From 0451daedab63478bd5eb66578772e2161bfc0c7e Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Mon, 16 Dec 2024 23:24:22 +0100 Subject: [PATCH 01/47] Move DNS, DHCP, and TFTP content to a new guide (raw) --- ...ssembly_configuring-external-services.adoc | 4 --- .../con_configuring-dns-dhcp-and-tftp.adoc | 2 +- ...onfiguring-project-with-external-dhcp.adoc | 2 +- ...con_managing-dhcp-by-using-smartproxy.adoc | 6 ++-- .../con_managing-dns-by-using-smartproxy.adoc | 2 +- ...ng-infoblox-as-dhcp-and-dns-providers.adoc | 2 +- .../Makefile | 1 + .../doc-Administering_Network_Services/common | 1 + .../docinfo.html | 1 + .../docinfo.xml | 19 +++++++++++++ .../images/common | 1 + .../master.adoc | 28 +++++++++++++++++++ guides/doc-Installing_Proxy/master.adoc | 9 ------ guides/doc-Installing_Server/master.adoc | 6 ++-- .../master.adoc | 7 ++--- 15 files changed, 62 insertions(+), 29 deletions(-) create mode 100644 guides/doc-Administering_Network_Services/Makefile create mode 120000 guides/doc-Administering_Network_Services/common create mode 120000 guides/doc-Administering_Network_Services/docinfo.html create mode 100644 guides/doc-Administering_Network_Services/docinfo.xml create mode 120000 guides/doc-Administering_Network_Services/images/common create mode 100644 guides/doc-Administering_Network_Services/master.adoc diff --git a/guides/common/assembly_configuring-external-services.adoc b/guides/common/assembly_configuring-external-services.adoc index 71dc52e915f..3886648e619 100644 --- a/guides/common/assembly_configuring-external-services.adoc +++ b/guides/common/assembly_configuring-external-services.adoc @@ -6,10 +6,6 @@ include::modules/proc_configuring-external-dns.adoc[leveloffset=+1] include::assembly_configuring-external-dhcp.adoc[leveloffset=+1] -ifeval::[ "{context}" == "{project-context}" ] -include::assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] -endif::[] - include::modules/proc_configuring-external-tftp.adoc[leveloffset=+1] include::assembly_configuring-external-idm-dns.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc b/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc index 3843543a539..6c1bb2233dc 100644 --- a/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc +++ b/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc @@ -1,4 +1,4 @@ -[id="configuring-dns-dhcp-and-tftp_{context}"] +[id="configuring-dns-dhcp-and-tftp"] = Configuring DNS, DHCP, and TFTP You can manage DNS, DHCP, and TFTP centrally within the {Project} environment, or you can manage them independently after disabling their maintenance on {Project}. diff --git a/guides/common/modules/con_configuring-project-with-external-dhcp.adoc b/guides/common/modules/con_configuring-project-with-external-dhcp.adoc index d51012be13f..c0770fce3d7 100644 --- a/guides/common/modules/con_configuring-project-with-external-dhcp.adoc +++ b/guides/common/modules/con_configuring-project-with-external-dhcp.adoc @@ -1,4 +1,4 @@ -[id="configuring-external-dhcp_{context}"] +[id="configuring-external-dhcp"] = Configuring {ProductName} with external DHCP To configure {ProductName} with external DHCP, you must complete the following procedures: diff --git a/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc b/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc index 965a5944922..c83654e2826 100644 --- a/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc +++ b/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc @@ -7,11 +7,11 @@ You can use the DHCP module of {SmartProxy} to query for available IP addresses, Note that your {SmartProxy} cannot manage subnet declarations. .Available DHCP providers -* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers_{smart-proxy-context}[]. +* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers[]. * `dhcp_isc` {endash} ISC DHCP server over OMAPI. -For more information, see xref:configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[]. +For more information, see xref:configuring-dns-dhcp-and-tftp[]. * `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. -For more information, see xref:configuring-external-dhcp_{smart-proxy-context}[]. +For more information, see xref:configuring-external-dhcp[]. ifndef::satellite[] * `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API endif::[] diff --git a/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc b/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc index dbf5d3035c0..822d176dbb3 100644 --- a/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc +++ b/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc @@ -12,7 +12,7 @@ Other providers provide more direct integration, such as `dns_infoblox` for http ifdef::orcharhino[] * `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. endif::[] -* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers_{smart-proxy-context}[]. +* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers[]. ifndef::satellite[] * `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. For more information, see xref:configuring_dns_libvirt_{context}[]. diff --git a/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc b/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc index 3f8cc7c239f..86ebb08ea50 100644 --- a/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc +++ b/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc @@ -1,4 +1,4 @@ -[id="Using_Infoblox_as_DHCP_and_DNS_Providers_{context}"] +[id="Using_Infoblox_as_DHCP_and_DNS_Providers"] = Using Infoblox as DHCP and DNS providers You can use {ProductName} to connect to your Infoblox application to create and manage DHCP and DNS records, and to reserve IP addresses. diff --git a/guides/doc-Administering_Network_Services/Makefile b/guides/doc-Administering_Network_Services/Makefile new file mode 100644 index 00000000000..dd1e5be8557 --- /dev/null +++ b/guides/doc-Administering_Network_Services/Makefile @@ -0,0 +1 @@ +include ../common/Makefile diff --git a/guides/doc-Administering_Network_Services/common b/guides/doc-Administering_Network_Services/common new file mode 120000 index 00000000000..60d3b0a6a8f --- /dev/null +++ b/guides/doc-Administering_Network_Services/common @@ -0,0 +1 @@ +../common \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/docinfo.html b/guides/doc-Administering_Network_Services/docinfo.html new file mode 120000 index 00000000000..e037c37244a --- /dev/null +++ b/guides/doc-Administering_Network_Services/docinfo.html @@ -0,0 +1 @@ +../common/docinfo.html \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/docinfo.xml b/guides/doc-Administering_Network_Services/docinfo.xml new file mode 100644 index 00000000000..7ce4ef0da2d --- /dev/null +++ b/guides/doc-Administering_Network_Services/docinfo.xml @@ -0,0 +1,19 @@ +{AdministeringNetworkDocTitle} +Red Hat Satellite +{ProjectVersion} +Administer network services, such as DNS, DHCP, and TFTP + + + + TODO + + + + + + Red Hat Satellite + Documentation Team + satellite-doc-list@redhat.com + + + diff --git a/guides/doc-Administering_Network_Services/images/common b/guides/doc-Administering_Network_Services/images/common new file mode 120000 index 00000000000..53d0c7f575d --- /dev/null +++ b/guides/doc-Administering_Network_Services/images/common @@ -0,0 +1 @@ +../common/images \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/master.adoc b/guides/doc-Administering_Network_Services/master.adoc new file mode 100644 index 00000000000..255eb0ea882 --- /dev/null +++ b/guides/doc-Administering_Network_Services/master.adoc @@ -0,0 +1,28 @@ +include::common/attributes.adoc[] +include::common/header.adoc[] +:context: admin-network +:admin-network: + += {AdministeringNetworkDocTitle} + +// This guide is not ready for stable releases +ifdef::HideDocumentOnStable[] +include::common/modules/snip_guide-not-ready.adoc[] +endif::[] +ifndef::HideDocumentOnStable[] + +ifdef::satellite[] +include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] +endif::[] + +include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] + +:ProductName: {SmartProxy} +include::common/assembly_configuring-external-services.adoc[leveloffset=+1] + +include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] + +include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] + +include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] +endif::[] diff --git a/guides/doc-Installing_Proxy/master.adoc b/guides/doc-Installing_Proxy/master.adoc index 4e344942fcf..bf322dac3d4 100644 --- a/guides/doc-Installing_Proxy/master.adoc +++ b/guides/doc-Installing_Proxy/master.adoc @@ -26,15 +26,6 @@ include::common/assembly_installing-capsule-server.adoc[leveloffset=+1] include::common/assembly_performing-additional-configuration-on-smart-proxy-server.adoc[leveloffset=+1] -// Configuring {SmartProxyServer} with External Services -include::common/assembly_configuring-external-services.adoc[leveloffset=+1] - -include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] - :numbered!: // {SmartProxyServer} Scalability Considerations diff --git a/guides/doc-Installing_Server/master.adoc b/guides/doc-Installing_Server/master.adoc index 213a1551f9a..9a93c35be70 100644 --- a/guides/doc-Installing_Server/master.adoc +++ b/guides/doc-Installing_Server/master.adoc @@ -45,10 +45,10 @@ include::common/assembly_configuring-satellite-with-an-http-proxy.adoc[leveloffs include::common/modules/proc_enabling-power-management-on-hosts.adoc[leveloffset=+2] -include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+2] - include::common/modules/proc_configuring-satellite-for-outgoing-emails.adoc[leveloffset=+2] +include::common/assembly_configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm.adoc[leveloffset=+2] + ifdef::katello,orcharhino,satellite[] include::common/assembly_configuring-an-alternate-cname.adoc[leveloffset=+2] @@ -59,8 +59,6 @@ include::common/modules/proc_resetting-custom-ssl-certificate-to-default-self-si include::common/assembly_using-external-databases.adoc[leveloffset=+2] endif::[] -include::common/assembly_configuring-external-services.adoc[leveloffset=+1] - :numbered!: ifdef::katello[] diff --git a/guides/doc-Installing_Server_Disconnected/master.adoc b/guides/doc-Installing_Server_Disconnected/master.adoc index e20bdd70aa7..bcceeefa031 100644 --- a/guides/doc-Installing_Server_Disconnected/master.adoc +++ b/guides/doc-Installing_Server_Disconnected/master.adoc @@ -30,19 +30,16 @@ include::common/modules/proc_configuring-pull-based-transport-for-remote-executi include::common/modules/proc_enabling-power-management-on-hosts.adoc[leveloffset=+2] -include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+2] - include::common/modules/proc_configuring-satellite-for-outgoing-emails.adoc[leveloffset=+2] +include::common/assembly_configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm.adoc[leveloffset=+2] + ifdef::katello,orcharhino,satellite[] include::common/assembly_configuring-satellite-custom-server-certificate.adoc[leveloffset=+2] include::common/assembly_using-external-databases.adoc[leveloffset=+2] endif::[] - -include::common/assembly_configuring-external-services.adoc[leveloffset=+1] - :numbered!: [appendix] From a91b1916d31d86605d8627b4fe183f5d450d6fec Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Mon, 16 Dec 2024 23:36:01 +0100 Subject: [PATCH 02/47] fixup! Move DNS, DHCP, and TFTP content to a new guide (raw) --- ...forming-additional-configuration-on-smart-proxy-server.adoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/guides/common/assembly_performing-additional-configuration-on-smart-proxy-server.adoc b/guides/common/assembly_performing-additional-configuration-on-smart-proxy-server.adoc index 4092a7339aa..a32895dcade 100644 --- a/guides/common/assembly_performing-additional-configuration-on-smart-proxy-server.adoc +++ b/guides/common/assembly_performing-additional-configuration-on-smart-proxy-server.adoc @@ -23,6 +23,3 @@ endif::[] // Enabling Power Management on Hosts include::modules/proc_enabling-power-management-on-hosts.adoc[leveloffset=+1] - -// Configuring DNS, DHCP, and TFTP on {SmartProxyServer} -include::modules/proc_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] From 7ae5a995ea9d2b58caa4daac6a20f96976a805df Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Mon, 16 Dec 2024 23:39:20 +0100 Subject: [PATCH 03/47] fixup --- guides/doc-Administering_Network_Services/master.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/doc-Administering_Network_Services/master.adoc b/guides/doc-Administering_Network_Services/master.adoc index 255eb0ea882..92288ca6d7b 100644 --- a/guides/doc-Administering_Network_Services/master.adoc +++ b/guides/doc-Administering_Network_Services/master.adoc @@ -15,9 +15,9 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] +:ProductName: {SmartProxy} include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] -:ProductName: {SmartProxy} include::common/assembly_configuring-external-services.adoc[leveloffset=+1] include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] From d618db038946a4e39a199815ea9e880d8decebb0 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 18 Dec 2024 21:20:35 +0100 Subject: [PATCH 04/47] Rename the new guide --- .../Makefile | 1 - .../doc-Administering_Network_Services/common | 1 - .../docinfo.html | 1 - .../docinfo.xml | 19 ------------- .../images/common | 1 - .../master.adoc | 28 ------------------- .../doc-Configuring_DNS_DHCP_TFTP/master.adoc | 10 +++++++ 7 files changed, 10 insertions(+), 51 deletions(-) delete mode 100644 guides/doc-Administering_Network_Services/Makefile delete mode 120000 guides/doc-Administering_Network_Services/common delete mode 120000 guides/doc-Administering_Network_Services/docinfo.html delete mode 100644 guides/doc-Administering_Network_Services/docinfo.xml delete mode 120000 guides/doc-Administering_Network_Services/images/common delete mode 100644 guides/doc-Administering_Network_Services/master.adoc diff --git a/guides/doc-Administering_Network_Services/Makefile b/guides/doc-Administering_Network_Services/Makefile deleted file mode 100644 index dd1e5be8557..00000000000 --- a/guides/doc-Administering_Network_Services/Makefile +++ /dev/null @@ -1 +0,0 @@ -include ../common/Makefile diff --git a/guides/doc-Administering_Network_Services/common b/guides/doc-Administering_Network_Services/common deleted file mode 120000 index 60d3b0a6a8f..00000000000 --- a/guides/doc-Administering_Network_Services/common +++ /dev/null @@ -1 +0,0 @@ -../common \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/docinfo.html b/guides/doc-Administering_Network_Services/docinfo.html deleted file mode 120000 index e037c37244a..00000000000 --- a/guides/doc-Administering_Network_Services/docinfo.html +++ /dev/null @@ -1 +0,0 @@ -../common/docinfo.html \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/docinfo.xml b/guides/doc-Administering_Network_Services/docinfo.xml deleted file mode 100644 index 7ce4ef0da2d..00000000000 --- a/guides/doc-Administering_Network_Services/docinfo.xml +++ /dev/null @@ -1,19 +0,0 @@ -{AdministeringNetworkDocTitle} -Red Hat Satellite -{ProjectVersion} -Administer network services, such as DNS, DHCP, and TFTP - - - - TODO - - - - - - Red Hat Satellite - Documentation Team - satellite-doc-list@redhat.com - - - diff --git a/guides/doc-Administering_Network_Services/images/common b/guides/doc-Administering_Network_Services/images/common deleted file mode 120000 index 53d0c7f575d..00000000000 --- a/guides/doc-Administering_Network_Services/images/common +++ /dev/null @@ -1 +0,0 @@ -../common/images \ No newline at end of file diff --git a/guides/doc-Administering_Network_Services/master.adoc b/guides/doc-Administering_Network_Services/master.adoc deleted file mode 100644 index 92288ca6d7b..00000000000 --- a/guides/doc-Administering_Network_Services/master.adoc +++ /dev/null @@ -1,28 +0,0 @@ -include::common/attributes.adoc[] -include::common/header.adoc[] -:context: admin-network -:admin-network: - -= {AdministeringNetworkDocTitle} - -// This guide is not ready for stable releases -ifdef::HideDocumentOnStable[] -include::common/modules/snip_guide-not-ready.adoc[] -endif::[] -ifndef::HideDocumentOnStable[] - -ifdef::satellite[] -include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] -endif::[] - -:ProductName: {SmartProxy} -include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] - -include::common/assembly_configuring-external-services.adoc[leveloffset=+1] - -include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] -endif::[] diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index f35fabe6026..7dbda5e5f0a 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,4 +10,14 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] +:ProductName: {SmartProxy} +include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] +include::common/assembly_configuring-external-services.adoc[leveloffset=+1] + +include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] + +include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] + +include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] +endif::[] From 950a500b75ce3738f6936fb059633134559ac671 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Wed, 18 Dec 2024 21:20:51 +0100 Subject: [PATCH 05/47] Add guide DocURLs --- guides/common/attributes-base.adoc | 1 + guides/common/attributes-satellite.adoc | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/guides/common/attributes-base.adoc b/guides/common/attributes-base.adoc index 55760561a1d..69cf21ead2e 100644 --- a/guides/common/attributes-base.adoc +++ b/guides/common/attributes-base.adoc @@ -2,6 +2,7 @@ :BaseFilenameURL: index-{build}.html :AdministeringDocURL: {BaseURL}Administering_Project/{BaseFilenameURL}# :APIDocURL: {BaseURL}Project_API/{BaseFilenameURL}# +:ConfiguringDNSDHCPTFTPDocURL: {BaseURL}Configuring_DNS_DHCP_TFTP/{BaseFilenameURL}# :ConfiguringLoadBalancerDocURL: {BaseURL}Configuring_Load_Balancer/{BaseFilenameURL}# :ConfiguringUserAuthenticationDocURL: {BaseURL}Configuring_User_Authentication/{BaseFilenameURL}# :ContentManagementDocURL: {BaseURL}Managing_Content/{BaseFilenameURL}# diff --git a/guides/common/attributes-satellite.adoc b/guides/common/attributes-satellite.adoc index 89f486a41f2..e1bf74ca147 100644 --- a/guides/common/attributes-satellite.adoc +++ b/guides/common/attributes-satellite.adoc @@ -15,7 +15,7 @@ // - downstream_filename_to_link.json in downstream :AdministeringDocURL: {BaseURL}administering_red_hat_satellite/index# :APIDocURL: {BaseURL}using_the_satellite_rest_api/index# -:ConfiguringDNSDHCPTFTPDocURL: {BaseURL}/configuring_dns_dhcp_and_tftp_integration/index# +:ConfiguringDNSDHCPTFTPDocURL: {BaseURL}configuring_dns_dhcp_and_tftp_integration/index# :ConfiguringLoadBalancerDocURL: {BaseURL}configuring_capsules_with_a_load_balancer/index# :ConfiguringUserAuthenticationDocURL: {BaseURL}configuring_authentication_for_red_hat_satellite_users/index# :ConfiguringVMSubscriptionsDocURL: {BaseURL}configuring_virt_who_for_virtual_machine_subscriptions/index# From 2706b4a36d34871461d82c20ae93d3bbfd4c72df Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Fri, 24 Jan 2025 12:17:23 +0100 Subject: [PATCH 06/47] Draft structure --- ...assembly_configuring-dhcp-integration.adoc | 34 ++++++++++++++++ .../assembly_configuring-dns-integration.adoc | 39 +++++++++++++++++++ ...assembly_configuring-tftp-integration.adoc | 20 ++++++++++ .../con_configuring-dhcp-integration.adoc | 2 + .../con_configuring-dns-integration.adoc | 2 + .../con_configuring-tftp-integration.adoc | 2 + .../doc-Configuring_DNS_DHCP_TFTP/master.adoc | 8 ++++ 7 files changed, 107 insertions(+) create mode 100644 guides/common/assembly_configuring-dhcp-integration.adoc create mode 100644 guides/common/assembly_configuring-dns-integration.adoc create mode 100644 guides/common/assembly_configuring-tftp-integration.adoc create mode 100644 guides/common/modules/con_configuring-dhcp-integration.adoc create mode 100644 guides/common/modules/con_configuring-dns-integration.adoc create mode 100644 guides/common/modules/con_configuring-tftp-integration.adoc diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc new file mode 100644 index 00000000000..732d24058e7 --- /dev/null +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -0,0 +1,34 @@ +include::modules/con_configuring-dhcp-integration.adoc[] + +== DHCP service providers in {Project} + +== Internal DHCP service + +=== Enabling the internal DHCP service + +=== Disabling DHCP configuration by {Project} +Use case: Multiple subnets + +== External DHCP service + +=== Integrating Infoblox DHCP + +==== Infoblox limitations + +==== Infoblox prerequisites + +==== Installing the Infoblox CA certificate + +==== Installing the DHCP Infoblox module + +=== Integrating a custom DHCP server + +==== Configuring an external DHCP server + +==== Configuring {SmartProxy} for external DHCP service + +=== Securing the dhcpd API + +== Associating the DHCP service with a subnet + +== Disabling DHCP for unmanaged networks diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc new file mode 100644 index 00000000000..66960c5d1d6 --- /dev/null +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -0,0 +1,39 @@ +include::modules/con_configuring-dns-integration.adoc[] + +== DNS service providers in {Project} + +== Internal DNS service + +=== Enabling the internal DNS service + +=== Disabling DNS configuration by {Project} +Use case: Multiple domains + +== External DNS service + +=== Integrating IdM DNS + +==== Configuring dynamic DNS update with GSS-TSIG authentication + +==== Configuring dynamic DNS update with TSIG authentication + +=== Integrating Infoblox DNS + +==== Infoblox limitations + +==== Infoblox prerequisites + +==== Installing the Infoblox CA certificate + +==== Installing the DNS Infoblox module + +=== Integrating a custom DNS server +You can use the dns_nsupdate provider with any DNS server compatible with RFC2136. + +=== Reverting to the internal DNS service + +== Associating the DNS service with a subnet + +== Associating the DNS service with a domain + +== Disabling DNS for unmanaged networks diff --git a/guides/common/assembly_configuring-tftp-integration.adoc b/guides/common/assembly_configuring-tftp-integration.adoc new file mode 100644 index 00000000000..35ebc00cda5 --- /dev/null +++ b/guides/common/assembly_configuring-tftp-integration.adoc @@ -0,0 +1,20 @@ +include::modules/con_configuring-tftp-integration.adoc[] + +== TFTP service providers in {Project} + +== Internal TFTP service + +=== Enabling the internal TFTP service + +=== Disabling TFTP configuration by {Project} +Not sure if there's a use case for this. + +== External TFTP service + +=== Configuring an external TFTP server + +=== Configuring {SmartProxy} for external TFTP service + +== Associating the TFTP service with a subnet + +== Disabling TFTP for unmanaged networks diff --git a/guides/common/modules/con_configuring-dhcp-integration.adoc b/guides/common/modules/con_configuring-dhcp-integration.adoc new file mode 100644 index 00000000000..d890705ba82 --- /dev/null +++ b/guides/common/modules/con_configuring-dhcp-integration.adoc @@ -0,0 +1,2 @@ +[id="configuring-dhcp-integration"] += Configuring DHCP integration diff --git a/guides/common/modules/con_configuring-dns-integration.adoc b/guides/common/modules/con_configuring-dns-integration.adoc new file mode 100644 index 00000000000..62245604d1c --- /dev/null +++ b/guides/common/modules/con_configuring-dns-integration.adoc @@ -0,0 +1,2 @@ +[id="configuring-dns-integration"] += Configuring DNS integration diff --git a/guides/common/modules/con_configuring-tftp-integration.adoc b/guides/common/modules/con_configuring-tftp-integration.adoc new file mode 100644 index 00000000000..d4dbf36ad89 --- /dev/null +++ b/guides/common/modules/con_configuring-tftp-integration.adoc @@ -0,0 +1,2 @@ +[id="configuring-tftp-integration"] += Configuring TFTP integration diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index 7dbda5e5f0a..c88e27fd4e0 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,6 +10,13 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] +include::common/assembly_configuring-dns-integration.adoc[leveloffset=+1] + +include::common/assembly_configuring-dhcp-integration.adoc[leveloffset=+1] + +include::common/assembly_configuring-tftp-integration.adoc[leveloffset=+1] + +//// :ProductName: {SmartProxy} include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] @@ -20,4 +27,5 @@ include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] +//// endif::[] From 1d150b50f2f16d34ee29a674410834533e558288 Mon Sep 17 00:00:00 2001 From: Zuzana Lena Ansorgova Date: Sun, 26 Jan 2025 04:10:09 +0100 Subject: [PATCH 07/47] Keep old structure for comparison --- guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index c88e27fd4e0..8f7f4bf3c25 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,13 +10,18 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] += New structure + include::common/assembly_configuring-dns-integration.adoc[leveloffset=+1] include::common/assembly_configuring-dhcp-integration.adoc[leveloffset=+1] include::common/assembly_configuring-tftp-integration.adoc[leveloffset=+1] -//// += Old structure + +Content heap. + :ProductName: {SmartProxy} include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] @@ -27,5 +32,5 @@ include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] -//// + endif::[] From e69c62b71210596fe548eabf9b5242a0962865cb Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 3 Apr 2025 16:12:39 +0200 Subject: [PATCH 08/47] Restructure content --- ...assembly_configuring-dhcp-integration.adoc | 34 +++----- .../assembly_configuring-dns-integration.adoc | 39 ++++----- ...assembly_configuring-tftp-integration.adoc | 18 +---- ...onfiguring-project-with-external-dhcp.adoc | 7 -- ...y.adoc => con_dhcp-service-providers.adoc} | 18 +++-- ...xy.adoc => con_dns-service-providers.adoc} | 24 +++--- .../modules/con_infoblox-limitations.adoc | 14 ---- .../modules/con_infoblox-prerequisites.adoc | 6 -- ...con_integrating-a-generic-dhcp-server.adoc | 16 ++++ ...con_integrating-a-generic-tftp-server.adoc | 9 +++ ...configuring-dhcpd-to-use-with-server.adoc} | 4 +- ...onfiguring-server-for-use-with-dhcpd.adoc} | 6 +- ...configuring-server-for-use-with-tftp.adoc} | 4 +- .../proc_disabling-dhcp-for-integration.adoc | 33 ++++++++ .../proc_disabling-dns-for-integration.adoc | 37 +++++++++ .../proc_disabling-tftp-for-integration.adoc | 33 ++++++++ ...g-the-installer-managed-dhcp-service.adoc} | 53 +++++++----- ...ing-the-installer-managed-dns-service.adoc | 70 ++++++++++++++++ ...ng-the-installer-managed-tftp-service.adoc | 60 ++++++++++++++ ...c_installing-the-dhcp-infoblox-module.adoc | 33 -------- ...oc_installing-the-dns-infoblox-module.adoc | 26 ------ ...nstalling-the-infoblox-ca-certificate.adoc | 40 ---------- ...ind-dns-server-by-using-dns-nsupdate.adoc} | 6 +- ...ric-dns-server-by-using-dns-nsupdate.adoc} | 4 +- ...dnsmas-dhcp-by-using-the-libvirt-api.adoc} | 4 +- ...dnsmasq-dns-by-using-the-libvirt-api.adoc} | 5 +- ...idm-dns-with-gss-tsig-authentication.adoc} | 4 +- ...ing-idm-dns-with-tsig-authentication.adoc} | 4 +- .../proc_integrating-infoblox-dhcp.adoc | 80 +++++++++++++++++++ .../proc_integrating-infoblox-dns.adoc | 74 +++++++++++++++++ ...ns.adoc => proc_integrating-powerdns.adoc} | 4 +- ...doc => proc_integrating-route-53-dns.adoc} | 4 +- ....adoc => proc_securing-the-dhcpd-api.adoc} | 2 +- .../doc-Configuring_DNS_DHCP_TFTP/master.adoc | 18 ----- 34 files changed, 525 insertions(+), 268 deletions(-) delete mode 100644 guides/common/modules/con_configuring-project-with-external-dhcp.adoc rename guides/common/modules/{con_managing-dhcp-by-using-smartproxy.adoc => con_dhcp-service-providers.adoc} (65%) rename guides/common/modules/{con_managing-dns-by-using-smartproxy.adoc => con_dns-service-providers.adoc} (68%) delete mode 100644 guides/common/modules/con_infoblox-limitations.adoc delete mode 100644 guides/common/modules/con_infoblox-prerequisites.adoc create mode 100644 guides/common/modules/con_integrating-a-generic-dhcp-server.adoc create mode 100644 guides/common/modules/con_integrating-a-generic-tftp-server.adoc rename guides/common/modules/{proc_configuring-an-external-dhcp-server.adoc => proc_configuring-dhcpd-to-use-with-server.adoc} (97%) rename guides/common/modules/{proc_configuring-satellite-deployment-with-an-external-dhcp-server.adoc => proc_configuring-server-for-use-with-dhcpd.adoc} (92%) rename guides/common/modules/{proc_configuring-external-tftp.adoc => proc_configuring-server-for-use-with-tftp.adoc} (93%) create mode 100644 guides/common/modules/proc_disabling-dhcp-for-integration.adoc create mode 100644 guides/common/modules/proc_disabling-dns-for-integration.adoc create mode 100644 guides/common/modules/proc_disabling-tftp-for-integration.adoc rename guides/common/modules/{proc_reverting-to-internal-dns-service.adoc => proc_enabling-the-installer-managed-dhcp-service.adoc} (52%) create mode 100644 guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc create mode 100644 guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc delete mode 100644 guides/common/modules/proc_installing-the-dhcp-infoblox-module.adoc delete mode 100644 guides/common/modules/proc_installing-the-dns-infoblox-module.adoc delete mode 100644 guides/common/modules/proc_installing-the-infoblox-ca-certificate.adoc rename guides/common/modules/{proc_configuring-dns-nsupdate.adoc => proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc} (71%) rename guides/common/modules/{proc_configuring-external-dns.adoc => proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc} (93%) rename guides/common/modules/{proc_configuring-dhcp-libvirt.adoc => proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc} (81%) rename