Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
Cheers, Ronald
On pe, 24 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
No official plans yet. However, there is a draft version at https://github.com/cabeljunky/freeipa-plugin-dhcp which seems to work for some people.
Couple weeks ago I started to rewrite that plugin to follow FreeIPA code standards but haven't yet reached a point where I have anything working yet. It is done at my own time, when it is available.
On 24/04/2020 11:44, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 24 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
No official plans yet. However, there is a draft version at https://github.com/cabeljunky/freeipa-plugin-dhcp which seems to work for some people.
Couple weeks ago I started to rewrite that plugin to follow FreeIPA code standards but haven't yet reached a point where I have anything working yet. It is done at my own time, when it is available.
Yes, it would be utterly fantastic and make freeIPA even more complete solution if DHCP was integrated.
As of now there is not some semi/official guide to set DHCP to IPA's dirsrv, or is there?
many thanks, L.
lejeczek via FreeIPA-users wrote:
On 24/04/2020 11:44, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 24 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
No official plans yet. However, there is a draft version at https://github.com/cabeljunky/freeipa-plugin-dhcp which seems to work for some people.
Couple weeks ago I started to rewrite that plugin to follow FreeIPA code standards but haven't yet reached a point where I have anything working yet. It is done at my own time, when it is available.
Yes, it would be utterly fantastic and make freeIPA even more complete solution if DHCP was integrated.
As of now there is not some semi/official guide to set DHCP to IPA's dirsrv, or is there?
Look in the mailing list archives. A number of attempts were made. There is (or was) at least one DHCP integration how-to on the freeipa.org wiki.
rob
DHCP seems out of scope for IPA.
On Wed, Jun 3, 2020 at 9:17 AM lejeczek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On 24/04/2020 11:44, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 24 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
No official plans yet. However, there is a draft version at https://github.com/cabeljunky/freeipa-plugin-dhcp which seems to work for some people.
Couple weeks ago I started to rewrite that plugin to follow FreeIPA code standards but haven't yet reached a point where I have anything working yet. It is done at my own time, when it is available.
Yes, it would be utterly fantastic and make freeIPA even more complete solution if DHCP was integrated.
As of now there is not some semi/official guide to set DHCP to IPA's dirsrv, or is there?
many thanks, L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
It may seem out of scope, and I agree with this.
But IMHO it should have a better integration with DHCP. Look at MS Active Directory, it’s so deeply integrated with MS DHCP that you just install it as an add-on. The same thing does not happen on IPA. A better integration would be extremely good for FreeIPA; for sure there are guides to better integrate ISC DHCP, but some things are lacking, like better DDNS, RNDC keys, etc.
Storing DHCP leases on LDAP is an extra, it may be out of scope, as you said. But to achieve this I think other issues should be resolved first and in fact they don’t seem to be out of scope.
Again, this is my opinion, just as a FreeIPA “consumer”.
On 7 Jul 2020, at 15:33, Nicholas DeMarco via FreeIPA-users <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> wrote:
DHCP seems out of scope for IPA.
On Wed, Jun 3, 2020 at 9:17 AM lejeczek via FreeIPA-users <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> wrote:
On 24/04/2020 11:44, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 24 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
No official plans yet. However, there is a draft version at https://github.com/cabeljunky/freeipa-plugin-dhcp which seems to work for some people.
Couple weeks ago I started to rewrite that plugin to follow FreeIPA code standards but haven't yet reached a point where I have anything working yet. It is done at my own time, when it is available.
Yes, it would be utterly fantastic and make freeIPA even more complete solution if DHCP was integrated.
As of now there is not some semi/official guide to set DHCP to IPA's dirsrv, or is there?
many thanks, L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgmailto:freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgmailto:freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello Ronald,
Ronald Wimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
I have a (simple) script running that creates a configuration snippet for dnsmasq from the MAC address in the host record and the corresponding DNS entry. Works ok for my environment. Not bullet-proof an doesn't for big sites (max records...)
Jochen
The main issues are * adding to the schema * tools for managing * dynamic address allocation
We don’t use dynamic allocation. so that’s not an issue for us. That means the normal ISC dhcpd works fine. It supports getting data from LDAP. They supply a schema file, which with some tweaking works fine with freeipa.
I have a .py file that will add commands to the IPA command line to manage most data. That should work anywhere with possible minor changes because the base DN will not be Rutgers. I also have a web GUI which is part of my larger user management system. That might be a bit harder to port, though in principle the whole system is designed to be portable. (It uses Spring Boot.)
The issues I see with integration into freeipa are * adding it to the freeipa web GUI. I think that can be done with their defined extension method, so it doesn’t need a change in core code * dynamic address management.
