Synology Foreman

Infrastructure configuration management setup

• using The Foreman (Docker-based) as a Puppet ENC
• on a Synology NAS (e.g. DS918+ running DSM 7.0)
• and a modern router (e.g. Synology RT2600ac running SRM 1.2.5).

Base Setup (Synology DSM)

1. Enable SynoCommunity in Package Center
2. Install: Docker, Git (GitHub #3375), OpenLDAP or Active Directory (example)

   # FILE: $HOME/.bashrc (inspired by: /etc.defaults/.bashrc_profile)
   PS1='\[\033[01;32m\]\u@\h\[\033[0m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
   export PATH="$PATH:/usr/local/bin"
   alias ll='ls -lAF'

3. Terminal: Activate SSH

The Foreman Setup (ENC)

1. Generate a Docker Compose setup tailored to your needs:

   tools/generate-docker-compose.sh

2. Use Docker Compose to set up The Foreman

Set up initial values

1. Create OS (Hosts > Operating Systems)
2. Create domain (Infrastructure > Domains)
3. Create host group (Configure > Host Groups)
4. Configure AD integration (Administer > LDAP Auth)
5. Configure reduced UI for unprivileged users

This can be done using The Foreman's official Ansible modules.

Make sure you have Ansible 2.9+ installed, then run:

ansible-galaxy collection install theforeman.foreman

Adapt the Ansible setup in init/ to your liking, then run the playbook:

export FOREMAN_SERVER_URL=http://0.0.0.0:3000
export FOREMAN_USERNAME=admin
export FOREMAN_PASSWORD=changeme
ansible-playbook init/playbook.yml

Network Boot (PXE/TFTP)

How to implement PXE with Synology NAS (official)

1. Activate TFTP service (Control Panel > File Services > Advanced > TFTP)
2. Configure DHCP service (on router) or on the Synology NAS (DHCP Server > PXE)

Alternatively, you can activate PXE on the router if the DHCP service supports the next-server option. This will officially be supported by Synology routers (and available in their GUI) from SRM 2.0 onwards. Here is the manual setup for SRM < 2.0:

# FILE: /etc/dhcpd/dhcpd-lbr0-pxe.conf
# replace boot image and IP address by your TFTP host values
dhcp-boot=tag:lbr00,pxelinux.0,tftpserver,10.0.4.2
dhcp-boot=tag:x86PC,pxelinux.0,,10.0.4.2
dhcp-boot=tag:EFI_ia32,grub2/shim.efi,,10.0.4.2
dhcp-boot=tag:BC_EFI,grub2/shim.efi,,10.0.4.2
dhcp-boot=tag:EFI_x86-64,grub2/shim.efi,,10.0.4.2
dhcp-match=x86PC,option:client-arch,0
dhcp-match=EFI_ia32,option:client-arch,6
dhcp-match=BC_EFI,option:client-arch,7
dhcp-match=EFI_x86-64,option:client-arch,9
dhcp-option=tag:lbr00,vendor:PXEClient,1,10.0.4.2

# FILE: /etc/dhcpd/dhcpd-lbr0-pxe.info
enable="yes"

Then run /etc/rc.network nat-restart-dhcp or reboot your router. This will configure PXE on the "lbr0" interface in /etc/dhcpd/dhcpd.conf. Note: By using a separate configuration file this setup should even survive SRM upgrades on the router (take this with a grain of salt).

Use tcpdump on your Synology router if you need to troubleshoot PXE client requests and DHCP responses:

tcpdump -i any -pvn port 67 and 68