guides/common/modules/{proc_configuring-dns-libvirt.adoc => proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc} (83%) rename guides/common/modules/{proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc => proc_integrating-idm-dns-with-gss-tsig-authentication.adoc} (97%) rename guides/common/modules/{proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc => proc_integrating-idm-dns-with-tsig-authentication.adoc} (97%) create mode 100644 guides/common/modules/proc_integrating-infoblox-dhcp.adoc create mode 100644 guides/common/modules/proc_integrating-infoblox-dns.adoc rename guides/common/modules/{proc_configuring-dns-powerdns.adoc => proc_integrating-powerdns.adoc} (88%) rename guides/common/modules/{proc_configuring-dns-route53.adoc => proc_integrating-route-53-dns.adoc} (88%) rename guides/common/modules/{proc_securing-the-dhcp-api.adoc => proc_securing-the-dhcpd-api.adoc} (95%) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 732d24058e7..0831c1633fd 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -1,34 +1,18 @@ include::modules/con_configuring-dhcp-integration.adoc[] -== DHCP service providers in {Project} +include::modules/con_dhcp-service-providers.adoc[leveloffset=+1] -== Internal DHCP service +include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffset=+1] -=== Enabling the internal DHCP service +include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] -=== Disabling DHCP configuration by {Project} -Use case: Multiple subnets +ifndef::satellite[] +include::modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc[leveloffset=+1] +endif::[] -== External DHCP service - -=== Integrating Infoblox DHCP - -==== Infoblox limitations - -==== Infoblox prerequisites - -==== Installing the Infoblox CA certificate - -==== Installing the DHCP Infoblox module - -=== Integrating a custom DHCP server - -==== Configuring an external DHCP server - -==== Configuring {SmartProxy} for external DHCP service - -=== Securing the dhcpd API +include::modules/con_integrating-a-generic-dhcp-server.adoc[leveloffset=+1] == Associating the DHCP service with a subnet -== Disabling DHCP for unmanaged networks +include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] + diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc index 66960c5d1d6..aba3002997d 100644 --- a/guides/common/assembly_configuring-dns-integration.adoc +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -1,39 +1,28 @@ include::modules/con_configuring-dns-integration.adoc[] -== DNS service providers in {Project} +include::modules/con_dns-service-providers.adoc[leveloffset=+1] -== Internal DNS service +include::modules/proc_enabling-the-installer-managed-dns-service.adoc[leveloffset=+1] -=== Enabling the internal DNS service +include::modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc[leveloffset=+1] -=== Disabling DNS configuration by {Project} -Use case: Multiple domains +include::modules/proc_integrating-idm-dns-with-tsig-authentication.adoc[leveloffset=+1] -== External DNS service +include::modules/proc_integrating-infoblox-dns.adoc[leveloffset=+1] -=== Integrating IdM DNS +ifndef::satellite[] +include::modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc[leveloffset=+1] +include::modules/proc_integrating-powerdns.adoc[leveloffset=+1] +include::modules/proc_integrating-route-53-dns.adoc[leveloffset=+1] +endif::[] -==== Configuring dynamic DNS update with GSS-TSIG authentication +include::modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc[leveloffset=+1] -==== Configuring dynamic DNS update with TSIG authentication - -=== Integrating Infoblox DNS - -==== Infoblox limitations - -==== Infoblox prerequisites - -==== Installing the Infoblox CA certificate - -==== Installing the DNS Infoblox module - -=== Integrating a custom DNS server -You can use the dns_nsupdate provider with any DNS server compatible with RFC2136. - -=== Reverting to the internal DNS service +include::modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc[leveloffset=+1] == Associating the DNS service with a subnet == Associating the DNS service with a domain -== Disabling DNS for unmanaged networks +include::modules/proc_disabling-dns-for-integration.adoc[leveloffset=+1] + diff --git a/guides/common/assembly_configuring-tftp-integration.adoc b/guides/common/assembly_configuring-tftp-integration.adoc index 35ebc00cda5..f41d3359f93 100644 --- a/guides/common/assembly_configuring-tftp-integration.adoc +++ b/guides/common/assembly_configuring-tftp-integration.adoc @@ -1,20 +1,10 @@ include::modules/con_configuring-tftp-integration.adoc[] -== TFTP service providers in {Project} +include::modules/proc_enabling-the-installer-managed-tftp-service.adoc[leveloffset=+1] -== Internal TFTP service - -=== Enabling the internal TFTP service - -=== Disabling TFTP configuration by {Project} -Not sure if there's a use case for this. - -== External TFTP service - -=== Configuring an external TFTP server - -=== Configuring {SmartProxy} for external TFTP service +include::modules/con_integrating-a-generic-tftp-server.adoc[leveloffset=+1] == Associating the TFTP service with a subnet -== Disabling TFTP for unmanaged networks +include::modules/proc_disabling-tftp-for-integration.adoc[leveloffset=+1] + diff --git a/guides/common/modules/con_configuring-project-with-external-dhcp.adoc b/guides/common/modules/con_configuring-project-with-external-dhcp.adoc deleted file mode 100644 index c0770fce3d7..00000000000 --- a/guides/common/modules/con_configuring-project-with-external-dhcp.adoc +++ /dev/null @@ -1,7 +0,0 @@ -[id="configuring-external-dhcp"] -= Configuring {ProductName} with external DHCP - -To configure {ProductName} with external DHCP, you must complete the following procedures: - -. xref:configuring-an-external-dhcp-server_{context}[] -. xref:Configuring_Server_with_an_External_DHCP_Server_{context}[] diff --git a/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc b/guides/common/modules/con_dhcp-service-providers.adoc similarity index 65% rename from guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc rename to guides/common/modules/con_dhcp-service-providers.adoc index c83654e2826..f5322b1cf00 100644 --- a/guides/common/modules/con_managing-dhcp-by-using-smartproxy.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -1,5 +1,5 @@ -[id="managing-dhcp-by-using-{smart-proxy-context}"] -= Managing DHCP by using {SmartProxy} +[id="dhcp-serivce-proviers"] += DHCP service providers {Project} can integrate with a DHCP service by using your {SmartProxy}. A {SmartProxy} has multiple DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one. @@ -7,14 +7,20 @@ You can use the DHCP module of {SmartProxy} to query for available IP addresses, Note that your {SmartProxy} cannot manage subnet declarations. .Available DHCP providers -* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers[]. + +* `dhcp_infoblox` {endash} For more information, see xref:integrating-infoblox-dhcp_{context}[]. + * `dhcp_isc` {endash} ISC DHCP server over OMAPI. -For more information, see xref:configuring-dns-dhcp-and-tftp[]. + * `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. -For more information, see xref:configuring-external-dhcp[]. +For more information, see xref:integrating-a-generic-dhcp-server[]. + ifndef::satellite[] -* `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API +* `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API. +For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api_{context}[]. endif::[] + ifdef::orcharhino[] * `dhcp_native_ms` {endash} Microsoft Active Directory by using API endif::[] + diff --git a/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc b/guides/common/modules/con_dns-service-providers.adoc similarity index 68% rename from guides/common/modules/con_managing-dns-by-using-smartproxy.adoc rename to guides/common/modules/con_dns-service-providers.adoc index 822d176dbb3..b88a44cf23d 100644 --- a/guides/common/modules/con_managing-dns-by-using-smartproxy.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -1,5 +1,5 @@ -[id="managing-dns-by-using-{smart-proxy-context}"] -= Managing DNS by using {SmartProxy} +[id="dns-service-providers"] += DNS service providers {Project} can manage DNS records by using your {SmartProxy}. DNS management contains updating and removing DNS records from existing DNS zones. @@ -12,20 +12,22 @@ Other providers provide more direct integration, such as `dns_infoblox` for http ifdef::orcharhino[] * `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. endif::[] -* `dhcp_infoblox` {endash} For more information, see xref:Using_Infoblox_as_DHCP_and_DNS_Providers[]. -ifndef::satellite[] -* `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. -For more information, see xref:configuring_dns_libvirt_{context}[]. -endif::[] -* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. -For more information, see xref:configuring_dns_nsupdate_{context}[]. + * `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. -For more information, see xref:configuring-dynamic-dns-update-with-gss-tsig-authentication_{context}[]. +For more information, see xref:integrating-idm-dns-update-with-gss-tsig-authentication_{context}[]. + +* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. +For more information, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. + ifndef::satellite[] +* `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. +For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api_{context}[]. + * `dns_powerdns` {endash} https://www.powerdns.com/[PowerDNS]. -For more information, see xref:configuring_dns_powerdns_{context}[]. +For more information, see xref:integrating-powerdns_{context}[]. endif::[] ifdef::foreman-el,foreman-deb,katello[] For more information, see https://projects.theforeman.org/projects/foreman/wiki/List_of_Smart-Proxy_Plugins#DNS-plugins[List of DNS plugins] endif::[] + diff --git a/guides/common/modules/con_infoblox-limitations.adoc b/guides/common/modules/con_infoblox-limitations.adoc deleted file mode 100644 index d609b91de85..00000000000 --- a/guides/common/modules/con_infoblox-limitations.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[id="Infoblox_Limitations_{context}"] -= Infoblox limitations - -All DHCP and DNS records can be managed only in a single Network or DNS view. -After you install the Infoblox modules on {ProductName} and set up the view using the `{foreman-installer}` command, you cannot edit the view. - -{ProductName} communicates with a single Infoblox node by using the standard HTTPS web API. -If you want to configure clustering and High Availability, make the configurations in Infoblox. - -Hosting PXE-related files by using the TFTP functionality of Infoblox is not supported. -You must use {ProductName} as a TFTP server for PXE provisioning. -For more information, see {ProvisioningDocURL}preparing-networking[Preparing networking] in _{ProvisioningDocTitle}_. - -{Project} IPAM feature cannot be integrated with Infoblox. diff --git a/guides/common/modules/con_infoblox-prerequisites.adoc b/guides/common/modules/con_infoblox-prerequisites.adoc deleted file mode 100644 index 04f08226cd4..00000000000 --- a/guides/common/modules/con_infoblox-prerequisites.adoc +++ /dev/null @@ -1,6 +0,0 @@ -[id="Infoblox_Prerequisites_{context}"] -= Infoblox prerequisites - -* You must have Infoblox account credentials to manage DHCP and DNS entries in {Project}. -* Ensure that you have Infoblox administration roles with the names: `DHCP Admin` and `DNS Admin`. -* The administration roles must have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. diff --git a/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc b/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc new file mode 100644 index 00000000000..7befb50e48f --- /dev/null +++ b/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc @@ -0,0 +1,16 @@ +[id="integrating-a-generic-dhcp-server"] += Integrating a generic DHCP server + +To configure {ProductName} with external DHCP, you must complete the following procedures: + +. xref:configuring-dhcpd-to-use-with-server_{context}[] +. xref:configuring-server-for-use-with-dhcpd_{context}[] +. xref:securing-the-dhcpd-api_{context}[] + + +include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] + +include::proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+1] + +include::proc_securing-the-dhcpd-api.adoc[leveloffset=+1] + diff --git a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc new file mode 100644 index 00000000000..f9847a97f6e --- /dev/null +++ b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc @@ -0,0 +1,9 @@ +[id="integrating-a-generic-tftp-server"] += Integrating a generic TFTP server + +You can configure {ProductName} with a TFTP service that is not maintained by the {ProductName} installer. + +== Configuring TFTP to use with {ProductName} + +include::proc_configuring-server-for-use-with-tftp.adoc[leveloffset=+1] + diff --git a/guides/common/modules/proc_configuring-an-external-dhcp-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc similarity index 97% rename from guides/common/modules/proc_configuring-an-external-dhcp-server.adoc rename to guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 9419ca731f7..8ac78069ad3 100644 --- a/guides/common/modules/proc_configuring-an-external-dhcp-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -1,5 +1,5 @@ -[id="configuring-an-external-dhcp-server_{context}"] -= Configuring an external DHCP server to use with {ProductName} +[id="configuring-dhcpd-to-use-with-server_{context}"] += Configuring dhcpd to use with {ProductName} ifdef::foreman-deb[] [NOTE] diff --git a/guides/common/modules/proc_configuring-satellite-deployment-with-an-external-dhcp-server.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc similarity index 92% rename from guides/common/modules/proc_configuring-satellite-deployment-with-an-external-dhcp-server.adoc rename to guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 8bda9b2d398..e1378b92b76 100644 --- a/guides/common/modules/proc_configuring-satellite-deployment-with-an-external-dhcp-server.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -1,11 +1,11 @@ -[id="Configuring_Server_with_an_External_DHCP_Server_{context}"] -= Configuring {ProjectServer} with an external DHCP server +[id="configuring-server-for-use-with-dhcpd_{context}"] += Configuring {ProjectServer} for use with dhcpd You can configure {ProductName} with an external DHCP server. .Prerequisites * Ensure that you have configured an external DHCP server and that you have shared the DHCP configuration and lease files with {ProductName}. -For more information, see xref:configuring-an-external-dhcp-server_{context}[]. +For more information, see xref:configuring-server-for-use-with-dhcpd_{context}[]. .Procedure . Install the `{nfs-client-package}` package: diff --git a/guides/common/modules/proc_configuring-external-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc similarity index 93% rename from guides/common/modules/proc_configuring-external-tftp.adoc rename to guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 614355eaba1..2967433643b 100644 --- a/guides/common/modules/proc_configuring-external-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -1,5 +1,5 @@ -[id="configuring-external-tftp_{context}"] -= Configuring {ProductName} with external TFTP +[id="configuring-server-for-use-with-tftp_{context}"] += Configuring {ProductName} for use with tftp You can configure {ProductName} with external TFTP services. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc new file mode 100644 index 00000000000..8ea37d2437d --- /dev/null +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -0,0 +1,33 @@ +[id="disabling-dhcp-for-integration_{context}"] += Disabling DHCP for integration + +// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DHCP. +// Needs to be checked if it is technically correct. + +If you want to manually manage a DHCP services, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. + +[NOTE] +==== +Disabling DHCP in {Project} does not remove the related backend service on the operating system. +==== + +.Procedure + +. On {ProjectServer}, enter the following command: ++ +[options="nowrap", subs="+quotes,attributes"] +---- +# {foreman-installer} --foreman-proxy-dhcp false +---- + +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. + +. Click the *{SmartProxies}* tab and clear the *DHCP {SmartProxy}* field. + +[NOTE] +==== +{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. +When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. +When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +==== + diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc new file mode 100644 index 00000000000..81a8ca60a85 --- /dev/null +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -0,0 +1,37 @@ +[id="disabling-dns-for-integration_{context}"] += Disabling DNS for integration + +// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DNS. +// Needs to be checked if it is technically correct. + +If you want to manually manage a DNS service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. + +[NOTE] +==== +Disabling DNS in {Project} does not remove the related backend service on the operating system. +==== + +.Procedure + +. On {ProjectServer}, enter the following command: ++ +[options="nowrap", subs="+quotes,attributes"] +---- +# {foreman-installer} --foreman-proxy-dns false +---- + +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. + +. Click the *{SmartProxies}* tab and clear the *Reverse DNS {SmartProxy}* field. + +. Navigate to *Infrastructure* > *Domains* and select a domain. + +. Clear the *DNS {SmartProxy}* field. + +[NOTE] +==== +{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. +When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. +When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +==== + diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc new file mode 100644 index 00000000000..6fcfa5b6153 --- /dev/null +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -0,0 +1,33 @@ +[id="disabling-tftp-for-integration_{context}"] += Disabling TFTP for integration + +// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for TFTP. +// Needs to be checked if it is technically correct. + +If you want to manually manage a TFTP service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. + +[NOTE] +==== +Disabling TFTP in {Project} does not remove the related backend service on the operating system. +==== + +.Procedure + +. On {ProjectServer}, enter the following command: ++ +[options="nowrap", subs="+quotes,attributes"] +---- +# {foreman-installer} --foreman-proxy-tftp false +---- + +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. + +. Click the *{SmartProxies}* tab and clear the *TFTP {SmartProxy}* field. + +[NOTE] +==== +{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. +When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. +When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +==== + diff --git a/guides/common/modules/proc_reverting-to-internal-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc similarity index 52% rename from guides/common/modules/proc_reverting-to-internal-dns-service.adoc rename to guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 1ab231aa91e..2d8b0b6bc74 100644 --- a/guides/common/modules/proc_reverting-to-internal-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -1,17 +1,39 @@ -[id="reverting-to-internal-dns-service_{context}"] -= Reverting to internal DNS service +[id="enabling-the-installer-managed-dhcp-service_{context}"] += Enabling the installer-managed DHCP service -You can revert to using {ProjectServer} and {SmartProxyServer} as your DNS providers. -You can use a backup of the answer file that was created before configuring external DNS, or you can create a backup of the answer file. +// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. +// Needs to be checked if it is technically correct. + +You can revert to using {ProjectServer} and {SmartProxyServer} as your DHCP providers. +You can use a backup of the answer file that was created before configuring external DHCP, or you can create a backup of the answer file. ifndef::orcharhino[] For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. endif::[] +.Prerequisites + +ifeval::["{context}" == "{project-context}"] +* Ensure that the following information is available to you: +** DHCP IP address ranges +** DHCP gateway IP address +** DHCP nameserver IP address +** DNS information + +* Use the FQDN instead of the IP address where possible in case of network changes. +endif::[] + +ifeval::["{context}" == "{smart-proxy-context}"] +* You must have the correct interface name (`dhcp-interface`) for the DHCP server. +endif::[] + +* Contact your network administrator to ensure that you have the correct settings. + + .Procedure -On the {Project} or {SmartProxyServer} that you want to configure to manage DNS service for the domain, complete the following steps: +On the {Project} or {SmartProxyServer} that you want to configure to manage DHCP service for the domain, complete the following steps: -.Configuring {Project} or {SmartProxy} as a DNS server +.Configuring {Project} or {SmartProxy} as a DHCP server * If you have created a backup of the answer file before configuring external DNS, restore the answer file and then enter the `{foreman-installer}` command: + [options="nowrap", subs="+quotes,attributes"] @@ -20,15 +42,16 @@ On the {Project} or {SmartProxyServer} that you want to configure to manage DNS ----- + * If you do not have a suitable backup of the answer file, create a backup of the answer file now. -To configure {Project} or {SmartProxy} as DNS server without using an answer file, enter the following `{foreman-installer}` command on {Project} or {SmartProxy}: +To configure {Project} or {SmartProxy} as DHCP server without using an answer file, enter the following `{foreman-installer}` command on {Project} or {SmartProxy}: + [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-dns-managed=true \ ---foreman-proxy-dns-provider=nsupdate \ ---foreman-proxy-dns-server="127.0.0.1" \ ---foreman-proxy-dns=true +--foreman-proxy-dhcp true \ +--foreman-proxy-dhcp-managed true \ +--foreman-proxy-dhcp-range "192.0.2.100 192.0.2.150" \ +--foreman-proxy-dhcp-gateway 192.0.2.1 \ +--foreman-proxy-dhcp-nameservers 192.0.2.2 ---- + ifeval::["{context}" == "{smart-proxy-context}"] @@ -46,15 +69,9 @@ After you run the `{foreman-installer}` command to make any changes to your {Sma . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. . For each {SmartProxy} that you want to update, from the *Actions* list, select *Refresh*. -. Configure the domain: - -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and click the domain name that you want to configure. -.. In the *Domain* tab, set *DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. - . Configure the subnet: .. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. .. In the *Subnet* tab, set *IPAM* to *DHCP* or *Internal DB*. -.. In the *Domains* tab, select the domain that you want to manage using {Project} or {SmartProxy}. -.. In the *{SmartProxies}* tab, set *Reverse DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. .. Click *Submit* to save the changes. + diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc new file mode 100644 index 00000000000..08bc46407b3 --- /dev/null +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -0,0 +1,70 @@ +[id="enabling-the-installer-managed-dns-service_{context}"] += Enabling the installer-managed DNS service + +You can revert to using {ProjectServer} and {SmartProxyServer} as your DNS providers. +You can use a backup of the answer file that was created before configuring external DNS, or you can create a backup of the answer file. +ifndef::orcharhino[] +For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. +endif::[] + +Complete the steps on the {Project} or {SmartProxyServer} that you want to configure to manage DNS service for the domain. + + +.Procedure + +. Configure {Project} or {SmartProxy} as a DNS server: + +** If you have a backup of the answer file that was created before configuring a non-installer-managed DNS service: + +... Restore the answer file. + +... Re-apply the answer file: ++ +[options="nowrap",subs="+quotes,attributes"] +.... +# {foreman-installer} +.... + +** If you do not have a backup answer file that was created before configuring a non-installer-managed DNS service: + +... Create a backup of the answer file now. + +... Configure {Project} or {SmartProxy} as DNS server: ++ +[options="nowrap",subs="+quotes,attributes"] +.... +# {foreman-installer} \ +--foreman-proxy-dns-managed=true \ +--foreman-proxy-dns-provider=nsupdate \ +--foreman-proxy-dns-server="127.0.0.1" \ +--foreman-proxy-dns=true +.... ++ +ifeval::["{context}" == "{smart-proxy-context}"] +For more information, see xref:configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[]. +endif::[] +ifeval::["{context}" == "{project-context}"] +For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. +endif::[] + +. Update the configuration of each affected {SmartProxy} in the {ProjectWebUI}: + +.. Navigate to *Infrastructure* > *{SmartProxies}*. + +.. For each {SmartProxy} that you want to update, select *Refresh* in the *Actions* list. + +.. Configure the domain: + +... Navigate to *Infrastructure* > *Domains* +... Click the domain name that you want to configure. +... In the *Domain* tab, set *DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. + +.. Configure the subnet: + +... Navigate to *Infrastructure* > *Subnets*. +... Select the subnet name. +... In the *Subnet* tab, set *IPAM* to *DHCP* or *Internal DB*. +... In the *Domains* tab, select the domain that you want to manage using {Project} or {SmartProxy}. +... In the *{SmartProxies}* tab, set *Reverse DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. +... Click *Submit* to save the changes. + diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc new file mode 100644 index 00000000000..1d3e373fb99 --- /dev/null +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -0,0 +1,60 @@ +[id="enabling-the-installer-managed-tftp-service_{context}"] += Enabling the installer-managed TFTP service + +// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. +// Needs to be checked if it is technically correct. + +You can revert to using {ProjectServer} and {SmartProxyServer} as your TFTP providers. +You can use a backup of the answer file that was created before configuring external TFTP, or you can create a backup of the answer file. +ifndef::orcharhino[] +For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. +endif::[] + +Complete the steps on the {Project} or {SmartProxyServer} that you want to configure to manage TFTP service for the domain. + + +.Prerequisites + +ifeval::["{context}" == "{project-context}"] +* Ensure that the following TFTP server name information is available to you. + +* Use the FQDN instead of the IP address where possible in case of network changes. +endif::[] + +ifeval::["{context}" == "{smart-proxy-context}"] +* You must have the correct network name (`dns-interface`) for the DNS server. +* You must have the correct interface name (`dhcp-interface`) for the DHCP server. +endif::[] + +* Contact your network administrator to ensure that you have the correct settings. + + +.Procedure + +. Configure {Project} or {SmartProxy} as a TFTP server: + +** If you have a backup of the answer file that was created before configuring a non-installer-managed TFTP service: + +... Restore the answer file. + +... Re-apply the answer file: ++ +[options="nowrap",subs="+quotes,attributes"] +.... +# {foreman-installer} +.... + +** If you do not have a backup answer file that was created before configuring a non-installer-managed TFTP service: + +... Create a backup of the answer file now. + +... Configure {Project} or {SmartProxy} as TFTP server: ++ +[options="nowrap",subs="+quotes,attributes"] +.... +# {foreman-installer} \ +--foreman-proxy-tftp true \ +--foreman-proxy-tftp-managed true \ +--foreman-proxy-tftp-servername 192.0.2.3 +.... + diff --git a/guides/common/modules/proc_installing-the-dhcp-infoblox-module.adoc b/guides/common/modules/proc_installing-the-dhcp-infoblox-module.adoc deleted file mode 100644 index 574751e624d..00000000000 --- a/guides/common/modules/proc_installing-the-dhcp-infoblox-module.adoc +++ /dev/null @@ -1,33 +0,0 @@ -[id="Installing_the_DHCP_Infoblox_Module_{context}"] -= Installing the DHCP Infoblox module - -Install the DHCP Infoblox module on {ProductName}. -Note that you cannot manage records in separate views. - -You can also install DHCP and DNS Infoblox modules simultaneously by combining this procedure and xref:Installing_the_DNS_Infoblox_Module_{context}[]. - -.DHCP Infoblox record type considerations -If you want to use the DHCP and DNS Infoblox modules together, configure the DHCP Infoblox module with the `fixedaddress` record type only. -The `host` record type causes DNS conflicts and is not supported. - -If you configure the DHCP Infoblox module with the `host` record type, you have to unset both DNS {SmartProxy} and Reverse DNS {SmartProxy} options on your Infoblox-managed subnets, because Infoblox does DNS management by itself. -Using the `host` record type leads to creating conflicts and being unable to rename hosts in {Project}. - -.Procedure -. On {ProductName}, enter the following command: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} --enable-foreman-proxy-plugin-dhcp-infoblox \ ---foreman-proxy-dhcp true \ ---foreman-proxy-dhcp-provider infoblox \ ---foreman-proxy-dhcp-server _infoblox.example.com_ \ ---foreman-proxy-plugin-dhcp-infoblox-username _admin_ \ ---foreman-proxy-plugin-dhcp-infoblox-password _infoblox_ \ ---foreman-proxy-plugin-dhcp-infoblox-record-type fixedaddress \ ---foreman-proxy-plugin-dhcp-infoblox-dns-view default \ ---foreman-proxy-plugin-dhcp-infoblox-network-view default ----- -. