<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/01/2012 10:07 PM, William Brown wrote:
<blockquote
cite="mid:3D8A99BD-30B0-4E2A-977C-D4125F73CA58@adelaide.edu.au"
type="cite">Hi,
<div><br>
</div>
<div>I believe the topic of DHCP integration has come up before. I
think there have been other requests for this, but I think I
would like to elaborate on some of mine (and others) thoughts on
why this would be excellent in FreeIPA. When I refer to DHCP I
speak of the ISC-DHCP3/4 servers. </div>
<div><br>
</div>
<div>DHCP at the current point of time is difficult to manage in a
larger and smaller business or network setup. In the smaller
setup, there may not be enough expertise to go around which
presents a key person risk, and for a large business, with
hundreds to thousands of workstations, managing the dhcp
configuration by hand becomes quite hard. As a result, some
people have created tools that generate the configuration file
and copy it out to servers, but this is quite a kludgy solution.
Alternately, you can store the DHCP configuration is LDAP.
Again, a tool must be written to manage this LDAP branch, as
having people edit it by hand is inadvisable. However, as a
result, these tools aren't released into the open source world,
so no one can benefit from their presence.</div>
<div><br>
</div>
<div>FreeIPA already has the majority of components in place to
fill this gap (Namely, 389DS, DNS and access to hosts) - with a
goal of managing Users and Hosts effectively, in my view, DHCP
is one last pieces of the host management puzzle. </div>
<div><br>
</div>
<div>DHCP would be similar to DNS in FreeIPA, in that it would be
an optional component. </div>
<div><br>
</div>
<div>During the install, just because you have opted for having
DHCP support, should not make your FreeIPA server a DHCP server.
The DHCP server "role" could be allocated to other hosts via the
freeIPA admin tools. That way you don't need to install a
FreeIPA domain controller at every location that needs DHCP. You
also avoid the chicken and egg problem of "How does my FreeIPA
server get an IP if the DHCP server is on another host that
relies upon FreeIPA being available". This could also
potentially take advantage of the concept of "locations" also.</div>
<div><br>
</div>
<div>Having DHCP support would allow users to quickly and reliably
setup network infrastructure, namely, DNS and DHCP on their
systems. Additionally, having FreeIPA DHCP aware, would mean
that for subnets you control, you can automatically generate the
reverse hosts zone into DNS. </div>
<div><br>
</div>
<div>You would gain an avenue of updating DNS names for hosts,
without necessarily having the FreeIPA client tools installed.
You could supplement this to show which hosts on a network are
and are not part of the FreeIPA domain to allow easier auditing
of systems.</div>
<div><br>
</div>
<div>Users gain easy access to redundancy in DHCP server
configuration, that is more difficult to achieve than with the
traditional configuration files. </div>
<div><br>
</div>
<div>Permissions over the control of DHCP (And potentially even
subnets within) can be delegated to users and roles. </div>
<div><br>
</div>
<div>The FreeIPA join tool can automatically create static host
entries, and transmit the DHCP DUID (Both for IPv4 and IPv6) to
the FreeIPA servers. Even if you don't "assign" an IPA to this
static entry, this simplifies administration of hosts on a
network. (Have you ever sat down and entered in 100 machines mac
addresses manually into a web UI? It's not fun). In the future,
this kind of integration would mean that an administrator could
easily add PXE boot arguments to the DHCP server for tools like
satellite kickstarting. (Which may even be exposed over an API
and satellite can just hook into that .... the potential is
great.)</div>
<div><br>
</div>
<div>FreeIPA join can automatically enable DHCP6 on clients,
allowing more network flexibility than standard router
advertisement. </div>
<div><br>
</div>
<div>You avoid people needing to write their own DHCP management
solution that may have bugs or other latent issues, in favour of
a high quality tool provided by FreeIPA. This becomes a very
attractive feature to help with FreeIPA adoption. </div>
<div><br>
</div>
<div><br>
</div>
<div>Thoughts, questions, comments?</div>
<div><br>
</div>
</blockquote>
<br>
It makes sense as we start to understand more and more requirements,
thank you.<br>
However we are currently swamped with other features and bugs. You
can look into trac to see how many things are there on our plate.<br>
<br>
Would you be able to help and contribute to this effort?<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<blockquote
cite="mid:3D8A99BD-30B0-4E2A-977C-D4125F73CA58@adelaide.edu.au"
type="cite">
<div>
<div apple-content-edited="true"><span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0);
font-family: Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; font-size: medium;"><span
class="Apple-style-span" style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Helvetica; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space:
normal; widows: 2; word-spacing: 0px; font-size: medium;"><span
class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;">
<div style="word-wrap: break-word;"><span
class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family:
Helvetica; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal; widows:
2; word-spacing: 0px; font-size: medium;">
<div style="word-wrap: break-word;"><span
class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family:
Helvetica; font-size: medium; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;">
<div style="word-wrap: break-word;">
<div>Sincerely,</div>
<div><br>
</div>
<div>William Brown</div>
<div><br>
</div>
<div>Research & Teaching, Technology
Services<br>
The University of Adelaide, AUSTRALIA 5005<br>
<br>
CRICOS Provider Number 00123M<br>
-----------------------------------------------------------------------------<br>
IMPORTANT: This message may contain
confidential or legally privileged<br>
information. If you think it was sent to you
by mistake, please delete all<br>
copies and advise the sender. For the
purposes of the SPAM Act 2003, this<br>
email is authorised by The University of
Adelaide.</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://pgp.mit.edu">pgp.mit.edu</a></div>
<div><a moz-do-not-send="true"
href="http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2">http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2</a></div>
<div><br>
</div>
</div>
</span></div>
</span></div>
</span><br class="Apple-interchange-newline">
</span><br class="Apple-interchange-newline">
</span>
</div>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>