxy/settings.d/dhcp.yml|grep ping_free :ping_free_ip: false 6- Restored the changes using satellite-installer and checked the changes in installer helper. # satellite-installer --foreman-proxy-dhcp-ping-free-ip true 2021-06-14 08:53:00 [NOTICE] [root] Loading installer configuration. This will take some time. 2021-06-14 08:53:05 [NOTICE] [root] Running installer with log based terminal output at level NOTICE ..................... ..................... Candlepin orphaned consumers: [] Success! # satellite-installer --help --foreman-proxy-dhcp-ping-free-ip Perform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs. (current: true) 7- checked the restored value of ping_free_ip in /etc/foreman-proxy/settings.d/dhcp.yml and it is correct. # less /etc/foreman-proxy/settings.d/dhcp.yml|grep ping_free :ping_free_ip: true
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702