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. -. For all subnets managed through Infoblox, ensure that the IP address management (*IPAM*) method of the subnet is set to `DHCP`. diff --git a/guides/common/modules/proc_installing-the-dns-infoblox-module.adoc b/guides/common/modules/proc_installing-the-dns-infoblox-module.adoc deleted file mode 100644 index 6b6fdba1161..00000000000 --- a/guides/common/modules/proc_installing-the-dns-infoblox-module.adoc +++ /dev/null @@ -1,26 +0,0 @@ -[id="Installing_the_DNS_Infoblox_Module_{context}"] -= Installing the DNS Infoblox module - -Install the DNS Infoblox module on {ProductName}. -You can also install DHCP and DNS Infoblox modules simultaneously by combining this procedure and xref:Installing_the_DHCP_Infoblox_Module_{context}[]. - -.Procedure -. On {ProductName}, enter the following command to configure the Infoblox module: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} --enable-foreman-proxy-plugin-dns-infoblox \ ---foreman-proxy-dns true \ ---foreman-proxy-dns-provider infoblox \ ---foreman-proxy-plugin-dns-infoblox-dns-server _infoblox.example.com_ \ ---foreman-proxy-plugin-dns-infoblox-username _admin_ \ ---foreman-proxy-plugin-dns-infoblox-password _infoblox_ \ ---foreman-proxy-plugin-dns-infoblox-dns-view _default_ ----- -+ -Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox-dns-view` option to specify an Infoblox DNS view other than the default view. -. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the Infoblox DNS module, and ensure that the *dns* feature is listed. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains*. -. For all domains managed through Infoblox, ensure that the *DNS Proxy* is set for those domains. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. -. For all subnets managed through Infoblox, ensure that the *DNS {SmartProxy}* and *Reverse DNS {SmartProxy}* are set for those subnets. diff --git a/guides/common/modules/proc_installing-the-infoblox-ca-certificate.adoc b/guides/common/modules/proc_installing-the-infoblox-ca-certificate.adoc deleted file mode 100644 index 6574830189e..00000000000 --- a/guides/common/modules/proc_installing-the-infoblox-ca-certificate.adoc +++ /dev/null @@ -1,40 +0,0 @@ -[id="Installing_the_Infoblox_CA_Certificate_{context}"] -= Installing the Infoblox CA certificate - -You must install Infoblox HTTPS CA certificate on the base system of {ProductName}. - -.Procedure -* Download the certificate from the Infoblox web UI or you use the following OpenSSL commands to download the certificate: -+ -[options="nowrap" subs="+quotes"] ----- -# update-ca-trust enable -# openssl s_client -showcerts -connect _infoblox.example.com_:443 /etc/pki/ca-trust/source/anchors/infoblox.crt -# update-ca-trust extract ----- -+ -The `_infoblox.example.com_` entry must match the host name for the Infoblox application in the X509 certificate. - -.Verification -* Test the CA certificate by using a `curl` query: -+ -[options="nowrap" subs="+quotes"] ----- -$ curl \ ---user _My_User_Name_:__My_Password__ \ -https://_infoblox.example.com_/wapi/v2.0/network ----- -+ -Example positive response: -+ -[options="nowrap" subs="+quotes"] ----- -[ - { - "_ref": "network/ZG5zLm5ldHdvcmskMTkyLjE2OC4yMDIuMC8yNC8w:__infoblox.example.com__/24/default", - "network": "192.168.202.0/24", - "network_view": "default" - } -] ----- diff --git a/guides/common/modules/proc_configuring-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc similarity index 71% rename from guides/common/modules/proc_configuring-dns-nsupdate.adoc rename to guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc index d968bb84a21..e0a89574b13 100644 --- a/guides/common/modules/proc_configuring-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc @@ -1,10 +1,10 @@ -[id="configuring_dns_nsupdate_{context}"] -= Configuring dns_nsupdate +[id="integrating-a-bind-dns-server-by-using-dns-nsupdate_{context}"] += Integrating a BIND DNS server by using dns_nsupdate The _dns_nsupdate_ DNS provider manages DNS records using the `nsupdate` utility. You can use _dns_nsupdate_ with any DNS server compatible with https://www.rfc-editor.org/rfc/rfc2136[RFC2136]. By default, _dns_nsupdate_ installs the ISC BIND server. -For installation without ISC BIND, see xref:configuring-external-dns_{context}[]. +For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. .Procedure * Configure `dns_nsupdate`: diff --git a/guides/common/modules/proc_configuring-external-dns.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc similarity index 93% rename from guides/common/modules/proc_configuring-external-dns.adoc rename to guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index f745a283513..4e30dce7194 100644 --- a/guides/common/modules/proc_configuring-external-dns.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -1,5 +1,5 @@ -[id="configuring-external-dns_{context}"] -= Configuring {ProductName} with external DNS +[id="integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}"] += Integrating a generic DNS server by using dns_nsupdate You can configure {ProductName} with external DNS. {ProductName} uses the `nsupdate` utility to update DNS records on the remote server. diff --git a/guides/common/modules/proc_configuring-dhcp-libvirt.adoc b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc similarity index 81% rename from guides/common/modules/proc_configuring-dhcp-libvirt.adoc rename to guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc index 61d0dff50e2..6f7feb556a1 100644 --- a/guides/common/modules/proc_configuring-dhcp-libvirt.adoc +++ b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc @@ -1,5 +1,5 @@ -[id="Configuring_dhcp_libvirt_{context}"] -= Configuring dhcp_libvirt +[id="integrating-dnsmas-dhcp-by-using-the-libvirt-api_{context}"] += Integrating dnsmasq DHCP by using the libvirt API The _dhcp_libvirt_ plugin manages IP reservations and leases using `dnsmasq` through the libvirt API. It uses `ruby-libvirt` to connect to the local or remote instance of libvirt daemon. diff --git a/guides/common/modules/proc_configuring-dns-libvirt.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc similarity index 83% rename from guides/common/modules/proc_configuring-dns-libvirt.adoc rename to guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index fe878871842..973de1c0097 100644 --- a/guides/common/modules/proc_configuring-dns-libvirt.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -1,5 +1,5 @@ -[id="configuring_dns_libvirt_{context}"] -= Configuring dns_libvirt +[id="integrating-dnsmasq-dns-by-using-the-libvirt-api_{context}"] += Integrating dnsmasq DNS by using the libvirt API The _dns_libvirt_ DNS provider manages DNS records using dnsmasq through the libvirt API. It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvirt daemon. @@ -17,3 +17,4 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvi ---- + Note that you can only use one network and URL for both _dns_libvirt_ and _dhcp_libvirt_. + diff --git a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc similarity index 97% rename from guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc rename to guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 480646786c2..d6dbdf18aa4 100644 --- a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -1,5 +1,5 @@ -[id="configuring-dynamic-dns-update-with-gss-tsig-authentication_{context}"] -= Configuring dynamic DNS update with GSS-TSIG authentication +[id="integrating-idm-dns-update-with-gss-tsig-authentication_{context}"] += Integrating IdM DNS with GSS-TSIG authentication You can configure the IdM server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in https://tools.ietf.org/html/rfc3645[RFC3645]. To configure the IdM server to use the GSS-TSIG technology, you must install the IdM client on the {ProductName} base operating system. diff --git a/guides/common/modules/proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc similarity index 97% rename from guides/common/modules/proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc rename to guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 9e88f14bd64..bffda39cbe8 100644 --- a/guides/common/modules/proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -1,5 +1,5 @@ -[id="configuring-dynamic-dns-update-with-tsig-authentication_{context}"] -= Configuring dynamic DNS update with TSIG authentication +[id="integrating-idm-dns-with-tsig-authentication_{context}"] += Integrating IdM DNS with TSIG authentication You can configure an IdM server to use the secret key transaction authentication for DNS (TSIG) technology that uses the `rndc.key` key file for authentication. The TSIG protocol is defined in https://tools.ietf.org/html/rfc2845[RFC2845]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc new file mode 100644 index 00000000000..8c296c24d5c --- /dev/null +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -0,0 +1,80 @@ +[id="integrating-infoblox-dhcp_{context}"] += Integrating Infoblox DHCP + +Install the DHCP Infoblox provider on {ProductName}. Note that you cannot manage records in separate views. + +[NOTE] +==== +If you want to use the DHCP and DNS Infoblox modules together, configure the DHCP Infoblox module with the `fixedaddress` record type only. +The `host` record type causes DNS conflicts and is not supported. + +If you configure the DHCP Infoblox module with the `host` record type, you have to unset both DNS {SmartProxy} and Reverse DNS {SmartProxy} options on your Infoblox-managed subnets, because Infoblox does DNS management by itself. +Using the `host` record type leads to creating conflicts and being unable to rename hosts in {Project}. +==== + + +.Limitations +* You can manage DHCP entries only in a single network and view, and you cannot edit the view after you create it. + +* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. + + + +.Prerequisites + +* You must have Infoblox account credentials to manage DHCP and DNS entries in {Project}. +* Ensure that you have Infoblox administration roles with the names: `DHCP Admin` and `DNS Admin`. +* The administration roles must have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. + + +.Procedure +. Download the certificate from the Infoblox server: ++ +[options="nowrap" subs="+quotes"] +---- +# update-ca-trust enable +# openssl s_client -showcerts -connect _infoblox.example.com_:443 /etc/pki/ca-trust/source/anchors/infoblox.crt +# update-ca-trust extract +---- ++ +The `_infoblox.example.com_` entry must match the host name for the Infoblox application in the X509 certificate. + +. Test the CA certificate by using a `curl` query: ++ +[options="nowrap" subs="+quotes"] +---- +# curl -u admin:password https://_infoblox.example.com_/wapi/v2.0/network +---- ++ +Example positive response: ++ +[options="nowrap" subs="+quotes"] +---- +[ + { + "_ref": "network/ZG5zLm5ldHdvcmskMTkyLjE2OC4yMDIuMC8yNC8w:__infoblox.example.com__/24/default", + "network": "192.168.202.0/24", + "network_view": "default" + } +] +---- + + +. On {ProductName}, enter the following command: ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# {foreman-installer} --enable-foreman-proxy-plugin-dhcp-infoblox \ +--foreman-proxy-dhcp true \ +--foreman-proxy-dhcp-provider infoblox \ +--foreman-proxy-dhcp-server _infoblox.example.com_ \ +--foreman-proxy-plugin-dhcp-infoblox-username _admin_ \ +--foreman-proxy-plugin-dhcp-infoblox-password _infoblox_ \ +--foreman-proxy-plugin-dhcp-infoblox-record-type fixedaddress \ +--foreman-proxy-plugin-dhcp-infoblox-dns-view default \ +--foreman-proxy-plugin-dhcp-infoblox-network-view default +---- +. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. +. For all subnets managed through Infoblox, ensure that the IP address management (*IPAM*) method of the subnet is set to `DHCP`. diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc new file mode 100644 index 00000000000..9d2a1f86c61 --- /dev/null +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -0,0 +1,74 @@ +[id="integrating-infoblox-dns_{context}"] += Integrating Infoblox DNS + +Install the DNS Infoblox provider on {ProductName}. + + +.Limitations +* You can manage DNS entries only in a single network and view, and you cannot edit the view after you create it. + +* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. + +* You cannot integrate the {Project} IP address management (IPAM) feature into Infoblox. + + +.Prerequisites + +* You must have Infoblox account credentials to manage DHCP and DNS entries in {Project}. +* Ensure that you have Infoblox administration roles with the names: `DHCP Admin` and `DNS Admin`. +* The administration roles must have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. + + +.Procedure +. Download the certificate from the Infoblox server: ++ +[options="nowrap" subs="+quotes"] +---- +# update-ca-trust enable +# openssl s_client -showcerts -connect _infoblox.example.com_:443 /etc/pki/ca-trust/source/anchors/infoblox.crt +# update-ca-trust extract +---- ++ +The `_infoblox.example.com_` entry must match the host name for the Infoblox application in the X509 certificate. + +. Test the CA certificate by using a `curl` query: ++ +[options="nowrap" subs="+quotes"] +---- +# curl -u admin:password https://_infoblox.example.com_/wapi/v2.0/network +---- ++ +Example positive response: ++ +[options="nowrap" subs="+quotes"] +---- +[ + { + "_ref": "network/ZG5zLm5ldHdvcmskMTkyLjE2OC4yMDIuMC8yNC8w:__infoblox.example.com__/24/default", + "network": "192.168.202.0/24", + "network_view": "default" + } +] +---- + +. On {ProductName}, enter the following command to configure the Infoblox module: ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# {foreman-installer} --enable-foreman-proxy-plugin-dns-infoblox \ +--foreman-proxy-dns true \ +--foreman-proxy-dns-provider infoblox \ +--foreman-proxy-plugin-dns-infoblox-dns-server _infoblox.example.com_ \ +--foreman-proxy-plugin-dns-infoblox-username _admin_ \ +--foreman-proxy-plugin-dns-infoblox-password _infoblox_ \ +--foreman-proxy-plugin-dns-infoblox-dns-view _default_ +---- ++ +Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox-dns-view` option to specify an Infoblox DNS view other than the default view. +. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the Infoblox DNS module, and ensure that the *dns* feature is listed. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains*. +. For all domains managed through Infoblox, ensure that the *DNS Proxy* is set for those domains. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. +. For all subnets managed through Infoblox, ensure that the *DNS {SmartProxy}* and *Reverse DNS {SmartProxy}* are set for those subnets. + diff --git a/guides/common/modules/proc_configuring-dns-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc similarity index 88% rename from guides/common/modules/proc_configuring-dns-powerdns.adoc rename to guides/common/modules/proc_integrating-powerdns.adoc index 0d870a7b5cf..5cf0212ec02 100644 --- a/guides/common/modules/proc_configuring-dns-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -1,5 +1,5 @@ -[id="configuring_dns_powerdns_{context}"] -= Configuring dns_powerdns +[id="integrating-powerdns_{context}"] += Integrating PowerDNS The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerdns.com/[PowerDNS] REST API. diff --git a/guides/common/modules/proc_configuring-dns-route53.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc similarity index 88% rename from guides/common/modules/proc_configuring-dns-route53.adoc rename to guides/common/modules/proc_integrating-route-53-dns.adoc index 77de03e74a9..089e7f0451e 100644 --- a/guides/common/modules/proc_configuring-dns-route53.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -1,5 +1,5 @@ -[id="configuring_dns_route53_{context}"] -= Configuring dns_route53 +[id="integratinig-route-53_{context}"] += Integratiing Route 53 DNS _Route 53_ is a DNS provider by Amazon. For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53]. diff --git a/guides/common/modules/proc_securing-the-dhcp-api.adoc b/guides/common/modules/proc_securing-the-dhcpd-api.adoc similarity index 95% rename from guides/common/modules/proc_securing-the-dhcp-api.adoc rename to guides/common/modules/proc_securing-the-dhcpd-api.adoc index bdf0a6a443f..4307c584646 100644 --- a/guides/common/modules/proc_securing-the-dhcp-api.adoc +++ b/guides/common/modules/proc_securing-the-dhcpd-api.adoc @@ -1,4 +1,4 @@ -[id="Securing_the_dhcpd_API_{context}"] +[id="securing-the-dhcpd-api_{context}"] = Securing the dhcpd API {SmartProxy} interacts with DHCP daemon using the dhcpd API to manage DHCP. diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index 8f7f4bf3c25..2308619a44c 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,27 +10,9 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] -= New structure - include::common/assembly_configuring-dns-integration.adoc[leveloffset=+1] include::common/assembly_configuring-dhcp-integration.adoc[leveloffset=+1] include::common/assembly_configuring-tftp-integration.adoc[leveloffset=+1] -= Old structure - -Content heap. - -:ProductName: {SmartProxy} -include::common/assembly_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] - -include::common/assembly_configuring-external-services.adoc[leveloffset=+1] - -include::common/assembly_managing-dhcp-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_managing-dns-on-smart-proxies.adoc[leveloffset=+1] - -include::common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc[leveloffset=+1] - -endif::[] From b8c755a55f297280b85b16f9c756eee274a9907d Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 8 Apr 2025 15:41:15 +0200 Subject: [PATCH 09/47] Remove obsolete files --- ...ssembly_configuring-dns-dhcp-and-tftp.adoc | 7 --- .../assembly_configuring-external-dhcp.adoc | 12 ---- ...assembly_configuring-external-idm-dns.adoc | 15 ----- ...ssembly_configuring-external-services.adoc | 16 ----- guides/common/assembly_deployment-path.adoc | 2 - ...sembly_managing-dhcp-on-smart-proxies.adoc | 7 --- ...ssembly_managing-dns-on-smart-proxies.adoc | 11 ---- ...ng-infoblox-as-dhcp-and-dns-providers.adoc | 11 ---- .../con_configuring-dns-dhcp-and-tftp.adoc | 29 --------- ...iguring-project-with-external-idm-dns.adoc | 39 ------------ ...guring-project-with-external-services.adoc | 4 -- ...ng-infoblox-as-dhcp-and-dns-providers.adoc | 6 -- .../proc_configuring-dns-dhcp-and-tftp.adoc | 62 ------------------- ...-dns-dhcp-tftp-for-unmanaged-networks.adoc | 45 -------------- ...ns-dhcp-and-tftp-additional-resources.adoc | 7 --- 15 files changed, 273 deletions(-) delete mode 100644 guides/common/assembly_configuring-dns-dhcp-and-tftp.adoc delete mode 100644 guides/common/assembly_configuring-external-dhcp.adoc delete mode 100644 guides/common/assembly_configuring-external-idm-dns.adoc delete mode 100644 guides/common/assembly_configuring-external-services.adoc delete mode 100644 guides/common/assembly_managing-dhcp-on-smart-proxies.adoc delete mode 100644 guides/common/assembly_managing-dns-on-smart-proxies.adoc delete mode 100644 guides/common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc delete mode 100644 guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc delete mode 100644 guides/common/modules/con_configuring-project-with-external-idm-dns.adoc delete mode 100644 guides/common/modules/con_configuring-project-with-external-services.adoc delete mode 100644 guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc delete mode 100644 guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc delete mode 100644 guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc delete mode 100644 guides/common/modules/ref_configuring-dns-dhcp-and-tftp-additional-resources.adoc diff --git a/guides/common/assembly_configuring-dns-dhcp-and-tftp.adoc b/guides/common/assembly_configuring-dns-dhcp-and-tftp.adoc deleted file mode 100644 index 95a96311f00..00000000000 --- a/guides/common/assembly_configuring-dns-dhcp-and-tftp.adoc +++ /dev/null @@ -1,7 +0,0 @@ -include::modules/con_configuring-dns-dhcp-and-tftp.adoc[] - -include::modules/proc_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+1] - -include::modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc[leveloffset=+1] - -include::modules/ref_configuring-dns-dhcp-and-tftp-additional-resources.adoc[leveloffset=+1] diff --git a/guides/common/assembly_configuring-external-dhcp.adoc b/guides/common/assembly_configuring-external-dhcp.adoc deleted file mode 100644 index a1d47b7764d..00000000000 --- a/guides/common/assembly_configuring-external-dhcp.adoc +++ /dev/null @@ -1,12 +0,0 @@ -ifdef::context[:parent-context: {context}] - -include::modules/con_configuring-project-with-external-dhcp.adoc[] - -//Configuring an External DHCP Server to Use with {ProductName} -include::modules/proc_configuring-an-external-dhcp-server.adoc[leveloffset=+1] - -//Configuring {ProductName} with an External DHCP Server -include::modules/proc_configuring-satellite-deployment-with-an-external-dhcp-server.adoc[leveloffset=+1] - -ifdef::parent-context[:context: {parent-context}] -ifndef::parent-context[:!context:] diff --git a/guides/common/assembly_configuring-external-idm-dns.adoc b/guides/common/assembly_configuring-external-idm-dns.adoc deleted file mode 100644 index 1f55a9a89c1..00000000000 --- a/guides/common/assembly_configuring-external-idm-dns.adoc +++ /dev/null @@ -1,15 +0,0 @@ -ifdef::context[:parent-context: {context}] - -include::modules/con_configuring-project-with-external-idm-dns.adoc[] - -//Configuring Dynamic DNS Update with GSS-TSIG Authentication -include::modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc[leveloffset=+1] - -//Configuring Dynamic DNS Update with TSIG Authentication -include::modules/proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc[leveloffset=+1] - -//Reverting to Internal DNS Service -include::modules/proc_reverting-to-internal-dns-service.adoc[leveloffset=+1] - -ifdef::parent-context[:context: {parent-context}] -ifndef::parent-context[:!context:] diff --git a/guides/common/assembly_configuring-external-services.adoc b/guides/common/assembly_configuring-external-services.adoc deleted file mode 100644 index 3886648e619..00000000000 --- a/guides/common/assembly_configuring-external-services.adoc +++ /dev/null @@ -1,16 +0,0 @@ -:parent-context: {context} - -include::modules/con_configuring-project-with-external-services.adoc[] - -include::modules/proc_configuring-external-dns.adoc[leveloffset=+1] - -include::assembly_configuring-external-dhcp.adoc[leveloffset=+1] - -include::modules/proc_configuring-external-tftp.adoc[leveloffset=+1] - -include::assembly_configuring-external-idm-dns.adoc[leveloffset=+1] - -include::assembly_configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm.adoc[leveloffset=+1] - -:context: {parent-context} -:!parent-context: diff --git a/guides/common/assembly_deployment-path.adoc b/guides/common/assembly_deployment-path.adoc index b1db6776f12..e1870316c7b 100644 --- a/guides/common/assembly_deployment-path.adoc +++ b/guides/common/assembly_deployment-path.adoc @@ -4,8 +4,6 @@ include::modules/con_installing-a-project-server.adoc[leveloffset=+1] include::modules/con_configuring-project-server-with-external-database.adoc[leveloffset=+2] -include::modules/con_configuring-dns-dhcp-and-tftp.adoc[leveloffset=+2] - include::modules/con_deploying-project-on-aws.adoc[leveloffset=+1] include::modules/ref_configuring-external-authentication-in-foreman.adoc[leveloffset=+1] diff --git a/guides/common/assembly_managing-dhcp-on-smart-proxies.adoc b/guides/common/assembly_managing-dhcp-on-smart-proxies.adoc deleted file mode 100644 index d49d583aa6b..00000000000 --- a/guides/common/assembly_managing-dhcp-on-smart-proxies.adoc +++ /dev/null @@ -1,7 +0,0 @@ -include::modules/con_managing-dhcp-by-using-smartproxy.adoc[] - -ifndef::satellite[] -include::modules/proc_configuring-dhcp-libvirt.adoc[leveloffset=+1] -endif::[] - -include::modules/proc_securing-the-dhcp-api.adoc[leveloffset=+1] diff --git a/guides/common/assembly_managing-dns-on-smart-proxies.adoc b/guides/common/assembly_managing-dns-on-smart-proxies.adoc deleted file mode 100644 index 6c67e212d59..00000000000 --- a/guides/common/assembly_managing-dns-on-smart-proxies.adoc +++ /dev/null @@ -1,11 +0,0 @@ -include::modules/con_managing-dns-by-using-smartproxy.adoc[] - -include::modules/proc_configuring-dns-nsupdate.adoc[leveloffset=+1] - -ifndef::satellite[] -include::modules/proc_configuring-dns-libvirt.adoc[leveloffset=+1] - -include::modules/proc_configuring-dns-powerdns.adoc[leveloffset=+1] - -include::modules/proc_configuring-dns-route53.adoc[leveloffset=+1] -endif::[] diff --git a/guides/common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc b/guides/common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc deleted file mode 100644 index 15f1cc19f8e..00000000000 --- a/guides/common/assembly_using-infoblox-as-dhcp-and-dns-providers.adoc +++ /dev/null @@ -1,11 +0,0 @@ -include::modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc[] - -include::modules/con_infoblox-limitations.adoc[leveloffset=+1] - -include::modules/con_infoblox-prerequisites.adoc[leveloffset=+1] - -include::modules/proc_installing-the-infoblox-ca-certificate.adoc[leveloffset=+1] - -include::modules/proc_installing-the-dhcp-infoblox-module.adoc[leveloffset=+1] - -include::modules/proc_installing-the-dns-infoblox-module.