Skip to content

feat: support configurable ISC OMAPI TSIG policy#7563

Merged
Obihoernchen merged 1 commit into
xcat2:masterfrom
VersatusHPC:fix/isc-omapi-tsig-policy
May 7, 2026
Merged

feat: support configurable ISC OMAPI TSIG policy#7563
Obihoernchen merged 1 commit into
xcat2:masterfrom
VersatusHPC:fix/isc-omapi-tsig-policy

Conversation

@viniciusferrao
Copy link
Copy Markdown
Member

@viniciusferrao viniciusferrao commented May 7, 2026
edited
Loading

This updates the legacy ISC DHCP OMAPI/DDNS path so xCAT is no longer hardwired to xcat_key, /usr/bin/omshell, and implicit HMAC-MD5 behavior.

The default behavior stays compatible with existing installs. If an administrator does nothing, xCAT still uses xcat_key with hmac-md5. The new site attributes only matter when a site needs a different TSIG algorithm, a different OMAPI key name, or an alternate omshell binary.

Changes included here:

  • Add shared OMAPI policy handling for ISC DHCP, DDNS, and dhcpop.
  • Add site.dhcpomapialgorithm, site.dhcpomapikeyname, and site.dhcpomshellpath.
  • Keep old omshell behavior for the default MD5 case, since legacy omshell does not accept an explicit key-algorithm hmac-md5.
  • Allow stronger TSIG algorithms when explicitly configured.
  • Keep BIND DDNS key generation and signing in sync with the selected OMAPI key.
  • Add a local ISC fallback for affected Ubuntu ISC DHCP paths, avoiding the unstable dynamic OMAPI update sequence there.

Validation:

  • DHCP config regeneration, syntax validation, reservation update/delete smoke tests, and BIOS/UEFI boot checks in all distributions that still relies on ISC DHCPd.

Supersedes #7389.

@viniciusferrao @gskouson
Support configurable ISC OMAPI TSIG policy
ab86139 
Add a shared OMAPI policy helper for ISC DHCP and DDNS so administrators can select the key name, signing algorithm, and omshell path from the site table while preserving the existing xcat_key hmac-md5 default.

Keep local ISC updates from hanging indefinitely when omshell does not exit, and use a static host-declaration fallback for local Ubuntu ISC releases where omshell is unstable for xCAT host updates.

Co-authored-by: gskouson <1507929+gskouson@users.noreply.github.com>
@viniciusferrao viniciusferrao changed the title Support configurable ISC OMAPI TSIG policy feat: support configurable ISC OMAPI TSIG policy May 7, 2026
@Obihoernchen Obihoernchen added this to the 2.18 milestone May 7, 2026
@Obihoernchen Obihoernchen merged commit fa17f70 into xcat2:master May 7, 2026
2 checks passed
@Obihoernchen Obihoernchen mentioned this pull request May 7, 2026
Closed
@viniciusferrao viniciusferrao deleted the fix/isc-omapi-tsig-policy branch May 7, 2026 21:10
This was referenced May 11, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Obihoernchen Obihoernchen Obihoernchen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.18

Development

Successfully merging this pull request may close these issues.

2 participants

@viniciusferrao @Obihoernchen