The Internet Systems Consortium (ISC) has announced the end-of-life of its DHCP (Dynamic Host Configuration Protocol) server software, which means it will no longer provide official support or updates for the software. While the software will continue to function, it will become increasingly vulnerable to breakage, security vulnerabilities, and other issues over time as the software ages.
It’s time for MAAS engineering to plan and execute a controlled and staged migration to a supported DHCP server software in order to ensure the continued security and stability of your MAAS networks. There are choices, but we currently plan to transition from dhcpd to Kea DHCP, the ISC replacement for DHCP, in the next few cycles. First, though, we want to gather input from users to ensure that the migration strategy is aligned with their requirements.
This is the place to tell us about DHCP snippets, how you’re using them, and what dependencies you may have on dhcpd.
We use MAAS as a bare metal provider. We use DHCP snippets when deploys cannot be accomplished via MAAS such as BYOI (bring your own ISO / image) and IPXE script functionality for our customers.
A key feature for us is being able to override the “filename” parameter per machine via snippets. I’d be happy to share more intricate details privately 
1 Like
@patrickhampson -thanks for this insight 
!
I’m interested in how your BYOI & IPXE Scripting takes place w/ DHCP Snippets - do you have any configurations you’d be willing to share on GitHub/GitLab?
What does that typically look like? Are there some GitOps that surround those snippets you have, maybe a source repo and then MAAS pulls it from there when needed?
Currently, I’m trying to wrap my head around how MAAS could act more like a general iPXE/DHCP server if needed …in the instance of something where:
- building a custom packer image wouldn’t work
- that leverages taking advantage of: .iso, vmlinuz, initrd, rootfs.squashfs, and other artifacts, where the entire system was built with elemental-toolkit
- the image installer, is very specific we need to run our installer
Thanks for any insight/info/help!
I just realized that DHCP snippets will be deprecated soon and would like to share my use case for DHCP snippets.
I use DHCP snippets to whitelist explicitly-configured MAC addresses and prevent other machines from network booting with MaaS. I use terraform to commission each maas_machine with pxe_mac_address. As the maas terraform provider has no support for DHCP snippets, I use terraform_data resource to curl the MaaS API to always override a specific dhcp snippet id before proceeding with commissioning and deploying.
The contents of the dhcp snippet is as follows. The template is processed by terraform to create 1 host block per configured machine.
deny unknown-clients; # prevent unknown machines from pxe-booting with MaaS
%{for mac, machine_config in local.mac_config~}
host whitelist-${machine_config.hostname}-${replace(mac, ":", "-")} {
hardware ethernet ${mac};
#fixed-address ${machine_config.ip_address};
}
%{endfor~}
I prefer this feature of only allowing known machines to pxe-boot to be in-built within MaaS with Terraform support. I’m not familiar with Kea and I hope that similar functionality can be replicated with Terraform support.