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc b/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc deleted file mode 100644 index 6c1bb2233dc..00000000000 --- a/guides/common/modules/con_configuring-dns-dhcp-and-tftp.adoc +++ /dev/null @@ -1,29 +0,0 @@ -[id="configuring-dns-dhcp-and-tftp"] -= Configuring DNS, DHCP, and TFTP - -You can manage DNS, DHCP, and TFTP centrally within the {Project} environment, or you can manage them independently after disabling their maintenance on {Project}. -ifndef::foreman-deb,orcharhino[] -You can also run DNS, DHCP, and TFTP externally, outside of the {Project} environment. -endif::[] - -ifndef::orcharhino[] -ifeval::["{context}" == "planning"] -.Additional resources -ifndef::satellite[] -* For more information about configuring DNS, DHCP, and TFTP on {ProjectServer}, see {InstallingServerDocURL}configuring-dns-dhcp-and-tftp_{project-context}[Configuring DNS, DHCP, and TFTP] in _{InstallingServerDocTitle}_. -endif::[] -ifdef::satellite[] -* For more information about configuring DNS, DHCP, and TFTP on {ProjectServer}, see the following documents: -** {InstallingServerDocURL}configuring-dns-dhcp-and-tftp_{project-context}[Configuring DNS, DHCP, and TFTP] in _{InstallingServerDocTitle}_ -** {InstallingServerDisconnectedDocURL}configuring-dns-dhcp-and-tftp_{project-context}[Configuring DNS, DHCP, and TFTP] in _{InstallingServerDisconnectedDocTitle}_ -endif::[] -ifndef::foreman-deb,orcharhino,satellite[] -* For more information about configuring DNS, DHCP, and TFTP externally, see {InstallingServerDocURL}configuring-external-services_{project-context}[Configuring external services] in _{InstallingServerDocTitle}_. -endif::[] -ifdef::satellite[] -* For more information about configuring DNS, DHCP, and TFTP externally, see the following documents: -** {InstallingServerDocURL}configuring-external-services_{project-context}[Configuring external services] in _{InstallingServerDocTitle}_. -** {InstallingServerDisconnectedDocURL}configuring-external-services_{project-context}[Configuring external services] in _{InstallingServerDisconnectedDocTitle}_ -endif::[] -endif::[] -endif::[] diff --git a/guides/common/modules/con_configuring-project-with-external-idm-dns.adoc b/guides/common/modules/con_configuring-project-with-external-idm-dns.adoc deleted file mode 100644 index 344a0452fe9..00000000000 --- a/guides/common/modules/con_configuring-project-with-external-idm-dns.adoc +++ /dev/null @@ -1,39 +0,0 @@ -[id="configuring-external-idm-dns_{context}"] -= Configuring {ProductName} with external IdM DNS - -When {ProjectServer} adds a DNS record for a host, it first determines which {SmartProxy} is providing DNS for that domain. -It then communicates with the {SmartProxy} that is configured to provide DNS service for your deployment and adds the record. -The hosts are not involved in this process. -Therefore, you must install and configure the IdM client on the {Project} or {SmartProxy} that is currently configured to provide a DNS service for the domain you want to manage by using the IdM server. - -{ProductName} can be configured to use a Red{nbsp}Hat Identity Management (IdM) server to provide DNS service. -ifdef::satellite[] -For more information about Red{nbsp}Hat Identity Management, see the {RHELDocsBaseURL}7/html-single/linux_domain_identity_authentication_and_policy_guide/index[_{RHEL}{nbsp}7 Linux Domain Identity, Authentication, and Policy Guide_]. -endif::[] - -To configure {ProductName} to use a Red{nbsp}Hat Identity Management (IdM) server to provide DNS service, use one of the following procedures: - -* xref:configuring-dynamic-dns-update-with-gss-tsig-authentication_{context}[] - -* xref:configuring-dynamic-dns-update-with-tsig-authentication_{context}[] - -To revert to internal DNS service, use the following procedure: - -* xref:reverting-to-internal-dns-service_{context}[] - -[NOTE] -You are not required to use {ProductName} to manage DNS. -When you are using the realm enrollment feature of {Project}, where provisioned hosts are enrolled automatically to IdM, the `ipa-client-install` script creates DNS records for the client. -Configuring {ProductName} with external IdM DNS and realm enrollment are mutually exclusive. -For more information about configuring realm enrollment, see -ifeval::["{context}" == "{project-context}"] -ifeval::["{mode}" == "connected"] -xref:configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm_{context}[]. -endif::[] -ifeval::["{mode}" == "disconnected"] -{InstallingServerDocURL}configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm_{project-context}[Configuring {Project} to manage the lifecycle of a host registered to a {FreeIPA} realm] in _{InstallingServerDocTitle}_. -endif::[] -endif::[] -ifeval::["{context}" == "{smart-proxy-context}"] -{InstallingServerDocURL}configuring-project-to-manage-the-lifecycle-of-a-host-registered-to-a-freeipa-realm_{project-context}[Configuring {Project} to manage the lifecycle of a host registered to a {FreeIPA} realm] in _{InstallingServerDocTitle}_. -endif::[] diff --git a/guides/common/modules/con_configuring-project-with-external-services.adoc b/guides/common/modules/con_configuring-project-with-external-services.adoc deleted file mode 100644 index 22979d07a79..00000000000 --- a/guides/common/modules/con_configuring-project-with-external-services.adoc +++ /dev/null @@ -1,4 +0,0 @@ -[id="configuring-external-services"] -= Configuring {ProductName} with external services - -If you do not want to configure the DNS, DHCP, and TFTP services on {ProductName}, use this section to configure your {ProductName} to work with external DNS, DHCP, and TFTP services. diff --git a/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc b/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc deleted file mode 100644 index 86ebb08ea50..00000000000 --- a/guides/common/modules/con_using-infoblox-as-dhcp-and-dns-providers.adoc +++ /dev/null @@ -1,6 +0,0 @@ -[id="Using_Infoblox_as_DHCP_and_DNS_Providers"] -= Using Infoblox as DHCP and DNS providers - -You can use {ProductName} to connect to your Infoblox application to create and manage DHCP and DNS records, and to reserve IP addresses. - -The supported Infoblox version is NIOS 8.0 or higher. diff --git a/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc b/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc deleted file mode 100644 index cbcecb883f2..00000000000 --- a/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc +++ /dev/null @@ -1,62 +0,0 @@ -[id="configuring-dns-dhcp-and-tftp-on-productname_{context}"] -= Configuring DNS, DHCP, and TFTP on {ProductName} - -To configure the DNS, DHCP, and TFTP services on {ProductName}, use the `{foreman-installer}` command with the options appropriate for your environment. - -Any changes to the settings require entering the `{foreman-installer}` command again. -You can enter the command multiple times and each time it updates all configuration files with the changed values. - -.Prerequisites - -ifeval::["{context}" == "{project-context}"] -* Ensure that the following information is available to you: -** DHCP IP address ranges -** DHCP gateway IP address -** DHCP nameserver IP address -** DNS information -** TFTP server name - -* Use the FQDN instead of the IP address where possible in case of network changes. -endif::[] - -ifeval::["{context}" == "{smart-proxy-context}"] -* You must have the correct network name (`dns-interface`) for the DNS server. -* You must have the correct interface name (`dhcp-interface`) for the DHCP server. -endif::[] - -* Contact your network administrator to ensure that you have the correct settings. - -.Procedure - -* Enter the `{foreman-installer}` command with the options appropriate for your environment. -The following example shows configuring full provisioning services: - -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-dns true \ ---foreman-proxy-dns-managed true \ ---foreman-proxy-dns-zone _example.com_ \ ---foreman-proxy-dns-reverse _2.0.192.in-addr.arpa_ \ ---foreman-proxy-dhcp true \ ---foreman-proxy-dhcp-managed true \ ---foreman-proxy-dhcp-range "_192.0.2.100_ _192.0.2.150_" \ ---foreman-proxy-dhcp-gateway _192.0.2.1_ \ ---foreman-proxy-dhcp-nameservers _192.0.2.2_ \ ---foreman-proxy-tftp true \ ---foreman-proxy-tftp-managed true \ ---foreman-proxy-tftp-servername _192.0.2.3_ ----- - -You can monitor the progress of the `{foreman-installer}` command displayed in your prompt. -You can view the logs in `{installer-log-file}`. - -.Additional resources -* For more information about the `{foreman-installer}` command, enter `{foreman-installer} --help`. -ifeval::["{context}" == "{smart-proxy-context}"] -ifndef::foreman-deb,orcharhino[] -* For more information about configuring DNS, DHCP, and TFTP externally, see xref:configuring-external-services[]. -endif::[] -* For more information about configuring DHCP, DNS, and TFTP services, see {ProvisioningDocURL}Configuring_Network_Services_provisioning[Configuring Network Services] in _{ProvisioningDocTitle}_. -endif::[] diff --git a/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc b/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc deleted file mode 100644 index 31f83ed4bb7..00000000000 --- a/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc +++ /dev/null @@ -1,45 +0,0 @@ -[id="disabling-dns-dhcp-tftp-for-unmanaged-networks_{context}"] -= Disabling DNS, DHCP, and TFTP for unmanaged networks - -If you want to manage TFTP, DHCP, and DNS services manually, you must prevent {Project} from maintaining these services on the operating system and disable orchestration to avoid DHCP and DNS validation errors. - -[IMPORTANT] -==== -Disabling these {SmartProxy} features means {Project} will no longer orchestrate DNS, DHCP, and TFTP, but it does not stop or remove the corresponding services. -==== - -.Procedure - -. Disable DHCP, DNS, and TFTP integration on your {ProjectServer}: -+ -[options="nowrap", subs="+quotes,attributes"] ----- -# {foreman-installer} --foreman-proxy-dhcp false \ ---foreman-proxy-dns false \ ---foreman-proxy-tftp false ----- - -. Disable the {SmartProxy} integration for every subnet: - -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. -.. Select a subnet. -.. On the *{SmartProxies}* tab, clear the *DHCP {SmartProxy}*, *TFTP {SmartProxy}*, and *Reverse DNS {SmartProxy}* fields. - -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select a domain. - -. Clear the *DNS {SmartProxy}* field. - -. Optional: If you use a DHCP service supplied by a third party, configure your DHCP server to pass the following options: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -Option 66: __IP address of {Project} or {SmartProxy}__ -Option 67: /pxelinux.0 ----- -+ -For more information about DHCP options, see https://tools.ietf.org/html/rfc2132[RFC 2132]. - -[NOTE] -{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. -When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. -When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP and DNS records as well as the TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. diff --git a/guides/common/modules/ref_configuring-dns-dhcp-and-tftp-additional-resources.adoc b/guides/common/modules/ref_configuring-dns-dhcp-and-tftp-additional-resources.adoc deleted file mode 100644 index 6828ac0cf32..00000000000 --- a/guides/common/modules/ref_configuring-dns-dhcp-and-tftp-additional-resources.adoc +++ /dev/null @@ -1,7 +0,0 @@ -[id="configuring-dns-dhcp-and-tftp-additional-resources_{context}"] -= Additional resources - -ifndef::foreman-deb,orcharhino[] -* For more information about configuring DNS, DHCP, and TFTP externally, see xref:configuring-external-services[]. -endif::[] -* For more information about configuring DHCP, DNS, and TFTP services, see {ProvisioningDocURL}Configuring_Network_Services_provisioning[Configuring Network Services] in _{ProvisioningDocTitle}_. From 8c530c4d517f88c1ef082e95d8f57b15b4c826b5 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 14 Apr 2025 12:19:30 +0200 Subject: [PATCH 10/47] Add "Associating the DNS|DHCP|TFTP service with a domain|subnet" sections --- ...assembly_configuring-dhcp-integration.adoc | 2 +- .../assembly_configuring-dns-integration.adoc | 4 +-- ...assembly_configuring-tftp-integration.adoc | 2 +- .../modules/con_dhcp-service-providers.adoc | 11 ++++---- .../modules/con_dns-service-providers.adoc | 14 +++++++--- ...con_integrating-a-generic-tftp-server.adoc | 2 +- ...-dhcp-and-tftp-integration-in-project.adoc | 5 ++++ ...iating-the-dhcp-service-with-a-subnet.adoc | 22 ++++++++++++++++ ...-dns-service-with-a-domain-and-subnet.adoc | 26 +++++++++++++++++++ ...iating-the-tftp-service-with-a-subnet.adoc | 19 ++++++++++++++ ...configuring-server-for-use-with-dhcpd.adoc | 4 ++- ..._configuring-server-for-use-with-tftp.adoc | 16 ++++++++++++ ...ng-the-installer-managed-dhcp-service.adoc | 14 +--------- ...ing-the-installer-managed-dns-service.adoc | 21 +-------------- ...bind-dns-server-by-using-dns-nsupdate.adoc | 5 +++- ...eric-dns-server-by-using-dns-nsupdate.adoc | 9 +++++++ ...-dnsmas-dhcp-by-using-the-libvirt-api.adoc | 5 +++- ...-dnsmasq-dns-by-using-the-libvirt-api.adoc | 4 ++- ...-idm-dns-with-gss-tsig-authentication.adoc | 13 ++-------- ...ting-idm-dns-with-tsig-authentication.adoc | 3 +++ .../proc_integrating-infoblox-dhcp.adoc | 3 +++ .../proc_integrating-infoblox-dns.adoc | 2 ++ .../modules/proc_integrating-powerdns.adoc | 5 +++- .../proc_integrating-route-53-dns.adoc | 7 +++-- .../doc-Configuring_DNS_DHCP_TFTP/master.adoc | 2 ++ 25 files changed, 154 insertions(+), 66 deletions(-) create mode 100644 guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc create mode 100644 guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc create mode 100644 guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc create mode 100644 guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 0831c1633fd..ab79f7e5686 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -12,7 +12,7 @@ endif::[] include::modules/con_integrating-a-generic-dhcp-server.adoc[leveloffset=+1] -== Associating the DHCP service with a subnet +include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc index aba3002997d..c93018d801e 100644 --- a/guides/common/assembly_configuring-dns-integration.adoc +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -20,9 +20,7 @@ include::modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc[l include::modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc[leveloffset=+1] -== Associating the DNS service with a subnet - -== Associating the DNS service with a domain +include::modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-dns-for-integration.adoc[leveloffset=+1] diff --git a/guides/common/assembly_configuring-tftp-integration.adoc b/guides/common/assembly_configuring-tftp-integration.adoc index f41d3359f93..c587bc34fbd 100644 --- a/guides/common/assembly_configuring-tftp-integration.adoc +++ b/guides/common/assembly_configuring-tftp-integration.adoc @@ -4,7 +4,7 @@ include::modules/proc_enabling-the-installer-managed-tftp-service.adoc[leveloffs include::modules/con_integrating-a-generic-tftp-server.adoc[leveloffset=+1] -== Associating the TFTP service with a subnet +include::modules/proc_associating-the-tftp-service-with-a-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-tftp-for-integration.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index f5322b1cf00..f6aa829a503 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -6,20 +6,21 @@ A {SmartProxy} has multiple DHCP providers that you can use to integrate {Projec You can use the DHCP module of {SmartProxy} to query for available IP addresses, add new, and delete existing reservations. Note that your {SmartProxy} cannot manage subnet declarations. + .Available DHCP providers * `dhcp_infoblox` {endash} For more information, see xref:integrating-infoblox-dhcp_{context}[]. -* `dhcp_isc` {endash} ISC DHCP server over OMAPI. - -* `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. -For more information, see xref:integrating-a-generic-dhcp-server[]. - ifndef::satellite[] * `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API. For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api_{context}[]. endif::[] +* `dhcp_isc` {endash} ISC DHCP server over OMAPI. + +* `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. +For more information, see xref:integrating-a-generic-dhcp-server[]. + ifdef::orcharhino[] * `dhcp_native_ms` {endash} Microsoft Active Directory by using API endif::[] diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index b88a44cf23d..296d1091ebb 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -13,11 +13,11 @@ ifdef::orcharhino[] * `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. endif::[] -* `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. -For more information, see xref:integrating-idm-dns-update-with-gss-tsig-authentication_{context}[]. +* `dns_infoblox` {endash} Dynamic DNS updates by using Infoblox DNS. +For more information, see xref:integrating-infoblox-dns_{context}[]. -* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. -For more information, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. +* `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. +For more information, see xref:integrating-idm-dns-with-tsig-authentication_{context}[] and xref:integrating-idm-dns-update-with-gss-tsig-authentication_{context}[]. ifndef::satellite[] * `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. @@ -25,8 +25,14 @@ For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api_ * `dns_powerdns` {endash} https://www.powerdns.com/[PowerDNS]. For more information, see xref:integrating-powerdns_{context}[]. + +* `dns_route53` {endash} Dynamic DNS updates by using Amazon Route 53 DNS. +For more information, see xref:integratinig-route-53_{context}[]. endif::[] +* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. +For more information, see xref:integrating-a-bind-dns-server-by-using-dns-nsupdate_{context}[] and xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. + ifdef::foreman-el,foreman-deb,katello[] For more information, see https://projects.theforeman.org/projects/foreman/wiki/List_of_Smart-Proxy_Plugins#DNS-plugins[List of DNS plugins] endif::[] diff --git a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc index f9847a97f6e..63f983c152e 100644 --- a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc +++ b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc @@ -3,7 +3,7 @@ You can configure {ProductName} with a TFTP service that is not maintained by the {ProductName} installer. -== Configuring TFTP to use with {ProductName} +//== Configuring TFTP to use with {ProductName} include::proc_configuring-server-for-use-with-tftp.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc new file mode 100644 index 00000000000..12b3a7f7449 --- /dev/null +++ b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc @@ -0,0 +1,5 @@ +[id="introduction-to-dns-dhcp-and-tftp-integration-in-{Project}_{context}"] += Introduction to DNS, DHCP, and TFTP integration in {Project} + +By default, {Project} uses its integrated DNS, DHCP, and TFTP services. However, a key of {Project} is the ability to seamlessly integrate with existing network services. By configuring the corresponding providers, you can use existing DNS, DHCP, and TFTP services and integrate them in to {Project}. + diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc new file mode 100644 index 00000000000..082140210b3 --- /dev/null +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -0,0 +1,22 @@ +[id="associating-the-dhcp-service-with-a-subnet_{context}"] += Associating the DHCP service with a subnet + +After you changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. +// MARC: New module. +// Needs to be checked if it is technically correct. + + +.Prerequisites +* You are logged in to the {ProjectWebUI}. + + +.Procedure + +. Navigate to *Infrastructure* > *Subnets* and select the subnet name. + +. In the *Subnet* tab, set *IPAM* to *DHCP*. + +. In the *{SmartProxy}*, set *DHCP Proxy* to your {SmartProxy}. + +. Click *Submit* to save the changes. + diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc new file mode 100644 index 00000000000..1eb1810de09 --- /dev/null +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -0,0 +1,26 @@ +[id="associating-the-dns-service-with-a-domain-and-subnet_{context}"] += Associating the DNS service with a domain and subnet + +After you changed the DNS provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. +// MARC: New module. Content copied from the end of the procedure in https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc +// Needs to be checked if it is technically correct. + + +.Prerequisites +* You are logged in to the {ProjectWebUI}. + + +.Procedure + +. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*. +. Configure the domain: +.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name. +.. In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. + +. Configure the subnet: +.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. +.. In the *Subnet* tab, set *IPAM* to *None*. +.. In the *Domains* tab, select the domain that you want to manage using the IdM server. +.. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. +.. Click *Submit* to save the changes. + diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc new file mode 100644 index 00000000000..0304a1d4015 --- /dev/null +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -0,0 +1,19 @@ +[id="associating-the-tftp-service-with-a-subnet_{context}"] += Associating the TFTP service with a subnet + +After you changed the TFTP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. +// MARC: New module. +// Needs to be checked if it is technically correct. + +.Prerequisites +* You are logged in to the {ProjectWebUI}. + + +.Procedure + +. Navigate to *Infrastructure* > *Subnets*, and select the subnet name. + +. In the *{SmartProxies}* tab, select the {SmartProxy} for both TFTP and HTTP boot. + +. Click *Submit* to save the changes. + diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index e1378b92b76..f74f82a23ae 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -73,4 +73,6 @@ $ exit --foreman-proxy-plugin-dhcp-remote-isc-key-secret=_My_Secret_ \ --foreman-proxy-plugin-dhcp-remote-isc-omapi-port=7911 ---- -. Associate the DHCP service with the appropriate subnets and domain. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 2967433643b..cefd5af80cf 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -3,6 +3,12 @@ You can configure {ProductName} with external TFTP services. + +.Prerequisites +* You configured the TFTP server. +* You shared the `/var/lib/tftpboot` on the TFTP server with NFS. + + .Procedure . Create the TFTP directory for NFS: + @@ -10,18 +16,21 @@ You can configure {ProductName} with external TFTP services. ---- # mkdir -p /mnt/nfs/var/lib/tftpboot ---- + . In the `/etc/fstab` file, add the following line: + [options="nowrap" subs="+quotes"] ---- _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 ---- + . Mount the file systems in `/etc/fstab`: + [options="nowrap"] ---- # mount -a ---- + . Enter the `{foreman-installer}` command to make the following persistent changes to the `/etc/foreman-proxy/settings.d/tftp.yml` file: + [options="nowrap" subs="+quotes,attributes"] @@ -30,12 +39,19 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ --foreman-proxy-tftp=true ---- + . If the TFTP service is running on a different server than the DHCP service, update the `tftp_servername` setting with the FQDN or IP address of the server that the TFTP service is running on: + [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} --foreman-proxy-tftp-servername=_TFTP_Server_FQDN_ ---- + . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. + . Locate the {ProductName} and select *Refresh* from the list in the *Actions* column. + . Associate the TFTP service with the appropriate subnets and domain. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 2d8b0b6bc74..54a4e417717 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -61,17 +61,5 @@ ifeval::["{context}" == "{project-context}"] For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. endif::[] -After you run the `{foreman-installer}` command to make any changes to your {SmartProxy} configuration, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. - - -.Updating the configuration in the {ProjectWebUI} - -. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. -. For each {SmartProxy} that you want to update, from the *Actions* list, select *Refresh*. - -. Configure the subnet: - -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. -.. In the *Subnet* tab, set *IPAM* to *DHCP* or *Internal DB*. -.. Click *Submit* to save the changes. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 08bc46407b3..c75adbe71a5 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -47,24 +47,5 @@ ifeval::["{context}" == "{project-context}"] For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. endif::[] -. Update the configuration of each affected {SmartProxy} in the {ProjectWebUI}: - -.. Navigate to *Infrastructure* > *{SmartProxies}*. - -.. For each {SmartProxy} that you want to update, select *Refresh* in the *Actions* list. - -.. Configure the domain: - -... Navigate to *Infrastructure* > *Domains* -... Click the domain name that you want to configure. -... In the *Domain* tab, set *DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. - -.. Configure the subnet: - -... Navigate to *Infrastructure* > *Subnets*. -... Select the subnet name. -... In the *Subnet* tab, set *IPAM* to *DHCP* or *Internal DB*. -... In the *Domains* tab, select the domain that you want to manage using {Project} or {SmartProxy}. -... In the *{SmartProxies}* tab, set *Reverse DNS {SmartProxy}* to the {SmartProxy} where the subnet is connected. -... Click *Submit* to save the changes. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. diff --git a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc index e0a89574b13..78224289c9c 100644 --- a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc @@ -7,7 +7,7 @@ By default, _dns_nsupdate_ installs the ISC BIND server. For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. .Procedure -* Configure `dns_nsupdate`: +. Configure `dns_nsupdate`: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -18,3 +18,6 @@ For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by- --foreman-proxy-dns-zone _example.com_ \ --foreman-proxy-dns-reverse _2.0.192.in-addr.arpa_ ---- + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index 4e30dce7194..a482e4cf196 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -17,6 +17,7 @@ To make any changes persistent, you must enter the `{foreman-installer}` command ---- # scp root@_dns.example.com_:/etc/rndc.key /etc/foreman-proxy/rndc.key ---- + . Configure the ownership, permissions, and SELinux context: + [options="nowrap"] @@ -27,6 +28,7 @@ endif::[] # chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key # chmod -v 640 /etc/foreman-proxy/rndc.key ---- + . To test the `nsupdate` utility, add a host remotely: + [options="nowrap", subs="+quotes"] @@ -39,6 +41,7 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key update delete aaa.example.com 3600 IN A _Host_IP_Address_\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- + . Enter the `{foreman-installer}` command to make the following persistent changes to the `/etc/foreman-proxy/settings.d/dns.yml` file: + [options="nowrap", subs="+quotes,attributes"] @@ -49,6 +52,12 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key --foreman-proxy-dns-server="_DNS_IP_Address_" \ --foreman-proxy-keyfile=/etc/foreman-proxy/rndc.key ---- + . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. + . Locate the {ProductName} and select *Refresh* from the list in the *Actions* column. + . Associate the DNS service with the appropriate subnets and domain. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc index 6f7feb556a1..a7fec8e6da0 100644 --- a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc @@ -5,7 +5,7 @@ The _dhcp_libvirt_ plugin manages IP reservations and leases using `dnsmasq` thr It uses `ruby-libvirt` to connect to the local or remote instance of libvirt daemon. .Procedure -* You can use `{foreman-installer}` to configure `dhcp_libvirt`: +. You can use `{foreman-installer}` to configure `dhcp_libvirt`: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -15,3 +15,6 @@ foreman-installer \ --foreman-proxy-libvirt-network default \ --foreman-proxy-libvirt-network qemu:///system ---- + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index 973de1c0097..e6e142382ad 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -5,7 +5,7 @@ The _dns_libvirt_ DNS provider manages DNS records using dnsmasq through the lib It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvirt daemon. .Procedure -* You can use `{foreman-installer}` to configure `dns_libvirt`: +. You can use `{foreman-installer}` to configure `dns_libvirt`: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -18,3 +18,5 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvi + Note that you can only use one network and URL for both _dns_libvirt_ and _dhcp_libvirt_. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index d6dbdf18aa4..88408fa730c 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -151,14 +151,5 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard --foreman-proxy-dns-tsig-principal="{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ --foreman-proxy-dns=true ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}: -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*. -.. Configure the domain: -... In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name. -... In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. -.. Configure the subnet: -... In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. -... In the *Subnet* tab, set *IPAM* to *None*. -... In the *Domains* tab, select the domain that you want to manage using the IdM server. -... In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. -... Click *Submit* to save the changes. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index bffda39cbe8..a362a763eef 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -157,3 +157,6 @@ send\n" | nsupdate -k /etc/rndc.key # nslookup _test.example.com_ 192.168.25.1 ---- The above `nslookup` command fails and returns the `SERVFAIL` error message if the record was successfully deleted. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 8c296c24d5c..4d35c7cbe45 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -78,3 +78,6 @@ Example positive response: . Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For all subnets managed through Infoblox, ensure that the IP address management (*IPAM*) method of the subnet is set to `DHCP`. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 9d2a1f86c61..28990edfd92 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -72,3 +72,5 @@ Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For all subnets managed through Infoblox, ensure that the *DNS {SmartProxy}* and *Reverse DNS {SmartProxy}* are set for those subnets. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index 5cf0212ec02..be2bb09f5d4 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -4,7 +4,7 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerdns.com/[PowerDNS] REST API. .Procedure -* You can use `{foreman-installer}` to configure `dns_powerdns`: +. You can use `{foreman-installer}` to configure `dns_powerdns`: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -15,3 +15,6 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-plugin-dns-powerdns-rest-api-key _api_key_ \ --foreman-proxy-plugin-dns-powerdns-rest-url _http://localhost:8081/api/v1/servers/localhost_ ---- + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index 089e7f0451e..741360c3fcd 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -1,11 +1,11 @@ [id="integratinig-route-53_{context}"] -= Integratiing Route 53 DNS += Integrating Route 53 DNS _Route 53_ is a DNS provider by Amazon. For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53]. .Procedure -* Enable _Route 53_ DNS on your {SmartProxy}: +. Enable _Route 53_ DNS on your {SmartProxy}: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -16,3 +16,6 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --foreman-proxy-plugin-dns-route53-aws-access-key _My_AWS_Access_Key_ \ --foreman-proxy-plugin-dns-route53-aws-secret-key _My_AWS_Secret_Key_ ---- + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index 2308619a44c..b3b9f9f667a 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,6 +10,8 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] +include::common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc[leveloffset=+1] + include::common/assembly_configuring-dns-integration.adoc[leveloffset=+1] include::common/assembly_configuring-dhcp-integration.adoc[leveloffset=+1] From 68b8bc09a348109b198150cbe15cf449a55243f3 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Wed, 16 Apr 2025 11:37:23 +0200 Subject: [PATCH 11/47] Apply suggestions from code review Co-authored-by: Ewoud Kohl van Wijngaarden --- ...c_associating-the-dns-service-with-a-domain-and-subnet.adoc | 3 +-- .../proc_associating-the-tftp-service-with-a-subnet.adoc | 2 +- .../modules/proc_configuring-server-for-use-with-tftp.adoc | 3 +-- guides/common/modules/proc_disabling-dhcp-for-integration.adoc | 2 +- ...integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc | 1 - 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 1eb1810de09..2cdaa529f1a 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -19,8 +19,7 @@ After you changed the DNS provider, you must update the configuration of each af . Configure the subnet: .. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. -.. In the *Subnet* tab, set *IPAM* to *None*. -.. In the *Domains* tab, select the domain that you want to manage using the IdM server. +.. In the *Domains* tab, select the domain(s) that are valid on the subnet .. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. .. Click *Submit* to save the changes. diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index 0304a1d4015..4732400afd2 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -13,7 +13,7 @@ After you changed the TFTP provider, you must update the configuration of each a . Navigate to *Infrastructure* > *Subnets*, and select the subnet name. -. In the *{SmartProxies}* tab, select the {SmartProxy} for both TFTP and HTTP boot. +. In the *{SmartProxies}* tab, select the {SmartProxy} for TFTP. . Click *Submit* to save the changes. diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index cefd5af80cf..f65d3da633e 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -49,9 +49,8 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. -. Locate the {ProductName} and select *Refresh* from the list in the *Actions* column. -. Associate the TFTP service with the appropriate subnets and domain. +. Associate the TFTP service with the appropriate subnets. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet_admin-network[]. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 8ea37d2437d..e3ad3c87652 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -4,7 +4,7 @@ // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DHCP. // Needs to be checked if it is technically correct. -If you want to manually manage a DHCP services, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. +If you want to manually manage a DHCP service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. [NOTE] ==== diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index a482e4cf196..6b684c4dd83 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -55,7 +55,6 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. -. Locate the {ProductName} and select *Refresh* from the list in the *Actions* column. . Associate the DNS service with the appropriate subnets and domain. From 24065ee1ae7d843d127435a809135246859e078d Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Wed, 16 Apr 2025 12:44:16 +0200 Subject: [PATCH 12/47] SME feedback --- ...-dhcp-and-tftp-integration-in-project.adoc | 2 +- ...-dns-service-with-a-domain-and-subnet.adoc | 1 - .../proc_disabling-dhcp-for-integration.adoc | 13 +++++++--- .../proc_disabling-dns-for-integration.adoc | 25 +++++++++++++------ .../proc_disabling-tftp-for-integration.adoc | 13 +++++++--- ...ng-the-installer-managed-dhcp-service.adoc | 5 ++-- ...ing-the-installer-managed-dns-service.adoc | 3 ++- ...ng-the-installer-managed-tftp-service.adoc | 3 ++- ...eric-dns-server-by-using-dns-nsupdate.adoc | 3 --- .../proc_integrating-infoblox-dhcp.adoc | 8 +++--- .../proc_integrating-infoblox-dns.adoc | 9 +++---- 11 files changed, 52 insertions(+), 33 deletions(-) diff --git a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc index 12b3a7f7449..d7d45ddb09b 100644 --- a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc +++ b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc @@ -1,5 +1,5 @@ [id="introduction-to-dns-dhcp-and-tftp-integration-in-{Project}_{context}"] = Introduction to DNS, DHCP, and TFTP integration in {Project} -By default, {Project} uses its integrated DNS, DHCP, and TFTP services. However, a key of {Project} is the ability to seamlessly integrate with existing network services. By configuring the corresponding providers, you can use existing DNS, DHCP, and TFTP services and integrate them in to {Project}. +{Project} provides integrated DNS, DHCP, and TFTP services. For example, you can use them if you do not already have these services available in your network. However, a key feature of {Project} is the ability to seamlessly integrate with existing network services. By configuring the corresponding providers, you can use existing DNS, DHCP, and TFTP services and integrate them in to {Project}. diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 2cdaa529f1a..700dd3ce613 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -12,7 +12,6 @@ After you changed the DNS provider, you must update the configuration of each af .Procedure -. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*. . Configure the domain: .. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name. .. In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index e3ad3c87652..411be002b6e 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -13,16 +13,21 @@ Disabling DHCP in {Project} does not remove the related backend service on the o .Procedure -. On {ProjectServer}, enter the following command: +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. + +. For each subnet that is associated with the DHCP {SmartProxy}: + +.. Select the subnet. + +.. On the *{SmartProxies}* tab, clear the *DHCP {SmartProxy}* field. + +. On {ProjectServer} and {SmartProxyServer}, enter: + [options="nowrap", subs="+quotes,attributes"] ---- # {foreman-installer} --foreman-proxy-dhcp false ---- -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. - -. Click the *{SmartProxies}* tab and clear the *DHCP {SmartProxy}* field. [NOTE] ==== diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index 81a8ca60a85..738c191549a 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -13,20 +13,29 @@ Disabling DNS in {Project} does not remove the related backend service on the op .Procedure -. On {ProjectServer}, enter the following command: +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. + +. For each subnet that is associated with the DNS {SmartProxy}: + +.. Select the subnet. + +.. On the *{SmartProxies}* tab, clear the *Reverse DNS {SmartProxy}* field. + +. Navigate to *Infrastructure* > *Domains*. + +. For each domain that is associated with the DNS {SmartProxy}: + +.. Select the domain. + +.. Clear the *DNS {SmartProxy}* field. + +. On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] ---- # {foreman-installer} --foreman-proxy-dns false ---- -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. - -. Click the *{SmartProxies}* tab and clear the *Reverse DNS {SmartProxy}* field. - -. Navigate to *Infrastructure* > *Domains* and select a domain. - -. Clear the *DNS {SmartProxy}* field. [NOTE] ==== diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index 6fcfa5b6153..c0eba583cd8 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -13,16 +13,21 @@ Disabling TFTP in {Project} does not remove the related backend service on the o .Procedure -. On {ProjectServer}, enter the following command: +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. + +. For each subnet that is associated with the TFTP {SmartProxy}: + +.. Select the subnet. + +.. On the *{SmartProxies}* tab, clear the *TFTP {SmartProxy}* field. + +. On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] ---- # {foreman-installer} --foreman-proxy-tftp false ---- -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select a subnet. - -. Click the *{SmartProxies}* tab and clear the *TFTP {SmartProxy}* field. [NOTE] ==== diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 54a4e417717..951fb987c4f 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -4,7 +4,8 @@ // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. // Needs to be checked if it is technically correct. -You can revert to using {ProjectServer} and {SmartProxyServer} as your DHCP providers. +If you do not have a DHCP server available in your network, you can use the installer-managed DHCP service. This feature enables you to provide a DHCP service with a low maintenance effort. + You can use a backup of the answer file that was created before configuring external DHCP, or you can create a backup of the answer file. ifndef::orcharhino[] For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. @@ -17,7 +18,7 @@ ifeval::["{context}" == "{project-context}"] * Ensure that the following information is available to you: ** DHCP IP address ranges ** DHCP gateway IP address -** DHCP nameserver IP address +** DHCP name server IP address ** DNS information * Use the FQDN instead of the IP address where possible in case of network changes. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index c75adbe71a5..7a3de24718c 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -1,7 +1,8 @@ [id="enabling-the-installer-managed-dns-service_{context}"] = Enabling the installer-managed DNS service -You can revert to using {ProjectServer} and {SmartProxyServer} as your DNS providers. +If you do not have a DNS server available in your network, you can use the installer-managed DNS service. This feature enables you to provide a DNS service with a low maintenance effort. + You can use a backup of the answer file that was created before configuring external DNS, or you can create a backup of the answer file. ifndef::orcharhino[] For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 1d3e373fb99..d044199c5e0 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -4,7 +4,8 @@ // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. // Needs to be checked if it is technically correct. -You can revert to using {ProjectServer} and {SmartProxyServer} as your TFTP providers. +If you do not have a TFTP server available in your network, you can use the installer-managed TFTP service. This feature enables you to provide a TFTP service with a low maintenance effort. + You can use a backup of the answer file that was created before configuring external TFTP, or you can create a backup of the answer file. ifndef::orcharhino[] For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index 6b684c4dd83..dc90dcfebf1 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -55,8 +55,5 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. - -. Associate the DNS service with the appropriate subnets and domain. - . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 4d35c7cbe45..4a3ecb7386f 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -75,9 +75,11 @@ Example positive response: --foreman-proxy-plugin-dhcp-infoblox-dns-view default \ --foreman-proxy-plugin-dhcp-infoblox-network-view default ---- -. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. -. For all subnets managed through Infoblox, ensure that the IP address management (*IPAM*) method of the subnet is set to `DHCP`. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. + +.Verification + +* In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. + diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 28990edfd92..301ca768437 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -66,11 +66,10 @@ Example positive response: ---- + Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox-dns-view` option to specify an Infoblox DNS view other than the default view. -. Optional: In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the Infoblox DNS module, and ensure that the *dns* feature is listed. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains*. -. For all domains managed through Infoblox, ensure that the *DNS Proxy* is set for those domains. -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. -. For all subnets managed through Infoblox, ensure that the *DNS {SmartProxy}* and *Reverse DNS {SmartProxy}* are set for those subnets. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. + +. Verification + +* In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the Infoblox DNS module, and ensure that the *dns* feature is listed. From 2ba0d280edf9fae0da0f62fabe79850c0388dc30 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 17 Apr 2025 10:18:29 +0200 Subject: [PATCH 13/47] Remove {context} attribute from IDs and xrefs that link to these IDs --- .../common/modules/con_dhcp-service-providers.adoc | 4 ++-- guides/common/modules/con_dns-service-providers.adoc | 12 ++++++------ .../con_integrating-a-generic-dhcp-server.adoc | 6 +++--- ...-to-dns-dhcp-and-tftp-integration-in-project.adoc | 2 +- ...c_associating-the-dhcp-service-with-a-subnet.adoc | 2 +- ...ing-the-dns-service-with-a-domain-and-subnet.adoc | 2 +- ...c_associating-the-tftp-service-with-a-subnet.adoc | 2 +- .../proc_configuring-dhcpd-to-use-with-server.adoc | 2 +- .../proc_configuring-server-for-use-with-dhcpd.adoc | 6 +++--- .../proc_configuring-server-for-use-with-tftp.adoc | 4 ++-- .../modules/proc_disabling-dhcp-for-integration.adoc | 2 +- .../modules/proc_disabling-dns-for-integration.adoc | 2 +- .../modules/proc_disabling-tftp-for-integration.adoc | 2 +- ..._enabling-the-installer-managed-dhcp-service.adoc | 4 ++-- ...c_enabling-the-installer-managed-dns-service.adoc | 4 ++-- ..._enabling-the-installer-managed-tftp-service.adoc | 2 +- ...ting-a-bind-dns-server-by-using-dns-nsupdate.adoc | 6 +++--- ...g-a-generic-dns-server-by-using-dns-nsupdate.adoc | 4 ++-- ...grating-dnsmas-dhcp-by-using-the-libvirt-api.adoc | 4 ++-- ...grating-dnsmasq-dns-by-using-the-libvirt-api.adoc | 4 ++-- ...grating-idm-dns-with-gss-tsig-authentication.adoc | 4 ++-- ...integrating-idm-dns-with-tsig-authentication.adoc | 4 ++-- .../modules/proc_integrating-infoblox-dhcp.adoc | 4 ++-- .../modules/proc_integrating-infoblox-dns.adoc | 4 ++-- guides/common/modules/proc_integrating-powerdns.adoc | 4 ++-- .../modules/proc_integrating-route-53-dns.adoc | 4 ++-- .../common/modules/proc_securing-the-dhcpd-api.adoc | 2 +- 27 files changed, 51 insertions(+), 51 deletions(-) diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index f6aa829a503..94e7cf92054 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -9,11 +9,11 @@ Note that your {SmartProxy} cannot manage subnet declarations. .Available DHCP providers -* `dhcp_infoblox` {endash} For more information, see xref:integrating-infoblox-dhcp_{context}[]. +* `dhcp_infoblox` {endash} For more information, see xref:integrating-infoblox-dhcp[]. ifndef::satellite[] * `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API. -For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api_{context}[]. +For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api[]. endif::[] * `dhcp_isc` {endash} ISC DHCP server over OMAPI. diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index 296d1091ebb..5abe2977cc5 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -14,24 +14,24 @@ ifdef::orcharhino[] endif::[] * `dns_infoblox` {endash} Dynamic DNS updates by using Infoblox DNS. -For more information, see xref:integrating-infoblox-dns_{context}[]. +For more information, see xref:integrating-infoblox-dns[]. * `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. -For more information, see xref:integrating-idm-dns-with-tsig-authentication_{context}[] and xref:integrating-idm-dns-update-with-gss-tsig-authentication_{context}[]. +For more information, see xref:integrating-idm-dns-with-tsig-authentication[] and xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. ifndef::satellite[] * `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. -For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api_{context}[]. +For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api[]. * `dns_powerdns` {endash} https://www.powerdns.com/[PowerDNS]. -For more information, see xref:integrating-powerdns_{context}[]. +For more information, see xref:integrating-powerdns[]. * `dns_route53` {endash} Dynamic DNS updates by using Amazon Route 53 DNS. -For more information, see xref:integratinig-route-53_{context}[]. +For more information, see xref:integratinig-route-53[]. endif::[] * `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. -For more information, see xref:integrating-a-bind-dns-server-by-using-dns-nsupdate_{context}[] and xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. +For more information, see xref:integrating-a-bind-dns-server-by-using-dns-nsupdate[] and xref:integrating-a-generic-dns-server-by-using-dns-nsupdate[]. ifdef::foreman-el,foreman-deb,katello[] For more information, see https://projects.theforeman.org/projects/foreman/wiki/List_of_Smart-Proxy_Plugins#DNS-plugins[List of DNS plugins] diff --git a/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc b/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc index 7befb50e48f..ccf525fdc86 100644 --- a/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc @@ -3,9 +3,9 @@ To configure {ProductName} with external DHCP, you must complete the following procedures: -. xref:configuring-dhcpd-to-use-with-server_{context}[] -. xref:configuring-server-for-use-with-dhcpd_{context}[] -. xref:securing-the-dhcpd-api_{context}[] +. xref:configuring-dhcpd-to-use-with-server[] +. xref:configuring-server-for-use-with-dhcpd[] +. xref:securing-the-dhcpd-api[] include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc index d7d45ddb09b..6e8870d1041 100644 --- a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc +++ b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc @@ -1,4 +1,4 @@ -[id="introduction-to-dns-dhcp-and-tftp-integration-in-{Project}_{context}"] +[id="introduction-to-dns-dhcp-and-tftp-integration-in-{Project}"] = Introduction to DNS, DHCP, and TFTP integration in {Project} {Project} provides integrated DNS, DHCP, and TFTP services. For example, you can use them if you do not already have these services available in your network. However, a key feature of {Project} is the ability to seamlessly integrate with existing network services. By configuring the corresponding providers, you can use existing DNS, DHCP, and TFTP services and integrate them in to {Project}. diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index 082140210b3..a1e38f61040 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -1,4 +1,4 @@ -[id="associating-the-dhcp-service-with-a-subnet_{context}"] +[id="associating-the-dhcp-service-with-a-subnet"] = Associating the DHCP service with a subnet After you changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 700dd3ce613..20753a3c311 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -1,4 +1,4 @@ -[id="associating-the-dns-service-with-a-domain-and-subnet_{context}"] +[id="associating-the-dns-service-with-a-domain-and-subnet"] = Associating the DNS service with a domain and subnet After you changed the DNS provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index 4732400afd2..79d971113f5 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -1,4 +1,4 @@ -[id="associating-the-tftp-service-with-a-subnet_{context}"] +[id="associating-the-tftp-service-with-a-subnet"] = Associating the TFTP service with a subnet After you changed the TFTP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 8ac78069ad3..4683beef933 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -1,4 +1,4 @@ -[id="configuring-dhcpd-to-use-with-server_{context}"] +[id="configuring-dhcpd-to-use-with-server"] = Configuring dhcpd to use with {ProductName} ifdef::foreman-deb[] diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index f74f82a23ae..2c5ba058450 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -1,11 +1,11 @@ -[id="configuring-server-for-use-with-dhcpd_{context}"] +[id="configuring-server-for-use-with-dhcpd"] = Configuring {ProjectServer} for use with dhcpd You can configure {ProductName} with an external DHCP server. .Prerequisites * Ensure that you have configured an external DHCP server and that you have shared the DHCP configuration and lease files with {ProductName}. -For more information, see xref:configuring-server-for-use-with-dhcpd_{context}[]. +For more information, see xref:configuring-server-for-use-with-dhcpd[]. .Procedure . Install the `{nfs-client-package}` package: @@ -74,5 +74,5 @@ $ exit --foreman-proxy-plugin-dhcp-remote-isc-omapi-port=7911 ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index f65d3da633e..8ac65384659 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -1,4 +1,4 @@ -[id="configuring-server-for-use-with-tftp_{context}"] +[id="configuring-server-for-use-with-tftp"] = Configuring {ProductName} for use with tftp You can configure {ProductName} with external TFTP services. @@ -52,5 +52,5 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs . Associate the TFTP service with the appropriate subnets. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 411be002b6e..dc8508eae7b 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -1,4 +1,4 @@ -[id="disabling-dhcp-for-integration_{context}"] +[id="disabling-dhcp-for-integration"] = Disabling DHCP for integration // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DHCP. diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index 738c191549a..1abd15a6630 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -1,4 +1,4 @@ -[id="disabling-dns-for-integration_{context}"] +[id="disabling-dns-for-integration"] = Disabling DNS for integration // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DNS. diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index c0eba583cd8..b355696c9e1 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -1,4 +1,4 @@ -[id="disabling-tftp-for-integration_{context}"] +[id="disabling-tftp-for-integration"] = Disabling TFTP for integration // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for TFTP. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 951fb987c4f..42e49ec3796 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -1,4 +1,4 @@ -[id="enabling-the-installer-managed-dhcp-service_{context}"] +[id="enabling-the-installer-managed-dhcp-service"] = Enabling the installer-managed DHCP service // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. @@ -62,5 +62,5 @@ ifeval::["{context}" == "{project-context}"] For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. endif::[] -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 7a3de24718c..a543165c43d 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -1,4 +1,4 @@ -[id="enabling-the-installer-managed-dns-service_{context}"] +[id="enabling-the-installer-managed-dns-service"] = Enabling the installer-managed DNS service If you do not have a DNS server available in your network, you can use the installer-managed DNS service. This feature enables you to provide a DNS service with a low maintenance effort. @@ -48,5 +48,5 @@ ifeval::["{context}" == "{project-context}"] For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. endif::[] -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index d044199c5e0..69d9cfe13cb 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -1,4 +1,4 @@ -[id="enabling-the-installer-managed-tftp-service_{context}"] +[id="enabling-the-installer-managed-tftp-service"] = Enabling the installer-managed TFTP service // MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. diff --git a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc index 78224289c9c..e7fde58cddf 100644 --- a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc @@ -1,10 +1,10 @@ -[id="integrating-a-bind-dns-server-by-using-dns-nsupdate_{context}"] +[id="integrating-a-bind-dns-server-by-using-dns-nsupdate"] = Integrating a BIND DNS server by using dns_nsupdate The _dns_nsupdate_ DNS provider manages DNS records using the `nsupdate` utility. You can use _dns_nsupdate_ with any DNS server compatible with https://www.rfc-editor.org/rfc/rfc2136[RFC2136]. By default, _dns_nsupdate_ installs the ISC BIND server. -For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}[]. +For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate[]. .Procedure . Configure `dns_nsupdate`: @@ -19,5 +19,5 @@ For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by- --foreman-proxy-dns-reverse _2.0.192.in-addr.arpa_ ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index dc90dcfebf1..010e8efc374 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -1,4 +1,4 @@ -[id="integrating-a-generic-dns-server-by-using-dns-nsupdate_{context}"] +[id="integrating-a-generic-dns-server-by-using-dns-nsupdate"] = Integrating a generic DNS server by using dns_nsupdate You can configure {ProductName} with external DNS. @@ -55,5 +55,5 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc index a7fec8e6da0..6b11df1572f 100644 --- a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc @@ -1,4 +1,4 @@ -[id="integrating-dnsmas-dhcp-by-using-the-libvirt-api_{context}"] +[id="integrating-dnsmas-dhcp-by-using-the-libvirt-api"] = Integrating dnsmasq DHCP by using the libvirt API The _dhcp_libvirt_ plugin manages IP reservations and leases using `dnsmasq` through the libvirt API. @@ -16,5 +16,5 @@ foreman-installer \ --foreman-proxy-libvirt-network qemu:///system ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index e6e142382ad..5b64fabaff7 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -1,4 +1,4 @@ -[id="integrating-dnsmasq-dns-by-using-the-libvirt-api_{context}"] +[id="integrating-dnsmasq-dns-by-using-the-libvirt-api"] = Integrating dnsmasq DNS by using the libvirt API The _dns_libvirt_ DNS provider manages DNS records using dnsmasq through the libvirt API. @@ -18,5 +18,5 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvi + Note that you can only use one network and URL for both _dns_libvirt_ and _dhcp_libvirt_. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 88408fa730c..b211f585828 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -1,4 +1,4 @@ -[id="integrating-idm-dns-update-with-gss-tsig-authentication_{context}"] +[id="integrating-idm-dns-update-with-gss-tsig-authentication"] = Integrating IdM DNS with GSS-TSIG authentication You can configure the IdM server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in https://tools.ietf.org/html/rfc3645[RFC3645]. @@ -151,5 +151,5 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard --foreman-proxy-dns-tsig-principal="{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ --foreman-proxy-dns=true ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index a362a763eef..37812429a03 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -1,4 +1,4 @@ -[id="integrating-idm-dns-with-tsig-authentication_{context}"] +[id="integrating-idm-dns-with-tsig-authentication"] = Integrating IdM DNS with TSIG authentication You can configure an IdM server to use the secret key transaction authentication for DNS (TSIG) technology that uses the `rndc.key` key file for authentication. @@ -158,5 +158,5 @@ send\n" | nsupdate -k /etc/rndc.key ---- The above `nslookup` command fails and returns the `SERVFAIL` error message if the record was successfully deleted. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 4a3ecb7386f..d8efe8e884c 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -1,4 +1,4 @@ -[id="integrating-infoblox-dhcp_{context}"] +[id="integrating-infoblox-dhcp"] = Integrating Infoblox DHCP Install the DHCP Infoblox provider on {ProductName}. Note that you cannot manage records in separate views. @@ -76,7 +76,7 @@ Example positive response: --foreman-proxy-plugin-dhcp-infoblox-network-view default ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. .Verification diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 301ca768437..73d8aa9428f 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -1,4 +1,4 @@ -[id="integrating-infoblox-dns_{context}"] +[id="integrating-infoblox-dns"] = Integrating Infoblox DNS Install the DNS Infoblox provider on {ProductName}. @@ -67,7 +67,7 @@ Example positive response: + Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox-dns-view` option to specify an Infoblox DNS view other than the default view. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. . Verification diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index be2bb09f5d4..227bf739ae2 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -1,4 +1,4 @@ -[id="integrating-powerdns_{context}"] +[id="integrating-powerdns"] = Integrating PowerDNS The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerdns.com/[PowerDNS] REST API. @@ -16,5 +16,5 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-plugin-dns-powerdns-rest-url _http://localhost:8081/api/v1/servers/localhost_ ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index 741360c3fcd..de518e7867c 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -1,4 +1,4 @@ -[id="integratinig-route-53_{context}"] +[id="integratinig-route-53"] = Integrating Route 53 DNS _Route 53_ is a DNS provider by Amazon. @@ -17,5 +17,5 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --foreman-proxy-plugin-dns-route53-aws-secret-key _My_AWS_Secret_Key_ ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet_admin-network[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_securing-the-dhcpd-api.adoc b/guides/common/modules/proc_securing-the-dhcpd-api.adoc index 4307c584646..9674846048c 100644 --- a/guides/common/modules/proc_securing-the-dhcpd-api.adoc +++ b/guides/common/modules/proc_securing-the-dhcpd-api.adoc @@ -1,4 +1,4 @@ -[id="securing-the-dhcpd-api_{context}"] +[id="securing-the-dhcpd-api"] = Securing the dhcpd API {SmartProxy} interacts with DHCP daemon using the dhcpd API to manage DHCP. From 0134127da21a26f88216426204a3c08d8104fdc5 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 17 Apr 2025 13:57:16 +0200 Subject: [PATCH 14/47] Rephrased some text in the new modules, added missing steps --- ...assembly_configuring-dhcp-integration.adoc | 2 +- .../modules/con_dhcp-service-providers.adoc | 2 +- ...integrating-a-remote-isc-dhcp-server.adoc} | 4 +- ...-dhcp-and-tftp-integration-in-project.adoc | 5 -- ...iating-the-dhcp-service-with-a-subnet.adoc | 15 +++--- ...