The current ISC daemon uses a master / backup approach for dynamic address allocation. So it stores allocations locally on the server. That means it doesn’t need LDAP or another database. It should work just fine with freeipa. However the newer ISC DHCP code (currently a separate project) really wants a symmetrical database. LDAP might work, depending upon how often you need to allocate addresses, but LDAP really isn’t intended for high write rates.
On Apr 24, 2020, at 6:23 AM, Ronald Wimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
hmmm. so the problem with our integration is that we use the standard schema. that makes DHCP data a separate tree. To make it a real part of freeipa you’d want to get data for a host from its normal host entry. Either you’d need to modify the server to read data from the normal freeipa data, or you could keep the official DHCP schema, but make the management tools see the items as attributes of the freeipa host entry. Both are pretty easy to do. But I can see that a real integration like this would be a project that would compete with other priorities for IPA.
From my point of view, it’s kind of the biggest missing piece in IPA at the moment, though our integration works fine and shouldn’t present any maintenance issues.
(You may ask, why use IPA for your DHCP data? In our case it’s because IPA is the only multimaster replicated data we have. I’d rather not have to manage a mulitimasteir SQL database just to do DHCP.)
On Jul 6, 2020, at 2:24:43 PM, Charles Hedrick via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
The main issues are
- adding to the schema
- tools for managing
- dynamic address allocation
We don’t use dynamic allocation. so that’s not an issue for us. That means the normal ISC dhcpd works fine. It supports getting data from LDAP. They supply a schema file, which with some tweaking works fine with freeipa.
I have a .py file that will add commands to the IPA command line to manage most data. That should work anywhere with possible minor changes because the base DN will not be Rutgers. I also have a web GUI which is part of my larger user management system. That might be a bit harder to port, though in principle the whole system is designed to be portable. (It uses Spring Boot.)
The issues I see with integration into freeipa are
- adding it to the freeipa web GUI. I think that can be done with their defined extension method, so it doesn’t need a change in core code
- dynamic address management.
The current ISC daemon uses a master / backup approach for dynamic address allocation. So it stores allocations locally on the server. That means it doesn’t need LDAP or another database. It should work just fine with freeipa. However the newer ISC DHCP code (currently a separate project) really wants a symmetrical database. LDAP might work, depending upon how often you need to allocate addresses, but LDAP really isn’t intended for high write rates.
On Apr 24, 2020, at 6:23 AM, Ronald Wimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have several environments where a lack of DHCP is a showstopper at the moment.
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Take a look at this implementation. I may be old but could give an idea on how to proceed https://github.com/Turgon37/freeipa-plugin-dhcp
On Mon, Jul 6, 2020 at 1:39 PM Charles Hedrick via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
hmmm. so the problem with our integration is that we use the standard schema. that makes DHCP data a separate tree. To make it a real part of freeipa you’d want to get data for a host from its normal host entry. Either you’d need to modify the server to read data from the normal freeipa data, or you could keep the official DHCP schema, but make the management tools see the items as attributes of the freeipa host entry. Both are pretty easy to do. But I can see that a real integration like this would be a project that would compete with other priorities for IPA.
From my point of view, it’s kind of the biggest missing piece in IPA at the moment, though our integration works fine and shouldn’t present any maintenance issues.
(You may ask, why use IPA for your DHCP data? In our case it’s because IPA is the only multimaster replicated data we have. I’d rather not have to manage a mulitimasteir SQL database just to do DHCP.)
On Jul 6, 2020, at 2:24:43 PM, Charles Hedrick via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
The main issues are
- adding to the schema
- tools for managing
- dynamic address allocation
We don’t use dynamic allocation. so that’s not an issue for us. That
means the normal ISC dhcpd works fine. It supports getting data from LDAP. They supply a schema file, which with some tweaking works fine with freeipa.
I have a .py file that will add commands to the IPA command line to
manage most data. That should work anywhere with possible minor changes because the base DN will not be Rutgers. I also have a web GUI which is part of my larger user management system. That might be a bit harder to port, though in principle the whole system is designed to be portable. (It uses Spring Boot.)
The issues I see with integration into freeipa are
- adding it to the freeipa web GUI. I think that can be done with their
defined extension method, so it doesn’t need a change in core code
- dynamic address management.
The current ISC daemon uses a master / backup approach for dynamic
address allocation. So it stores allocations locally on the server. That means it doesn’t need LDAP or another database. It should work just fine with freeipa. However the newer ISC DHCP code (currently a separate project) really wants a symmetrical database. LDAP might work, depending upon how often you need to allocate addresses, but LDAP really isn’t intended for high write rates.
On Apr 24, 2020, at 6:23 AM, Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
Hi there,
are there any plans to integrate a DHCP server into FreeIPA. We have
several environments where a lack of DHCP is a showstopper at the moment.
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org