-dns-service-with-a-domain-and-subnet.adoc | 25 ++++++--- ...iating-the-tftp-service-with-a-subnet.adoc | 14 ++--- .../proc_disabling-dhcp-for-integration.adoc | 18 ++++--- .../proc_disabling-dns-for-integration.adoc | 18 ++++--- .../proc_disabling-tftp-for-integration.adoc | 18 ++++--- ...ng-the-installer-managed-dhcp-service.adoc | 52 +++++-------------- ...ing-the-installer-managed-dns-service.adoc | 31 ++--------- ...ng-the-installer-managed-tftp-service.adoc | 41 +++------------ .../doc-Configuring_DNS_DHCP_TFTP/master.adoc | 2 - 14 files changed, 96 insertions(+), 151 deletions(-) rename guides/common/modules/{con_integrating-a-generic-dhcp-server.adoc => con_integrating-a-remote-isc-dhcp-server.adoc} (83%) delete mode 100644 guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index ab79f7e5686..a78ab230c4c 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -10,7 +10,7 @@ ifndef::satellite[] include::modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc[leveloffset=+1] endif::[] -include::modules/con_integrating-a-generic-dhcp-server.adoc[leveloffset=+1] +include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 94e7cf92054..20d6d1ade89 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -19,7 +19,7 @@ endif::[] * `dhcp_isc` {endash} ISC DHCP server over OMAPI. * `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. -For more information, see xref:integrating-a-generic-dhcp-server[]. +For more information, see xref:integrating-a-remote-isc-dhcp-server[]. ifdef::orcharhino[] * `dhcp_native_ms` {endash} Microsoft Active Directory by using API diff --git a/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc similarity index 83% rename from guides/common/modules/con_integrating-a-generic-dhcp-server.adoc rename to guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index ccf525fdc86..cbe867d6725 100644 --- a/guides/common/modules/con_integrating-a-generic-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -1,5 +1,5 @@ -[id="integrating-a-generic-dhcp-server"] -= Integrating a generic DHCP server +[id="integrating-a-remote-isc-dhcp-server"] += Integrating a remote ISC DHCP server To configure {ProductName} with external DHCP, you must complete the following procedures: diff --git a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc b/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc deleted file mode 100644 index 6e8870d1041..00000000000 --- a/guides/common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc +++ /dev/null @@ -1,5 +0,0 @@ -[id="introduction-to-dns-dhcp-and-tftp-integration-in-{Project}"] -= Introduction to DNS, DHCP, and TFTP integration in {Project} - -{Project} provides integrated DNS, DHCP, and TFTP services. For example, you can use them if you do not already have these services available in your network. However, a key feature of {Project} is the ability to seamlessly integrate with existing network services. By configuring the corresponding providers, you can use existing DNS, DHCP, and TFTP services and integrate them in to {Project}. - diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index a1e38f61040..90ed73fff9d 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -1,22 +1,23 @@ [id="associating-the-dhcp-service-with-a-subnet"] = Associating the DHCP service with a subnet -After you changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. -// MARC: New module. -// Needs to be checked if it is technically correct. +After you configured or changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. .Prerequisites +* You configured a DHCP provider. * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets* and select the subnet name. +. Navigate to *Infrastructure* > *Subnets*. -. In the *Subnet* tab, set *IPAM* to *DHCP*. +. Select the subnet name. -. In the *{SmartProxy}*, set *DHCP Proxy* to your {SmartProxy}. +. On the *Subnet* tab, set *IPAM* to *DHCP*. -. Click *Submit* to save the changes. +. On the *{SmartProxy}* tab, set *DHCP Proxy* to your {SmartProxy}. + +. Click *Submit*. diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 20753a3c311..7ad571fdb34 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -1,24 +1,33 @@ [id="associating-the-dns-service-with-a-domain-and-subnet"] = Associating the DNS service with a domain and subnet -After you changed the DNS provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. -// MARC: New module. Content copied from the end of the procedure in https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc -// Needs to be checked if it is technically correct. +After you configured or changed the DNS provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. .Prerequisites +* You configured a DNS provider. * You are logged in to the {ProjectWebUI}. .Procedure . Configure the domain: -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name. -.. In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. + +.. Navigate to *Infrastructure* > *Domains*. + +.. Select the domain name. + +.. On the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. . Configure the subnet: -.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name. -.. In the *Domains* tab, select the domain(s) that are valid on the subnet + +.. Navigate to *Infrastructure* > *Subnets*. + +.. Select the subnet name. + +.. On the *Domains* tab, select the domains that are valid on the subnet. + .. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. -.. Click *Submit* to save the changes. + +.. Click *Submit*. diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index 79d971113f5..e475fb7dddc 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -1,19 +1,21 @@ [id="associating-the-tftp-service-with-a-subnet"] = Associating the TFTP service with a subnet -After you changed the TFTP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. -// MARC: New module. -// Needs to be checked if it is technically correct. +After you configured or changed the TFTP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. + .Prerequisites +* You configured a TFTP server. * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*, and select the subnet name. +. Navigate to *Infrastructure* > *Subnets*. + +. Select the subnet name. -. In the *{SmartProxies}* tab, select the {SmartProxy} for TFTP. +. On the *{SmartProxies}* tab, select the {SmartProxy} for TFTP. -. Click *Submit* to save the changes. +. Click *Submit*. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index dc8508eae7b..705ba61c069 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -1,9 +1,6 @@ [id="disabling-dhcp-for-integration"] = Disabling DHCP for integration -// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DHCP. -// Needs to be checked if it is technically correct. - If you want to manually manage a DHCP service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. [NOTE] @@ -11,9 +8,15 @@ If you want to manually manage a DHCP service, you must prevent {Project} from m Disabling DHCP in {Project} does not remove the related backend service on the operating system. ==== + +.Prerequisites + +* You are logged in to the {ProjectWebUI}. + + .Procedure -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. +. Navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DHCP {SmartProxy}: @@ -21,6 +24,8 @@ Disabling DHCP in {Project} does not remove the related backend service on the o .. On the *{SmartProxies}* tab, clear the *DHCP {SmartProxy}* field. +.. Click *Submit*. + . On {ProjectServer} and {SmartProxyServer}, enter: + [options="nowrap", subs="+quotes,attributes"] @@ -31,8 +36,7 @@ Disabling DHCP in {Project} does not remove the related backend service on the o [NOTE] ==== -{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. -When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. -When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. +When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index 1abd15a6630..5793c77d5aa 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -1,9 +1,6 @@ [id="disabling-dns-for-integration"] = Disabling DNS for integration -// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for DNS. -// Needs to be checked if it is technically correct. - If you want to manually manage a DNS service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. [NOTE] @@ -11,9 +8,15 @@ If you want to manually manage a DNS service, you must prevent {Project} from ma Disabling DNS in {Project} does not remove the related backend service on the operating system. ==== + +.Prerequisites + +* You are logged in to the {ProjectWebUI}. + + .Procedure -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. +. Navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DNS {SmartProxy}: @@ -21,6 +24,8 @@ Disabling DNS in {Project} does not remove the related backend service on the op .. On the *{SmartProxies}* tab, clear the *Reverse DNS {SmartProxy}* field. +.. Click *Submit*. + . Navigate to *Infrastructure* > *Domains*. . For each domain that is associated with the DNS {SmartProxy}: @@ -29,6 +34,8 @@ Disabling DNS in {Project} does not remove the related backend service on the op .. Clear the *DNS {SmartProxy}* field. +.. Click *Submit*. + . On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] @@ -40,7 +47,6 @@ Disabling DNS in {Project} does not remove the related backend service on the op [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. -When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. -When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index b355696c9e1..f39e7045aa8 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -1,9 +1,6 @@ [id="disabling-tftp-for-integration"] = Disabling TFTP for integration -// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_disabling-dns-dhcp-tftp-for-unmanaged-networks.adoc, and adjusted for TFTP. -// Needs to be checked if it is technically correct. - If you want to manually manage a TFTP service, you must prevent {Project} from maintaining this service on the operating system and disable orchestration to avoid errors. [NOTE] @@ -11,9 +8,15 @@ If you want to manually manage a TFTP service, you must prevent {Project} from m Disabling TFTP in {Project} does not remove the related backend service on the operating system. ==== + +.Prerequisites + +* You are logged in to the {ProjectWebUI}. + + .Procedure -. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. +. Navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the TFTP {SmartProxy}: @@ -21,6 +24,8 @@ Disabling TFTP in {Project} does not remove the related backend service on the o .. On the *{SmartProxies}* tab, clear the *TFTP {SmartProxy}* field. +.. Click *Submit*. + . On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] @@ -31,8 +36,7 @@ Disabling TFTP in {Project} does not remove the related backend service on the o [NOTE] ==== -{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. -When enabling or disabling {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. -When associating a {SmartProxy} to turn orchestration on, ensure the required DHCP, DNS records, and TFTP files are in place for the existing {Project} hosts in order to prevent host deletion failures in the future. +{Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. +When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 42e49ec3796..d607bf5cc97 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -1,49 +1,30 @@ [id="enabling-the-installer-managed-dhcp-service"] = Enabling the installer-managed DHCP service -// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. -// Needs to be checked if it is technically correct. - If you do not have a DHCP server available in your network, you can use the installer-managed DHCP service. This feature enables you to provide a DHCP service with a low maintenance effort. -You can use a backup of the answer file that was created before configuring external DHCP, or you can create a backup of the answer file. -ifndef::orcharhino[] -For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. -endif::[] +Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. .Prerequisites -ifeval::["{context}" == "{project-context}"] -* Ensure that the following information is available to you: -** DHCP IP address ranges -** DHCP gateway IP address -** DHCP name server IP address -** DNS information - -* Use the FQDN instead of the IP address where possible in case of network changes. -endif::[] - -ifeval::["{context}" == "{smart-proxy-context}"] -* You must have the correct interface name (`dhcp-interface`) for the DHCP server. -endif::[] - -* Contact your network administrator to ensure that you have the correct settings. +* You know the following network information: +** The range of IP addresses the DHCP should manage +** The IP address of the default gateway in the subnet +** The IP addresses of the name servers for the subnet .Procedure -On the {Project} or {SmartProxyServer} that you want to configure to manage DHCP service for the domain, complete the following steps: -.Configuring {Project} or {SmartProxy} as a DHCP server -* If you have created a backup of the answer file before configuring external DNS, restore the answer file and then enter the `{foreman-installer}` command: +. Backup the answer files: + -[options="nowrap", subs="+quotes,attributes"] ------ -# {foreman-installer} ------ -+ -* If you do not have a suitable backup of the answer file, create a backup of the answer file now. -To configure {Project} or {SmartProxy} as DHCP server without using an answer file, enter the following `{foreman-installer}` command on {Project} or {SmartProxy}: +[options="nowrap",subs="+quotes,attributes"] +.... +# mkdir /root/backup-answer-files/ +# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ +.... + +. Configure {Project} or {SmartProxy} as DHCP server: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -54,13 +35,6 @@ To configure {Project} or {SmartProxy} as DHCP server without using an answer fi --foreman-proxy-dhcp-gateway 192.0.2.1 \ --foreman-proxy-dhcp-nameservers 192.0.2.2 ---- -+ -ifeval::["{context}" == "{smart-proxy-context}"] -For more information, see xref:configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[]. -endif::[] -ifeval::["{context}" == "{project-context}"] -For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. -endif::[] . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index a543165c43d..1ae1cb6ea9a 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -3,34 +3,20 @@ If you do not have a DNS server available in your network, you can use the installer-managed DNS service. This feature enables you to provide a DNS service with a low maintenance effort. -You can use a backup of the answer file that was created before configuring external DNS, or you can create a backup of the answer file. -ifndef::orcharhino[] -For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. -endif::[] - -Complete the steps on the {Project} or {SmartProxyServer} that you want to configure to manage DNS service for the domain. +Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DNS service for the domain. .Procedure -. Configure {Project} or {SmartProxy} as a DNS server: - -** If you have a backup of the answer file that was created before configuring a non-installer-managed DNS service: - -... Restore the answer file. - -... Re-apply the answer file: +. Backup the answer files: + [options="nowrap",subs="+quotes,attributes"] .... -# {foreman-installer} +# mkdir /root/backup-answer-files/ +# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ .... -** If you do not have a backup answer file that was created before configuring a non-installer-managed DNS service: - -... Create a backup of the answer file now. - -... Configure {Project} or {SmartProxy} as DNS server: +. Configure {Project} or {SmartProxy} as DNS server: + [options="nowrap",subs="+quotes,attributes"] .... @@ -40,13 +26,6 @@ Complete the steps on the {Project} or {SmartProxyServer} that you want to confi --foreman-proxy-dns-server="127.0.0.1" \ --foreman-proxy-dns=true .... -+ -ifeval::["{context}" == "{smart-proxy-context}"] -For more information, see xref:configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[]. -endif::[] -ifeval::["{context}" == "{project-context}"] -For more information, see {InstallingSmartProxyDocURL}configuring-dns-dhcp-and-tftp-on-productname_{smart-proxy-context}[Configuring DNS, DHCP, and TFTP on {SmartProxyServer}]. -endif::[] . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 69d9cfe13cb..8ba53c9d29d 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -1,55 +1,28 @@ [id="enabling-the-installer-managed-tftp-service"] = Enabling the installer-managed TFTP service -// MARC: New module. Content is based on https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_reverting-to-internal-dns-service.adoc and https://github.com/theforeman/foreman-documentation/blob/master/guides/common/modules/proc_configuring-dns-dhcp-and-tftp.adoc, and adjusted for TFTP. -// Needs to be checked if it is technically correct. - If you do not have a TFTP server available in your network, you can use the installer-managed TFTP service. This feature enables you to provide a TFTP service with a low maintenance effort. -You can use a backup of the answer file that was created before configuring external TFTP, or you can create a backup of the answer file. -ifndef::orcharhino[] -For more information about answer files, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. -endif::[] - -Complete the steps on the {Project} or {SmartProxyServer} that you want to configure to manage TFTP service for the domain. +Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. .Prerequisites -ifeval::["{context}" == "{project-context}"] -* Ensure that the following TFTP server name information is available to you. - -* Use the FQDN instead of the IP address where possible in case of network changes. -endif::[] - -ifeval::["{context}" == "{smart-proxy-context}"] -* You must have the correct network name (`dns-interface`) for the DNS server. -* You must have the correct interface name (`dhcp-interface`) for the DHCP server. -endif::[] - -* Contact your network administrator to ensure that you have the correct settings. +* You know the fully-qualified domain name (FQDN) or the IP address of the TFTP server. +Prefer the FQDN to avoid having to adjust the configuration if the IP address of the TFTP server changes. .Procedure -. Configure {Project} or {SmartProxy} as a TFTP server: - -** If you have a backup of the answer file that was created before configuring a non-installer-managed TFTP service: - -... Restore the answer file. - -... Re-apply the answer file: +. Backup the answer files: + [options="nowrap",subs="+quotes,attributes"] .... -# {foreman-installer} +# mkdir /root/backup-answer-files/ +# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ .... -** If you do not have a backup answer file that was created before configuring a non-installer-managed TFTP service: - -... Create a backup of the answer file now. - -... Configure {Project} or {SmartProxy} as TFTP server: +. Configure {Project} or {SmartProxy} as TFTP server: + [options="nowrap",subs="+quotes,attributes"] .... diff --git a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc index b3b9f9f667a..2308619a44c 100644 --- a/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc +++ b/guides/doc-Configuring_DNS_DHCP_TFTP/master.adoc @@ -10,8 +10,6 @@ ifdef::satellite[] include::common/modules/proc_providing-feedback-on-red-hat-documentation.adoc[leveloffset=+1] endif::[] -include::common/modules/con_introduction-to-dns-dhcp-and-tftp-integration-in-project.adoc[leveloffset=+1] - include::common/assembly_configuring-dns-integration.adoc[leveloffset=+1] include::common/assembly_configuring-dhcp-integration.adoc[leveloffset=+1] From 6b7db8f2015d9b31ecf2d902caff99932bd8b1f7 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 17 Apr 2025 14:17:50 +0200 Subject: [PATCH 15/47] SME feedback --- ..._integrating-a-remote-isc-dhcp-server.adoc | 3 -- ..._configuring-server-for-use-with-tftp.adoc | 11 +++---- ...ng-the-installer-managed-dhcp-service.adoc | 26 +++++++++++++++++ .../modules/proc_securing-the-dhcpd-api.adoc | 29 ------------------- 4 files changed, 30 insertions(+), 39 deletions(-) delete mode 100644 guides/common/modules/proc_securing-the-dhcpd-api.adoc diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index cbe867d6725..154ebfa7125 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -5,12 +5,9 @@ To configure {ProductName} with external DHCP, you must complete the following p . xref:configuring-dhcpd-to-use-with-server[] . xref:configuring-server-for-use-with-dhcpd[] -. xref:securing-the-dhcpd-api[] include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] include::proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+1] -include::proc_securing-the-dhcpd-api.adoc[leveloffset=+1] - diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 8ac65384659..f86caaf402e 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -10,6 +10,10 @@ You can configure {ProductName} with external TFTP services. .Procedure +. Associate the TFTP service with the appropriate subnets. + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. + . Create the TFTP directory for NFS: + [options="nowrap"] @@ -47,10 +51,3 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs # {foreman-installer} --foreman-proxy-tftp-servername=_TFTP_Server_FQDN_ ---- -. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. - - -. Associate the TFTP service with the appropriate subnets. - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. - diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index d607bf5cc97..58378a4dd2b 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -38,3 +38,29 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. +. Secure the `dhcpd` API on the {SmartProxy} by using an OMAPI key: + +.. On your {SmartProxy}, install the required packages: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# {project-package-install} {bind-package} +---- + +.. Generate a key: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key +# cat Komapi_key.+*.private | grep ^Key|cut -d ' ' -f2- +---- + +. Use `{foreman-installer}` to secure the `dhcpd` API: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# {foreman-installer} \ +--foreman-proxy-dhcp-key-name "__" \ +--foreman-proxy-dhcp-key-secret "__" +---- + diff --git a/guides/common/modules/proc_securing-the-dhcpd-api.adoc b/guides/common/modules/proc_securing-the-dhcpd-api.adoc deleted file mode 100644 index 9674846048c..00000000000 --- a/guides/common/modules/proc_securing-the-dhcpd-api.adoc +++ /dev/null @@ -1,29 +0,0 @@ -[id="securing-the-dhcpd-api"] -= Securing the dhcpd API - -{SmartProxy} interacts with DHCP daemon using the dhcpd API to manage DHCP. -By default, the dhcpd API listens to any host without access control. -You can add an `omapi_key` to provide basic security. - -.Procedure -. On your {SmartProxy}, install the required packages: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# {project-package-install} {bind-package} ----- -. Generate a key: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key -# cat Komapi_key.+*.private | grep ^Key|cut -d ' ' -f2- ----- -. Use `{foreman-installer}` to secure the dhcpd API: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-dhcp-key-name "_My_Name_" \ ---foreman-proxy-dhcp-key-secret "_My_Secret_" ----- From 5b666f890c364a50651c5ea69680622733c0f0e5 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 17 Apr 2025 14:28:28 +0200 Subject: [PATCH 16/47] Move two appendixes to the new guide --- .../assembly_configuring-dhcp-integration.adoc | 13 +++++++++++++ guides/common/assembly_preparing-networking.adoc | 4 ---- .../modules/proc_troubleshooting-dhcp-problems.adoc | 4 ++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index a78ab230c4c..a50a6f5e76b 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -1,5 +1,7 @@ include::modules/con_configuring-dhcp-integration.adoc[] +include::modules/con_foreman-and-dhcp-configuration.adoc[leveloffset=+1] + include::modules/con_dhcp-service-providers.adoc[leveloffset=+1] include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffset=+1] @@ -16,3 +18,14 @@ include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffse include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] +include::modules/proc_troubleshooting-dhcp-problems.adoc[leveloffset=+1] + +ifndef::satellite[] +[appendix] +include::modules/ref_dhcp-isc-settings.adoc[leveloffset=+1] + +[appendix] +include::modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+1] +endif::[] + + diff --git a/guides/common/assembly_preparing-networking.adoc b/guides/common/assembly_preparing-networking.adoc index 7689664fb7b..b07f5566cde 100644 --- a/guides/common/assembly_preparing-networking.adoc +++ b/guides/common/assembly_preparing-networking.adoc @@ -6,14 +6,10 @@ include::modules/proc_optimizing-performance-by-removing-nics-from-database.adoc include::modules/con_network-resources.adoc[leveloffset=+1] -include::modules/con_foreman-and-dhcp-configuration.adoc[leveloffset=+1] - include::modules/ref_options-in-managed-dhcpv4.adoc[leveloffset=+2] include::modules/ref_options-in-unmanaged-dhcpv6.adoc[leveloffset=+2] -include::modules/proc_troubleshooting-dhcp-problems.adoc[leveloffset=+1] - ifdef::provisioning,provisioning-cloud,provisioning-virtual[] include::modules/con_prerequisites-for-image-based-provisioning.adoc[leveloffset=+1] endif::[] diff --git a/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc b/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc index 5efc5a21b81..7129044cf85 100644 --- a/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc +++ b/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc @@ -1,5 +1,5 @@ -[id="Troubleshooting_DHCP_Problems_{context}"] -= Troubleshooting DHCP problems in {Project} +[id="Troubleshooting_DHCP_Problems"] += Troubleshooting DHCP problems {Project} can manage an ISC DHCP server on internal or external DHCP {SmartProxy}. {Project} can list, create, and delete DHCP reservations and leases. From cc0dd52f06731ec0e8664bbe027a28ecd8115a56 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 17 Apr 2025 14:30:55 +0200 Subject: [PATCH 17/47] SME feedback --- guides/common/modules/proc_integrating-infoblox-dns.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 73d8aa9428f..008500e52e5 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -62,10 +62,10 @@ Example positive response: --foreman-proxy-plugin-dns-infoblox-dns-server _infoblox.example.com_ \ --foreman-proxy-plugin-dns-infoblox-username _admin_ \ --foreman-proxy-plugin-dns-infoblox-password _infoblox_ \ ---foreman-proxy-plugin-dns-infoblox-dns-view _default_ +--foreman-proxy-plugin-dns-infoblox-dns-view __ ---- + -Optionally, you can change the value of the `--foreman-proxy-plugin-dns-infoblox-dns-view` option to specify an Infoblox DNS view other than the default view. +Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `default` view in Infoblox DNS. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From 77c65b0f351f0fac5bae99c4fa3b9f0f161bcc38 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 22 Apr 2025 14:35:39 +0200 Subject: [PATCH 18/47] Fix broken command --- ...ng-the-installer-managed-dhcp-service.adoc | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 58378a4dd2b..f3c86fe4c6c 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -51,16 +51,27 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- -# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key -# cat Komapi_key.+*.private | grep ^Key|cut -d ' ' -f2- +# tsig-keygen -a hmac-md5 _omapi_key_ ---- -. Use `{foreman-installer}` to secure the `dhcpd` API: +.. Edit the `/etc/dhcp/dhcpd.conf` and append: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +omapi-port 7911; +key omapi_key { + algorithm hmac-md5; + secret "__"; +}; +omapi-key _omapi_key_; +---- + +. Add the `dhcpd` API key to the {SmartProxy} configuration: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-dhcp-key-name "__" \ +--foreman-proxy-dhcp-key-name "_omapi_key_" \ --foreman-proxy-dhcp-key-secret "__" ---- From c235426ebe6a40c1e5f87bdef346fbf00b09d994 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 22 Apr 2025 14:48:38 +0200 Subject: [PATCH 19/47] SME feedback --- ..._configuring-server-for-use-with-dhcpd.adoc | 12 ++++++------ ...c_configuring-server-for-use-with-tftp.adoc | 4 ++-- ...ing-the-installer-managed-dhcp-service.adoc | 15 ++++----------- ...ling-the-installer-managed-dns-service.adoc | 18 +++++------------- ...ing-the-installer-managed-tftp-service.adoc | 17 +---------------- ...neric-dns-server-by-using-dns-nsupdate.adoc | 10 +++++----- ...g-idm-dns-with-gss-tsig-authentication.adoc | 12 ++++++------ ...ating-idm-dns-with-tsig-authentication.adoc | 12 ++++++------ 8 files changed, 35 insertions(+), 65 deletions(-) diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 2c5ba058450..637e73d2a3c 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -64,14 +64,14 @@ $ exit ---- # {foreman-installer} \ --enable-foreman-proxy-plugin-dhcp-remote-isc \ ---foreman-proxy-dhcp-provider=remote_isc \ ---foreman-proxy-dhcp-server=_My_DHCP_Server_FQDN_ \ ---foreman-proxy-dhcp=true \ +--foreman-proxy-dhcp-provider remote_isc \ +--foreman-proxy-dhcp-server _My_DHCP_Server_FQDN_ \ +--foreman-proxy-dhcp true \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-config /mnt/nfs/etc/dhcp/dhcpd.conf \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases /mnt/nfs/var/lib/dhcpd/dhcpd.leases \ ---foreman-proxy-plugin-dhcp-remote-isc-key-name=omapi_key \ ---foreman-proxy-plugin-dhcp-remote-isc-key-secret=_My_Secret_ \ ---foreman-proxy-plugin-dhcp-remote-isc-omapi-port=7911 +--foreman-proxy-plugin-dhcp-remote-isc-key-name omapi_key \ +--foreman-proxy-plugin-dhcp-remote-isc-key-secret _My_Secret_ \ +--foreman-proxy-plugin-dhcp-remote-isc-omapi-port 7911 ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index f86caaf402e..4560090268e 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -41,13 +41,13 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs ---- # {foreman-installer} \ --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ ---foreman-proxy-tftp=true +--foreman-proxy-tftp true ---- . If the TFTP service is running on a different server than the DHCP service, update the `tftp_servername` setting with the FQDN or IP address of the server that the TFTP service is running on: + [options="nowrap" subs="+quotes,attributes"] ---- -# {foreman-installer} --foreman-proxy-tftp-servername=_TFTP_Server_FQDN_ +# {foreman-installer} --foreman-proxy-tftp-servername _TFTP_Server_FQDN_ ---- diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index f3c86fe4c6c..7ab257fcf3b 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -16,20 +16,13 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config .Procedure -. Backup the answer files: -+ -[options="nowrap",subs="+quotes,attributes"] -.... -# mkdir /root/backup-answer-files/ -# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ -.... - -. Configure {Project} or {SmartProxy} as DHCP server: +. Configure {ProjectServer} or {SmartProxyServer} as DHCP server: + [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ --foreman-proxy-dhcp true \ +--foreman-proxy-dhcp-provider isc \ --foreman-proxy-dhcp-managed true \ --foreman-proxy-dhcp-range "192.0.2.100 192.0.2.150" \ --foreman-proxy-dhcp-gateway 192.0.2.1 \ @@ -38,9 +31,9 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. -. Secure the `dhcpd` API on the {SmartProxy} by using an OMAPI key: +. Optional: Secure the `dhcpd` API on the {SmartProxy} by using an OMAPI key: -.. On your {SmartProxy}, install the required packages: +.. Install the required packages: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 1ae1cb6ea9a..3d802412a18 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -8,23 +8,15 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config .Procedure -. Backup the answer files: -+ -[options="nowrap",subs="+quotes,attributes"] -.... -# mkdir /root/backup-answer-files/ -# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ -.... - -. Configure {Project} or {SmartProxy} as DNS server: +* Configure {Project} or {SmartProxy} as DNS server: + [options="nowrap",subs="+quotes,attributes"] .... # {foreman-installer} \ ---foreman-proxy-dns-managed=true \ ---foreman-proxy-dns-provider=nsupdate \ ---foreman-proxy-dns-server="127.0.0.1" \ ---foreman-proxy-dns=true +--foreman-proxy-dns-managed true \ +--foreman-proxy-dns-provider nsupdate \ +--foreman-proxy-dns-server "127.0.0.1" \ +--foreman-proxy-dns true .... . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 8ba53c9d29d..265cdaaab02 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -6,29 +6,14 @@ If you do not have a TFTP server available in your network, you can use the inst Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. -.Prerequisites - -* You know the fully-qualified domain name (FQDN) or the IP address of the TFTP server. -Prefer the FQDN to avoid having to adjust the configuration if the IP address of the TFTP server changes. - - .Procedure -. Backup the answer files: -+ -[options="nowrap",subs="+quotes,attributes"] -.... -# mkdir /root/backup-answer-files/ -# cp -p /etc/foreman-installer/scenarios.d/*-answers.yml /root/backup-answer-files/ -.... - -. Configure {Project} or {SmartProxy} as TFTP server: +* Configure {Project} or {SmartProxy} as TFTP server: + [options="nowrap",subs="+quotes,attributes"] .... # {foreman-installer} \ --foreman-proxy-tftp true \ --foreman-proxy-tftp-managed true \ ---foreman-proxy-tftp-servername 192.0.2.3 .... diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index 010e8efc374..f26ef4606ec 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -46,11 +46,11 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key + [options="nowrap", subs="+quotes,attributes"] ---- -# {foreman-installer} --foreman-proxy-dns=true \ ---foreman-proxy-dns-managed=false \ ---foreman-proxy-dns-provider=nsupdate \ ---foreman-proxy-dns-server="_DNS_IP_Address_" \ ---foreman-proxy-keyfile=/etc/foreman-proxy/rndc.key +# {foreman-installer} --foreman-proxy-dns true \ +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-provider nsupdate \ +--foreman-proxy-dns-server "_DNS_IP_Address_" \ +--foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- . In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index b211f585828..7cfbb568f7c 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -144,12 +144,12 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-dns-managed=false \ ---foreman-proxy-dns-provider=nsupdate_gss \ ---foreman-proxy-dns-server="_idm1.example.com_" \ ---foreman-proxy-dns-tsig-keytab=/etc/foreman-proxy/dns.keytab \ ---foreman-proxy-dns-tsig-principal="{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ ---foreman-proxy-dns=true +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-provider nsupdate_gss \ +--foreman-proxy-dns-server "_idm1.example.com_" \ +--foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab \ +--foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ +--foreman-proxy-dns true ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 37812429a03..55dfebb29a0 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -90,12 +90,12 @@ Normally, {foreman-installer} ensures that the `foreman-proxy` user belongs to t [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-dns-managed=false \ ---foreman-proxy-dns-provider=nsupdate \ ---foreman-proxy-dns-server="_IdM_Server_IP_Address_" \ ---foreman-proxy-dns-ttl=86400 \ ---foreman-proxy-dns=true \ ---foreman-proxy-keyfile=/etc/rndc.key +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-provider nsupdate \ +--foreman-proxy-dns-server "_IdM_Server_IP_Address_" \ +--foreman-proxy-dns-ttl 86400 \ +--foreman-proxy-dns true \ +--foreman-proxy-keyfile /etc/rndc.key ---- .Testing external updates to the DNS zone in the IdM server From 210ffe18fb9653a0f3258f1b004885194a42321f Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 22 Apr 2025 17:03:39 +0200 Subject: [PATCH 20/47] Remove a unnecessary step --- ..._enabling-the-installer-managed-dhcp-service.adoc | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 7ab257fcf3b..d02fa1a42b8 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -45,18 +45,10 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config [options="nowrap", subs="+quotes,verbatim,attributes"] ---- # tsig-keygen -a hmac-md5 _omapi_key_ ----- - -.. Edit the `/etc/dhcp/dhcpd.conf` and append: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -omapi-port 7911; -key omapi_key { +key "omapi_key" { algorithm hmac-md5; - secret "__"; + secret "hJBge7QC5AaUkRVsZmFUlg=="; }; -omapi-key _omapi_key_; ---- . Add the `dhcpd` API key to the {SmartProxy} configuration: From 1e11e4e97d18022711c69800c875c5abb753bfb5 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 22 Apr 2025 17:08:38 +0200 Subject: [PATCH 21/47] SME feedback --- guides/common/modules/con_dhcp-service-providers.adoc | 1 + .../proc_enabling-the-installer-managed-dhcp-service.adoc | 2 +- .../proc_enabling-the-installer-managed-tftp-service.adoc | 2 +- ..._integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc | 2 -- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 20d6d1ade89..3469d7766f1 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -17,6 +17,7 @@ For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api[ endif::[] * `dhcp_isc` {endash} ISC DHCP server over OMAPI. +For more information, see xref:enabling-the-installer-managed-dhcp-service[]. * `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. For more information, see xref:integrating-a-remote-isc-dhcp-server[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index d02fa1a42b8..9c2d437d85a 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -26,7 +26,7 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config --foreman-proxy-dhcp-managed true \ --foreman-proxy-dhcp-range "192.0.2.100 192.0.2.150" \ --foreman-proxy-dhcp-gateway 192.0.2.1 \ ---foreman-proxy-dhcp-nameservers 192.0.2.2 +--foreman-proxy-dhcp-nameservers 192.0.2.2,192.0.2.3 ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 265cdaaab02..5315f684e9b 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -14,6 +14,6 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config .... # {foreman-installer} \ --foreman-proxy-tftp true \ ---foreman-proxy-tftp-managed true \ +--foreman-proxy-tftp-managed true .... diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc index f26ef4606ec..4c184316812 100644 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc @@ -53,7 +53,5 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key --foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- -. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*. - . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From e2f3b2f40dff0414ea2f1627538d6910b28a2cff Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Wed, 23 Apr 2025 12:23:58 +0200 Subject: [PATCH 22/47] Restructured nsupdate DNS sections --- .../assembly_configuring-dns-integration.adoc | 10 +- .../modules/con_dns-service-providers.adoc | 22 ++-- ...ing-the-installer-managed-dns-service.adoc | 4 +- ...bind-dns-server-by-using-dns-nsupdate.adoc | 23 ---- ...eric-dns-server-by-using-dns-nsupdate.adoc | 57 ---------- ...rfc-2136-compatible-remote-dns-server.adoc | 94 ++++++++++++++++ ...ting-a-local-self-managed-dns-service.adoc | 30 +++++ ...ting-idm-dns-with-tsig-authentication.adoc | 104 +----------------- 8 files changed, 148 insertions(+), 196 deletions(-) delete mode 100644 guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc delete mode 100644 guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc create mode 100644 guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc create mode 100644 guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc index c93018d801e..f2e3cb1a559 100644 --- a/guides/common/assembly_configuring-dns-integration.adoc +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -4,10 +4,14 @@ include::modules/con_dns-service-providers.adoc[leveloffset=+1] include::modules/proc_enabling-the-installer-managed-dns-service.adoc[leveloffset=+1] -include::modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc[leveloffset=+1] +include::modules/proc_integrating-a-local-self-managed-dns-service.adoc[leveloffset=+1] + +include::modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc[leveloffset=+1] include::modules/proc_integrating-idm-dns-with-tsig-authentication.adoc[leveloffset=+1] +include::modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc[leveloffset=+1] + include::modules/proc_integrating-infoblox-dns.adoc[leveloffset=+1] ifndef::satellite[] @@ -16,10 +20,6 @@ include::modules/proc_integrating-powerdns.adoc[leveloffset=+1] include::modules/proc_integrating-route-53-dns.adoc[leveloffset=+1] endif::[] -include::modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc[leveloffset=+1] - -include::modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc[leveloffset=+1] - include::modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-dns-for-integration.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index 5abe2977cc5..bdb611dae51 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -9,16 +9,19 @@ After you have enabled DNS, your {SmartProxy} can manipulate any DNS server that Other providers provide more direct integration, such as `dns_infoblox` for https://www.infoblox.com/[Infoblox]. .Available DNS providers -ifdef::orcharhino[] -* `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. -endif::[] +* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. +For more information, see: +** xref:enabling-the-installer-managed-dns-service[] +** xref:integrating-a-local-self-managed-dns-service[] +** xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[] +** xref:integrating-idm-dns-with-tsig-authentication[]. + +* `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. +For more information, see xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. * `dns_infoblox` {endash} Dynamic DNS updates by using Infoblox DNS. For more information, see xref:integrating-infoblox-dns[]. -* `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. -For more information, see xref:integrating-idm-dns-with-tsig-authentication[] and xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. - ifndef::satellite[] * `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api[]. @@ -30,8 +33,11 @@ For more information, see xref:integrating-powerdns[]. For more information, see xref:integratinig-route-53[]. endif::[] -* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. -For more information, see xref:integrating-a-bind-dns-server-by-using-dns-nsupdate[] and xref:integrating-a-generic-dns-server-by-using-dns-nsupdate[]. +ifdef::orcharhino[] +* `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. +endif::[] + + ifdef::foreman-el,foreman-deb,katello[] For more information, see https://projects.theforeman.org/projects/foreman/wiki/List_of_Smart-Proxy_Plugins#DNS-plugins[List of DNS plugins] diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 3d802412a18..bfb7d9e106c 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -8,14 +8,14 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config .Procedure -* Configure {Project} or {SmartProxy} as DNS server: +. Configure {Project} or {SmartProxy} as DNS server: + [options="nowrap",subs="+quotes,attributes"] .... # {foreman-installer} \ --foreman-proxy-dns-managed true \ --foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns-server "127.0.0.1" \ +--reset-foreman-proxy-dns-server \ --foreman-proxy-dns true .... diff --git a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc deleted file mode 100644 index e7fde58cddf..00000000000 --- a/guides/common/modules/proc_integrating-a-bind-dns-server-by-using-dns-nsupdate.adoc +++ /dev/null @@ -1,23 +0,0 @@ -[id="integrating-a-bind-dns-server-by-using-dns-nsupdate"] -= Integrating a BIND DNS server by using dns_nsupdate - -The _dns_nsupdate_ DNS provider manages DNS records using the `nsupdate` utility. -You can use _dns_nsupdate_ with any DNS server compatible with https://www.rfc-editor.org/rfc/rfc2136[RFC2136]. -By default, _dns_nsupdate_ installs the ISC BIND server. -For installation without ISC BIND, see xref:integrating-a-generic-dns-server-by-using-dns-nsupdate[]. - -.Procedure -. Configure `dns_nsupdate`: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-dns true \ ---foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns-managed true \ ---foreman-proxy-dns-zone _example.com_ \ ---foreman-proxy-dns-reverse _2.0.192.in-addr.arpa_ ----- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - diff --git a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc b/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc deleted file mode 100644 index 4c184316812..00000000000 --- a/guides/common/modules/proc_integrating-a-generic-dns-server-by-using-dns-nsupdate.adoc +++ /dev/null @@ -1,57 +0,0 @@ -[id="integrating-a-generic-dns-server-by-using-dns-nsupdate"] -= Integrating a generic DNS server by using dns_nsupdate - -You can configure {ProductName} with external DNS. -{ProductName} uses the `nsupdate` utility to update DNS records on the remote server. - -To make any changes persistent, you must enter the `{foreman-installer}` command with the options appropriate for your environment. - -.Prerequisites -* You must have a configured external DNS server. -* This guide assumes you have an existing installation. - -.Procedure -. Copy the `/etc/rndc.key` file from the external DNS server to {ProductName}: -+ -[options="nowrap" subs="+quotes"] ----- -# scp root@_dns.example.com_:/etc/rndc.key /etc/foreman-proxy/rndc.key ----- - -. Configure the ownership, permissions, and SELinux context: -+ -[options="nowrap"] ----- -ifndef::foreman-deb[] -# restorecon -v /etc/foreman-proxy/rndc.key -endif::[] -# chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key -# chmod -v 640 /etc/foreman-proxy/rndc.key ----- - -. To test the `nsupdate` utility, add a host remotely: -+ -[options="nowrap", subs="+quotes"] ----- -# echo -e "server _DNS_IP_Address_\n \ -update add aaa.example.com 3600 IN A _Host_IP_Address_\n \ -send\n" | nsupdate -k /etc/foreman-proxy/rndc.key -# nslookup aaa.example.com _DNS_IP_Address_ -# echo -e "server _DNS_IP_Address_\n \ -update delete aaa.example.com 3600 IN A _Host_IP_Address_\n \ -send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ----- - -. Enter the `{foreman-installer}` command to make the following persistent changes to the `/etc/foreman-proxy/settings.d/dns.yml` file: -+ -[options="nowrap", subs="+quotes,attributes"] ----- -# {foreman-installer} --foreman-proxy-dns true \ ---foreman-proxy-dns-managed false \ ---foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns-server "_DNS_IP_Address_" \ ---foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ----- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc new file mode 100644 index 00000000000..6585fb77c1d --- /dev/null +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -0,0 +1,94 @@ +[id="integrating-a-generic-rfc-2136-compatible-remote-dns-server"] += Integrating a generic RFC 2136-compatible remote DNS server + +You can configure {ProductName} to integrate a remote DNS server that supports dynamic updates as defined in RFC 2136. +In this case, {ProductName} uses the `nsupdate` utility to update DNS records on the remote server. + + +.Prerequisites +* The remote DNS service is configured. +* The remote DNS service supports RFC 2136-compatible dynamic updates + + +.Procedure +. Copy the `/etc/rndc.key` file from the external DNS server to {ProductName}: ++ +[options="nowrap" subs="+quotes"] +---- +# scp root@_dns.example.com_:/etc/rndc.key /etc/foreman-proxy/rndc.key +---- + +. Configure the ownership, permissions, and SELinux context: ++ +[options="nowrap"] +---- +ifndef::foreman-deb[] +# restorecon -v /etc/foreman-proxy/rndc.key +endif::[] +# chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key +# chmod -v 640 /etc/foreman-proxy/rndc.key +---- + +. On {ProjectServer}, create a test DNS entry for a host. +For example, host `_test.example.com_` with an A record of `192.168.25.20` on the IdM server at `192.168.25.1`. ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# echo -e "server 192.168.25.1\n \ +update add _test.example.com_ 3600 IN A 192.168.25.20\n \ +send\n" | nsupdate -k /etc/foreman-proxy/rndc.key +---- + +. On {ProjectServer}, verify that you can query the new DNS entry: ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# host _test.example.com_ 192.168.25.1 +---- ++ +Example output: ++ +[source, none, options="nowrap", subs="+quotes,attributes"] +---- +Using domain server: +Name: 192.168.25.1 +Address: 192.168.25.1#53 +Aliases: + +test.example.com has address 192.168.25.20 +---- + +. If resolved successfully, remove the test DNS entry: ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# echo -e "server 192.168.25.1\n \ +update delete _test.example.com_ 3600 IN A 192.168.25.20\n \ +send\n" | nsupdate -k /etc/foreman-proxy/rndc.key +---- + +. Confirm that the DNS entry was removed: ++ +[options="nowrap" subs="+quotes,attributes"] +---- +# host _test.example.com_ 192.168.25.1 +---- ++ +If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the record was successfully deleted. + + +. Configure {ProjectServer} to use the DNS server: ++ +[options="nowrap", subs="+quotes,attributes"] +---- +# {foreman-installer} \ +--foreman-proxy-dns true \ +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-provider nsupdate \ +--foreman-proxy-dns true \ +--foreman-proxy-dns-server "__" \ +--foreman-proxy-keyfile /etc/foreman-proxy/rndc.key +---- + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. + diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc new file mode 100644 index 00000000000..40045303aa7 --- /dev/null +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -0,0 +1,30 @@ +[id="integrating-a-local-self-managed-dns-service"] += Integrating a local, self-managed DNS service + +Certain features of the {Project} installer-managed DNS service are limited. +For example, you can configure only one forward DNS zone. +As an alternative to the installer-managed DNS service, you can run a DNS server locally on the {Project} or {SmartProxyServer} to bypass these limitations. + +Perform the steps on the {Project} or {SmartProxyServer} that runs the self-managed DNS service. + + +.Prerequisites +* You installed and configured a DNS service on the {Project} or {SmartProxyServer} host. +* The DNS service supports RFC 2136-compatible updates + + +.Procedure + +. Configure {Project} or {SmartProxy} as DNS server: ++ +[options="nowrap",subs="+quotes,attributes"] +.... +# {foreman-installer} \ +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-provider nsupdate \ +--foreman-proxy-dns-server "127.0.0.1" \ +--foreman-proxy-dns true +.... + +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. + diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 55dfebb29a0..b6a5fd2989b 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -20,10 +20,8 @@ ifndef::orcharhino[] For more information, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. endif::[] -.Procedure -To configure dynamic DNS update with TSIG authentication, complete the following steps: -.Enabling external updates to the DNS zone in the IdM server +.Procedure . On the IdM Server, add the following to the top of the `/etc/named.conf` file: + @@ -59,104 +57,8 @@ grant "rndc-key" zonesub ANY; .. Click *Update* to save the changes. - -. Copy the `/etc/rndc.key` file from the IdM server to the base operating system of your {ProjectServer}. -Enter the following command: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# scp /etc/rndc.key root@_{foreman-example-com}_:/etc/rndc.key ----- - -. To set the correct ownership, permissions, and SELinux context for the `rndc.key` file, enter the following command: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# restorecon -v /etc/rndc.key -# chown -v root:named /etc/rndc.key -# chmod -v 640 /etc/rndc.key ----- - -. Assign the `foreman-proxy` user to the `named` group manually. -Normally, {foreman-installer} ensures that the `foreman-proxy` user belongs to the `named` UNIX group, however, in this scenario {Project} does not manage users and groups, therefore you need to assign the `foreman-proxy` user to the `named` group manually. -+ -[options="nowrap"] ----- -# usermod -a -G named foreman-proxy ----- - -. On {ProjectServer}, enter the following `{foreman-installer}` command to configure {Project} to use the external DNS server: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-dns-managed false \ ---foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns-server "_IdM_Server_IP_Address_" \ ---foreman-proxy-dns-ttl 86400 \ ---foreman-proxy-dns true \ ---foreman-proxy-keyfile /etc/rndc.key ----- - -.Testing external updates to the DNS zone in the IdM server - -. Ensure that the key in the `/etc/rndc.key` file on {ProjectServer} is the same key file that is used on the IdM server: -+ -[source,none, options="nowrap" subs="+quotes,attributes"] ----- -key "rndc-key" { - algorithm hmac-md5; - secret "_secret-key_=="; -}; ----- - -. On {ProjectServer}, create a test DNS entry for a host. -For example, host `_test.example.com_` with an A record of `192.168.25.20` on the IdM server at `192.168.25.1`. -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# echo -e "server 192.168.25.1\n \ -update add _test.example.com_ 3600 IN A 192.168.25.20\n \ -send\n" | nsupdate -k /etc/rndc.key ----- - -. On {ProjectServer}, test the DNS entry: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# nslookup _test.example.com_ 192.168.25.1 ----- -+ -Example output: -+ -[source, none, options="nowrap", subs="+quotes,attributes"] ----- -Server: 192.168.25.1 -Address: 192.168.25.1#53 - -Name: test.example.com -Address: 192.168.25.20 ----- - -. To view the entry in the IdM web UI, navigate to *Network Services* > *DNS* > *DNS Zones*. -Click the name of the zone and search for the host by name. - -. If resolved successfully, remove the test DNS entry: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# echo -e "server 192.168.25.1\n \ -update delete _test.example.com_ 3600 IN A 192.168.25.20\n \ -send\n" | nsupdate -k /etc/rndc.key ----- - -. Confirm that the DNS entry was removed: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# nslookup _test.example.com_ 192.168.25.1 ----- -The above `nslookup` command fails and returns the `SERVFAIL` error message if the record was successfully deleted. +. Configure dynamic DNS updates in {ProjectServer}. +For details, see xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[]. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From ca412846375e955718510c2832376ff10d84d12a Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Thu, 24 Apr 2025 08:26:31 +0200 Subject: [PATCH 23/47] Apply suggestions from code review Co-authored-by: Ewoud Kohl van Wijngaarden --- ...eric-rfc-2136-compatible-remote-dns-server.adoc | 9 ++++----- ...tegrating-a-local-self-managed-dns-service.adoc | 14 +++++++------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 6585fb77c1d..2394b63c911 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -11,7 +11,7 @@ In this case, {ProductName} uses the `nsupdate` utility to update DNS records on .Procedure -. Copy the `/etc/rndc.key` file from the external DNS server to {ProductName}: +. Copy the `/etc/rndc.key` file from the external DNS server to {ProductServer} or {SmartProxyServer}: + [options="nowrap" subs="+quotes"] ---- @@ -77,18 +77,17 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the record was successfully deleted. -. Configure {ProjectServer} to use the DNS server: +. Configure {ProjectServer} or {SmartProxyServer} to use the DNS server: + [options="nowrap", subs="+quotes,attributes"] ---- # {foreman-installer} \ --foreman-proxy-dns true \ ---foreman-proxy-dns-managed false \ --foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns true \ +--foreman-proxy-dns-managed false \ --foreman-proxy-dns-server "__" \ --foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For the affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index 40045303aa7..3e291417be2 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -1,15 +1,15 @@ [id="integrating-a-local-self-managed-dns-service"] = Integrating a local, self-managed DNS service -Certain features of the {Project} installer-managed DNS service are limited. -For example, you can configure only one forward DNS zone. +The installer exposes a limited feature set for the {Project} installer-managed DNS service. +For example, you can configure only a single forward DNS zone. As an alternative to the installer-managed DNS service, you can run a DNS server locally on the {Project} or {SmartProxyServer} to bypass these limitations. -Perform the steps on the {Project} or {SmartProxyServer} that runs the self-managed DNS service. +Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the self-managed DNS service. .Prerequisites -* You installed and configured a DNS service on the {Project} or {SmartProxyServer} host. +* You installed and configured a DNS service on the {ProjectServer} or {SmartProxyServer} host. * The DNS service supports RFC 2136-compatible updates @@ -20,10 +20,10 @@ Perform the steps on the {Project} or {SmartProxyServer} that runs the self-mana [options="nowrap",subs="+quotes,attributes"] .... # {foreman-installer} \ ---foreman-proxy-dns-managed false \ +--foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate \ ---foreman-proxy-dns-server "127.0.0.1" \ ---foreman-proxy-dns true +--foreman-proxy-dns-managed false \ +--foreman-proxy-dns-server "127.0.0.1" .... . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From 133a4ec57392a92c333580bfea58219faa977bb4 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 24 Apr 2025 11:13:18 +0200 Subject: [PATCH 24/47] SME feedback --- ...c_configuring-server-for-use-with-dhcpd.adoc | 3 ++- ...oc_configuring-server-for-use-with-tftp.adoc | 2 +- ...c-rfc-2136-compatible-remote-dns-server.adoc | 17 +++++++---------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 637e73d2a3c..499cb7ab5e8 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -58,7 +58,8 @@ $ cat /mnt/nfs/etc/dhcp/dhcpd.conf $ cat /mnt/nfs/var/lib/dhcpd/dhcpd.leases $ exit ---- -. Enter the `{foreman-installer}` command to make the following persistent changes to the `/etc/foreman-proxy/settings.d/dhcp.yml` file: + +. Configure {ProjectServer} or {SmartProxyServer} to use the DHCP server: + [options="nowrap" subs="+quotes,attributes"] ---- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 4560090268e..63803d542e5 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -35,7 +35,7 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs # mount -a ---- -. Enter the `{foreman-installer}` command to make the following persistent changes to the `/etc/foreman-proxy/settings.d/tftp.yml` file: +. Configure {ProjectServer} or {SmartProxyServer} to use the TFTP server: + [options="nowrap" subs="+quotes,attributes"] ---- diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 2394b63c911..2d8e1692042 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -8,15 +8,10 @@ In this case, {ProductName} uses the `nsupdate` utility to update DNS records on .Prerequisites * The remote DNS service is configured. * The remote DNS service supports RFC 2136-compatible dynamic updates +* You copied the `/etc/rndc.key` file from the external DNS server to `/etc/foreman-proxy/rndc.key` on the {ProjectServer} or {SmartProxyServer}. .Procedure -. Copy the `/etc/rndc.key` file from the external DNS server to {ProductServer} or {SmartProxyServer}: -+ -[options="nowrap" subs="+quotes"] ----- -# scp root@_dns.example.com_:/etc/rndc.key /etc/foreman-proxy/rndc.key ----- . Configure the ownership, permissions, and SELinux context: + @@ -29,7 +24,9 @@ endif::[] # chmod -v 640 /etc/foreman-proxy/rndc.key ---- -. On {ProjectServer}, create a test DNS entry for a host. +. Optional: Test if you can use the key file to manually manage DNS entries: + +.. On {ProjectServer}, create a test DNS entry for a host. For example, host `_test.example.com_` with an A record of `192.168.25.20` on the IdM server at `192.168.25.1`. + [options="nowrap" subs="+quotes,attributes"] @@ -39,7 +36,7 @@ update add _test.example.com_ 3600 IN A 192.168.25.20\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- -. On {ProjectServer}, verify that you can query the new DNS entry: +.. On {ProjectServer}, verify that you can query the new DNS entry: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -58,7 +55,7 @@ Aliases: test.example.com has address 192.168.25.20 ---- -. If resolved successfully, remove the test DNS entry: +.. If resolved successfully, remove the test DNS entry: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -67,7 +64,7 @@ update delete _test.example.com_ 3600 IN A 192.168.25.20\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- -. Confirm that the DNS entry was removed: +.. Confirm that the DNS entry was removed: + [options="nowrap" subs="+quotes,attributes"] ---- From 559ca0a8bb7bdfc67091a59592b49f3ea701085c Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 24 Apr 2025 14:11:30 +0200 Subject: [PATCH 25/47] Rewrote the DNS|DHCP service providers sections to explain the scenarios --- ...assembly_configuring-dhcp-integration.adoc | 4 +- .../modules/con_dhcp-service-providers.adoc | 29 +++++++------ .../modules/con_dns-service-providers.adoc | 42 ++++++++----------- 3 files changed, 33 insertions(+), 42 deletions(-) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index a50a6f5e76b..e61afe9b551 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -6,14 +6,14 @@ include::modules/con_dhcp-service-providers.adoc[leveloffset=+1] include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffset=+1] +include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] + include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] ifndef::satellite[] include::modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc[leveloffset=+1] endif::[] -include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] - include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 3469d7766f1..b155c253f1a 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -1,28 +1,27 @@ [id="dhcp-serivce-proviers"] = DHCP service providers -{Project} can integrate with a DHCP service by using your {SmartProxy}. -A {SmartProxy} has multiple DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one. -You can use the DHCP module of {SmartProxy} to query for available IP addresses, add new, and delete existing reservations. -Note that your {SmartProxy} cannot manage subnet declarations. +{Project} can manage IP leases on a DHCP server by using {SmartProxy}. This management contains querying for available IP addresses, adding new reservations, and deleting existing reservations. +Note that {SmartProxy} cannot manage subnet declarations. +{SmartProxy} supports the following DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one: -.Available DHCP providers +`dhcp_isc`:: Managing IP leases on an ISC dhcpd server by using the Object Management Application Programming Interface (OMAPI). +See xref:enabling-the-installer-managed-dhcp-service[]. -* `dhcp_infoblox` {endash} For more information, see xref:integrating-infoblox-dhcp[]. +`dhcp_remote_isc`:: Managing IP leases on a remote ISC dhcpd server by using OMAPI. +This provider requires that you share the leases over the network, for example, with NFS. +See xref:integrating-a-remote-isc-dhcp-server[]. + +`dhcp_infoblox`:: Managing IP leases on an Infoblox DHCP server. +See xref:integrating-infoblox-dhcp[]. ifndef::satellite[] -* `dhcp_libvirt` {endash} dnsmasq DHCP via libvirt API. -For more information, see xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api[]. +`dhcp_libvirt`:: Managing IP leases on a dnsmasq DHCP server by using the `libvirt` API. +See xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api[]. endif::[] -* `dhcp_isc` {endash} ISC DHCP server over OMAPI. -For more information, see xref:enabling-the-installer-managed-dhcp-service[]. - -* `dhcp_remote_isc` {endash} ISC DHCP server over OMAPI with leases mounted through networking. -For more information, see xref:integrating-a-remote-isc-dhcp-server[]. - ifdef::orcharhino[] -* `dhcp_native_ms` {endash} Microsoft Active Directory by using API +`dhcp_native_ms`:: Managing IP leases in Microsoft Active Directory. endif::[] diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index bdb611dae51..a36a7b12ca1 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -1,45 +1,37 @@ [id="dns-service-providers"] = DNS service providers -{Project} can manage DNS records by using your {SmartProxy}. -DNS management contains updating and removing DNS records from existing DNS zones. -A {SmartProxy} has multiple DNS providers that you can use to integrate {Project} with your existing DNS infrastructure or deploy a new one. +{Project} can manage DNS records by using {SmartProxy}. +This DNS management contains updating and removing DNS records from existing DNS zones. -After you have enabled DNS, your {SmartProxy} can manipulate any DNS server that complies with RFC 2136 by using the `dns_nsupdate` provider. -Other providers provide more direct integration, such as `dns_infoblox` for https://www.infoblox.com/[Infoblox]. +{SmartProxy} supports the following DNS providers that you can use to integrate {Project} with your existing DNS infrastructure or deploy a new one: -.Available DNS providers -* `dns_nsupdate` {endash} Dynamic DNS update using nsupdate. -For more information, see: +`dns_nsupdate`:: Dynamic DNS updates on an RFC 2136-compatible DNS server by using the `nsupdate` utility. +See: ++ ** xref:enabling-the-installer-managed-dns-service[] ** xref:integrating-a-local-self-managed-dns-service[] ** xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[] ** xref:integrating-idm-dns-with-tsig-authentication[]. -* `dns_nsupdate_gss` {endash} Dynamic DNS update with GSS-TSIG. -For more information, see xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. +`dns_nsupdate_gss`:: Dynamic DNS updates on an RFC 2136-compatible DNS server by using the `nsupdate` utility with Generic Security Service algorithm for Transaction Signature (GSS-TSIG) authentication. +See xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. -* `dns_infoblox` {endash} Dynamic DNS updates by using Infoblox DNS. -For more information, see xref:integrating-infoblox-dns[]. +`dns_infoblox`:: Dynamic DNS updates on an Infoblox DNS server. +See xref:integrating-infoblox-dns[]. ifndef::satellite[] -* `dns_libvirt` {endash} Dnsmasq DNS via libvirt API. -For more information, see xref:integrating-dnsmasq-dns-by-using-the-libvirt-api[]. +`dns_libvirt`:: Dynamic DNS updates on a dnsmasq DNS server by using the `libvirt` API. +See xref:integrating-dnsmasq-dns-by-using-the-libvirt-api[]. -* `dns_powerdns` {endash} https://www.powerdns.com/[PowerDNS]. -For more information, see xref:integrating-powerdns[]. +`dns_powerdns`:: Dynamic DNS updates on a PowerDNS server. +See xref:integrating-powerdns[]. -* `dns_route53` {endash} Dynamic DNS updates by using Amazon Route 53 DNS. -For more information, see xref:integratinig-route-53[]. +`dns_route53`:: Dynamic DNS updates on an Amazon Route 53 DNS server. +See xref:integratinig-route-53[]. endif::[] ifdef::orcharhino[] -* `dns_dnscmd` {endash} Static DNS records in Microsoft Active Directory. -endif::[] - - - -ifdef::foreman-el,foreman-deb,katello[] -For more information, see https://projects.theforeman.org/projects/foreman/wiki/List_of_Smart-Proxy_Plugins#DNS-plugins[List of DNS plugins] +`dns_dnscmd`:: Static DNS records in Microsoft Active Directory. endif::[] From 9e6c658553b85e5fb8d42d2485df90d94d9357f7 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Thu, 24 Apr 2025 15:04:19 +0200 Subject: [PATCH 26/47] Minor text updates (simplified lead-in sentences of steps, split steps with multiple commands, etc.) --- ...assembly_configuring-dhcp-integration.adoc | 4 +- .../common/assembly_preparing-networking.adoc | 2 - .../modules/con_dhcp-service-providers.adoc | 5 +- .../modules/con_dns-service-providers.adoc | 4 +- .../con_foreman-and-dhcp-configuration.adoc | 4 - ...con_integrating-a-generic-tftp-server.adoc | 9 +- ..._integrating-a-remote-isc-dhcp-server.adoc | 2 +- ..._configuring-dhcpd-to-use-with-server.adoc | 130 ++++++++++++------ .../proc_configuring-network-services.adoc | 56 -------- ...configuring-server-for-use-with-dhcpd.adoc | 60 +++++--- ..._configuring-server-for-use-with-tftp.adoc | 29 ++-- ...ng-the-installer-managed-dhcp-service.adoc | 6 +- ...ng-the-installer-managed-tftp-service.adoc | 5 +- ...rfc-2136-compatible-remote-dns-server.adoc | 28 ++-- ...ting-a-local-self-managed-dns-service.adoc | 4 +- ...nsmasq-dhcp-by-using-the-libvirt-api.adoc} | 16 ++- ...-dnsmasq-dns-by-using-the-libvirt-api.adoc | 10 +- ...-idm-dns-with-gss-tsig-authentication.adoc | 97 +++++++------ ...ting-idm-dns-with-tsig-authentication.adoc | 49 ++++--- .../proc_integrating-infoblox-dhcp.adoc | 55 ++++---- .../proc_integrating-infoblox-dns.adoc | 41 ++++-- .../modules/proc_integrating-powerdns.adoc | 9 +- .../proc_integrating-route-53-dns.adoc | 7 +- 23 files changed, 345 insertions(+), 287 deletions(-) delete mode 100644 guides/common/modules/con_foreman-and-dhcp-configuration.adoc delete mode 100644 guides/common/modules/proc_configuring-network-services.adoc rename guides/common/modules/{proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc => proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc} (51%) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index e61afe9b551..082c9a07f9d 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -1,7 +1,5 @@ include::modules/con_configuring-dhcp-integration.adoc[] -include::modules/con_foreman-and-dhcp-configuration.adoc[leveloffset=+1] - include::modules/con_dhcp-service-providers.adoc[leveloffset=+1] include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffset=+1] @@ -11,7 +9,7 @@ include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] ifndef::satellite[] -include::modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc[leveloffset=+1] +include::modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc[leveloffset=+1] endif::[] include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffset=+1] diff --git a/guides/common/assembly_preparing-networking.adoc b/guides/common/assembly_preparing-networking.adoc index b07f5566cde..2c7743e2eb0 100644 --- a/guides/common/assembly_preparing-networking.adoc +++ b/guides/common/assembly_preparing-networking.adoc @@ -14,8 +14,6 @@ ifdef::provisioning,provisioning-cloud,provisioning-virtual[] include::modules/con_prerequisites-for-image-based-provisioning.adoc[leveloffset=+1] endif::[] -include::modules/proc_configuring-network-services.adoc[leveloffset=+1] - include::modules/ref_multiple-subnets-or-domains-using-installer.adoc[leveloffset=+2] include::modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+2] diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index b155c253f1a..52970b15b23 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -1,7 +1,8 @@ [id="dhcp-serivce-proviers"] = DHCP service providers -{Project} can manage IP leases on a DHCP server by using {SmartProxy}. This management contains querying for available IP addresses, adding new reservations, and deleting existing reservations. +{Project} can manage IP leases on a DHCP server by using {SmartProxy}. +This management contains querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. Note that {SmartProxy} cannot manage subnet declarations. {SmartProxy} supports the following DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one: @@ -18,7 +19,7 @@ See xref:integrating-infoblox-dhcp[]. ifndef::satellite[] `dhcp_libvirt`:: Managing IP leases on a dnsmasq DHCP server by using the `libvirt` API. -See xref:integrating-dnsmas-dhcp-by-using-the-libvirt-api[]. +See xref:integrating-dnsmasq-dhcp-by-using-the-libvirt-api[]. endif::[] ifdef::orcharhino[] diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index a36a7b12ca1..8a33a1d46bd 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -6,7 +6,7 @@ This DNS management contains updating and removing DNS records from existing DNS {SmartProxy} supports the following DNS providers that you can use to integrate {Project} with your existing DNS infrastructure or deploy a new one: -`dns_nsupdate`:: Dynamic DNS updates on an RFC 2136-compatible DNS server by using the `nsupdate` utility. +`dns_nsupdate`:: Dynamic DNS updates on an link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible DNS server by using the `nsupdate` utility. See: + ** xref:enabling-the-installer-managed-dns-service[] @@ -14,7 +14,7 @@ See: ** xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[] ** xref:integrating-idm-dns-with-tsig-authentication[]. -`dns_nsupdate_gss`:: Dynamic DNS updates on an RFC 2136-compatible DNS server by using the `nsupdate` utility with Generic Security Service algorithm for Transaction Signature (GSS-TSIG) authentication. +`dns_nsupdate_gss`:: Dynamic DNS updates on an link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible DNS server by using the `nsupdate` utility with Generic Security Service algorithm for Transaction Signature (GSS-TSIG) authentication. See xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. `dns_infoblox`:: Dynamic DNS updates on an Infoblox DNS server. diff --git a/guides/common/modules/con_foreman-and-dhcp-configuration.adoc b/guides/common/modules/con_foreman-and-dhcp-configuration.adoc deleted file mode 100644 index 7864a833770..00000000000 --- a/guides/common/modules/con_foreman-and-dhcp-configuration.adoc +++ /dev/null @@ -1,4 +0,0 @@ -[id="{project-context}-and-dhcp-configuration"] -= {Project} and DHCP configuration - -{Project} manages DHCP reservations through a DHCP {SmartProxy}. diff --git a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc index 63f983c152e..8442debae3b 100644 --- a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc +++ b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc @@ -1,7 +1,14 @@ [id="integrating-a-generic-tftp-server"] = Integrating a generic TFTP server -You can configure {ProductName} with a TFTP service that is not maintained by the {ProductName} installer. +If you have an existing TFTP server in your network, you can integrate it into {Project} to perform unattended installations. +If the installer does not manages the TFTP service, you must share the root directory of the TFTP service over the network to enable {Project} to access the files. +However, in this case, {Project} does not manage the files on the TFTP server. + +[NOTE] +==== +If you prefer a low maintenance solution that also manages files on the TFTP server, prefer the installer-managed TFTP service. +==== //== Configuring TFTP to use with {ProductName} diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index 154ebfa7125..1a04ec4bb64 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -1,7 +1,7 @@ [id="integrating-a-remote-isc-dhcp-server"] = Integrating a remote ISC DHCP server -To configure {ProductName} with external DHCP, you must complete the following procedures: +To configure {ProductName} with a remote ISC DHCP server, complete the following procedures: . xref:configuring-dhcpd-to-use-with-server[] . xref:configuring-server-for-use-with-dhcpd[] diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 4683beef933..920231e63b8 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -1,13 +1,6 @@ [id="configuring-dhcpd-to-use-with-server"] = Configuring dhcpd to use with {ProductName} -ifdef::foreman-deb[] -[NOTE] -==== -Note that this procedure describes how to run an external DHCP server on {EL} 8. -==== -endif::[] - To configure an external DHCP server running {EL} to use with {ProductName}, you must install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages. You must also share the DHCP configuration and lease files with {ProductName}. The example in this procedure uses the distributed Network File System (NFS) protocol to share the DHCP configuration and lease files. @@ -19,22 +12,36 @@ This is required because {Project} creates configuration files on the TFTP serve If the `dhcp-no-override` setting is disabled, hosts fetch the boot loader and its configuration from the root directory, which might cause an error. ==== -include::snip_firewalld.adoc[] +ifdef::foreman-deb[] +[NOTE] +==== +This procedure describes how to run a remote ISC DHCP server on {EL} 8. +==== +endif::[] + .Procedure -. On your {EL} host, install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages: +. Perform the following steps on the DHCP server: + +.. Install the required packages: + [options="nowrap" subs="+quotes,attributes"] ---- # {client-package-install-el8} dhcp-server bind-utils ---- -. Generate a security token: + +.. Generate a security token: + [options="nowrap"] ---- -# tsig-keygen -a hmac-md5 omapi_key +# tsig-keygen -a hmac-md5 _omapi_key_ +key "omapi_key" { + algorithm hmac-md5; + secret "4z1jwYO0RGUTJbWDepFBdg=="; +}; ---- -. Edit the `dhcpd` configuration file for all subnets and add the key generated by `tsig-keygen`. + +.. Edit the `/etc/dhcp/dhcpd.conf` file for all subnets, and add the key generated by `tsig-keygen`. The following is an example: + [options="nowrap" subs="+quotes"] @@ -54,43 +61,65 @@ subnet _192.168.38.0_ netmask _255.255.255.0_ { } omapi-port 7911; -key omapi_key { +key _omapi_key_ { algorithm hmac-md5; - secret "_My_Secret_"; + secret "__"; }; -omapi-key omapi_key; +omapi-key _omapi_key_; ---- + Note that the `option routers` value is the IP address of your {ProjectServer} or {SmartProxyServer} that you want to use with an external DHCP service. -. On {ProjectServer}, define each subnet. + +. Perform the following steps on {ProjectServer}: + +.. Define each subnet. Do not set DHCP {SmartProxy} for the defined Subnet yet. + To prevent conflicts, set up the lease and reservation ranges separately. For example, if the lease range is 192.168.38.10 to 192.168.38.100, in the {ProjectWebUI} define the reservation range as 192.168.38.101 to 192.168.38.250. -. Configure the firewall for external access to the DHCP server: + +.. Open the DHCP port in the `firewalld` service: + [options="nowrap"] ---- # firewall-cmd --add-service dhcp ---- -include::snip_make-firewall-settings-persistent.adoc[] -. On {ProjectServer}, determine the UID and GID of the `foreman` user: + +.. Make the changes persistent: ++ +[options="nowrap"] +---- +# firewall-cmd --runtime-to-permanent +---- + +.. Determine both the UID and the primary GID of the `foreman` user: + [options="nowrap" subs="+quotes"] ---- # id -u foreman -__993__ +_993_ + # id -g foreman _990_ ---- -. On the DHCP server, create the `foreman` user and group with the same IDs as determined in a previous step: + +. Perform the following steps on the DHCP server: + +.. Create the `foreman` group with the same group ID as determined in a previous step: + [options="nowrap" subs="+quotes"] ---- # groupadd -g _990_ foreman +---- + +.. Create the `foreman` user with the same user ID and primary group ID as determined in a previous step: ++ +[options="nowrap" subs="+quotes"] +---- # useradd -u _993_ -g _990_ -s /sbin/nologin foreman ---- -. To ensure that the configuration files are accessible, restore the read and execute flags: + +.. Ensure that the configuration files are accessible: + [options="nowrap"] ---- @@ -98,64 +127,78 @@ _990_ # chmod o+r /etc/dhcp/dhcpd.conf # chattr +i /etc/dhcp/ /etc/dhcp/dhcpd.conf ---- -. Enable and start the DHCP service: + +.. Enable and start the `dhcpd` service: + [options="nowrap"] ---- # systemctl enable --now dhcpd ---- -. Export the DHCP configuration and lease files using NFS: + +.. Install the `nfs-server` package: + [options="nowrap" subs="+quotes,attributes"] ---- # {client-package-install-el8} {nfs-server-package} +---- + +.. Enable and start the NFS server service: ++ +[options="nowrap" subs="+quotes,attributes"] +---- # systemctl enable --now nfs-server ---- -. Create directories for the DHCP configuration and lease files that you want to export using NFS: + +.. Create directories for the DHCP configuration and lease files that you want to export by using NFS: + [options="nowrap"] ---- # mkdir -p /exports/var/lib/dhcpd /exports/etc/dhcp ---- -. To create mount points for the created directories, add the following line to the `/etc/fstab` file: + +.. Edit the `/etc/fstab` file and add bind mount entries for the exported directories: + [options="nowrap"] ---- -/var/lib/dhcpd /exports/var/lib/dhcpd none bind,auto 0 0 -/etc/dhcp /exports/etc/dhcp none bind,auto 0 0 +/var/lib/dhcpd /exports/var/lib/dhcpd none bind,auto 0 0 +/etc/dhcp /exports/etc/dhcp none bind,auto 0 0 ---- -. Mount the file systems in `/etc/fstab`: ++ +These entries use bind mounts which mount the original directories to the ones you use for the export in NFS. + +.. Activate the bind mounts from the `/etc/fstab` file: + [options="nowrap"] ---- # mount -a ---- -. Ensure the following lines are present in `/etc/exports`: + +.. Edit the `/etc/exports` file, and export the required directories in NFS: + [options="nowrap" subs="+quotes"] ---- -/exports _192.168.38.1_(rw,async,no_root_squash,fsid=0,no_subtree_check) - -/exports/etc/dhcp _192.168.38.1_(ro,async,no_root_squash,no_subtree_check,nohide) - +/exports _192.168.38.1_(rw,async,no_root_squash,fsid=0,no_subtree_check) +/exports/etc/dhcp _192.168.38.1_(ro,async,no_root_squash,no_subtree_check,nohide) /exports/var/lib/dhcpd _192.168.38.1_(ro,async,no_root_squash,no_subtree_check,nohide) ---- + -Note that the IP address that you enter is the {Project} or {SmartProxy} IP address that you want to use with an external DHCP service. -. Reload the NFS server: +Use the IP address of the {Project} or {SmartProxy} in the export options to ensure that only these hosts have access. + +.. Reload the NFS server: + [options="nowrap"] ---- # exportfs -rva ---- -. Configure the firewall for DHCP omapi port 7911: + +.. Enable the `dhcpd` OMAPI port in `firewalld`: + [options="nowrap"] ---- # firewall-cmd --add-port=7911/tcp ---- -. Optional: Configure the firewall for external access to NFS. -Clients are configured using NFSv3. + +.. Enable the services required for NFSv3 in `firewalld`: + [options="nowrap"] ---- @@ -165,4 +208,11 @@ Clients are configured using NFSv3. --add-service rpc-bind \ --zone public ---- -include::snip_make-firewall-settings-persistent.adoc[] + +.. Make the changes persistent: ++ +[options="nowrap"] +---- +# firewall-cmd --runtime-to-permanent +---- + diff --git a/guides/common/modules/proc_configuring-network-services.adoc b/guides/common/modules/proc_configuring-network-services.adoc deleted file mode 100644 index 0e6cd9ecc71..00000000000 --- a/guides/common/modules/proc_configuring-network-services.adoc +++ /dev/null @@ -1,56 +0,0 @@ -[id="Configuring_Network_Services_{context}"] -= Configuring network services - -Some provisioning methods use {SmartProxyServer} services. -For example, a network might require {SmartProxyServer} to act as a DHCP server. -A network can also use PXE boot services to install the operating system on new hosts. -This requires configuring {SmartProxyServer} to use the main PXE boot services: DHCP, DNS, and TFTP. - -Use the `{foreman-installer}` command with the options to configure these services on {ProjectServer}. - -ifdef::satellite,orcharhino[] -To configure these services on an external {SmartProxyServer}, run `{foreman-installer}`. -endif::[] -ifdef::orcharhino[] -For more information, see xref:sources/installation_and_maintenance/installing_orcharhino_proxy_server.adoc[{InstallingSmartProxyDocTitle}]. -endif::[] - -.Procedure -. Enter the `{foreman-installer}` command to configure the required network services: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} --foreman-proxy-dhcp true \ ---foreman-proxy-dhcp-gateway "_192.168.140.1_" \ ---foreman-proxy-dhcp-managed true \ ---foreman-proxy-dhcp-nameservers "_192.168.140.2_" \ ---foreman-proxy-dhcp-range "_192.168.140.10_ _192.168.140.110_" \ ---foreman-proxy-dhcp-server "_192.168.140.2_" \ ---foreman-proxy-dns true \ ---foreman-proxy-dns-forwarders "_8.8.8.8_" \ ---foreman-proxy-dns-forwarders "_8.8.4.4_" \ ---foreman-proxy-dns-managed true \ ---foreman-proxy-dns-reverse "_140.168.192.in-addr.arpa_" \ ---foreman-proxy-dns-server "_127.0.0.1_" \ ---foreman-proxy-dns-zone "_example.com_" \ ---foreman-proxy-tftp true \ ---foreman-proxy-tftp-managed true ----- -. Find {SmartProxyServer} that you configure: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {hammer-smart-proxy} list ----- -. Refresh features of {SmartProxyServer} to view the changes: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {hammer-smart-proxy} refresh-features --name "_{foreman-example-com}_" ----- -. Verify the services configured on {SmartProxyServer}: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {hammer-smart-proxy} info --name "_{foreman-example-com}_" ----- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 499cb7ab5e8..04b387e6a47 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -1,61 +1,89 @@ [id="configuring-server-for-use-with-dhcpd"] = Configuring {ProjectServer} for use with dhcpd -You can configure {ProductName} with an external DHCP server. +You can configure {ProductName} with a non-installer-managed DHCP server. + +Perform the steps on the {ProjectServer} or {SmartProxyServer}. + .Prerequisites -* Ensure that you have configured an external DHCP server and that you have shared the DHCP configuration and lease files with {ProductName}. -For more information, see xref:configuring-server-for-use-with-dhcpd[]. +* xref:configuring-dhcpd-to-use-with-server[You configured the DHCP service and shared the configuration and lease files over the network]. + .Procedure -. Install the `{nfs-client-package}` package: + +. Install the required package: + [options="nowrap" subs="+quotes,attributes"] ---- # {project-package-install} {nfs-client-package} ---- -. Create the DHCP directories for NFS: + +. Create the directories into which you later mount the NFS shares: + [options="nowrap"] ---- # mkdir -p /mnt/nfs/etc/dhcp /mnt/nfs/var/lib/dhcpd ---- -. Change the file owner: + +. Set the owner of the `/mnt/nfs` and sub-directories to `foreman-proxy`: + [options="nowrap"] ---- # chown -R foreman-proxy /mnt/nfs ---- -. Verify communication with the NFS server and the Remote Procedure Call (RPC) communication paths: + +. Verify that the NFS server exports the required directories: + [options="nowrap" subs="+quotes"] ---- # showmount -e _DHCP_Server_FQDN_ -# rpcinfo -p _DHCP_Server_FQDN_ ---- -. Add the following lines to the `/etc/fstab` file: + +. Edit the `/etc/fstab` file, and add entries for the NFS shares to mount them automatically when the system boots: + [options="nowrap" subs="+quotes"] ---- -_DHCP_Server_FQDN_:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs -ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcp_etc_t:s0" 0 0 +__:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcp_etc_t:s0" 0 0 -_DHCP_Server_FQDN_:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs -ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0 +__:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0 ---- -. Mount the file systems on `/etc/fstab`: + +. Mount the NFS shares: + [options="nowrap"] ---- -# mount -a +# mount /mnt/nfs/etc/dhcp/ +# mount /mnt/nfs/var/lib/dhcpd/ ---- -. To verify that the `foreman-proxy` user can access the files that are shared over the network, display the DHCP configuration and lease files: + +. Optional: Verify that the `foreman-proxy` user can access the files on the NFS server: + +.. Switch to the `foreman-proxy` user: + [options="nowrap"] ---- # su foreman-proxy -s /bin/bash +---- + +.. Display the `/mnt/nfs/etc/dhcp/dhcpd.conf` file: ++ +[options="nowrap"] +---- $ cat /mnt/nfs/etc/dhcp/dhcpd.conf +---- + +.. Display the `/mnt/nfs/var/lib/dhcpd/dhcpd.leases` file: ++ +[options="nowrap"] +---- $ cat /mnt/nfs/var/lib/dhcpd/dhcpd.leases +---- + +.. Log out the `foreman-proxy` user to switch back to the `root` user: ++ +[options="nowrap"] +---- $ exit ---- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 63803d542e5..f0611ec8ca1 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -1,38 +1,34 @@ [id="configuring-server-for-use-with-tftp"] = Configuring {ProductName} for use with tftp -You can configure {ProductName} with external TFTP services. +After you prepared the TFTP server and shared the root directory of the TFTP service over the network, integrate the service into {Project}. .Prerequisites * You configured the TFTP server. -* You shared the `/var/lib/tftpboot` on the TFTP server with NFS. +* You shared the `/exports/var/lib/tftpboot` on the TFTP server with NFS. .Procedure -. Associate the TFTP service with the appropriate subnets. - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. - -. Create the TFTP directory for NFS: +. Create the directory into which you later mount the NFS share: + [options="nowrap"] ---- # mkdir -p /mnt/nfs/var/lib/tftpboot ---- -. In the `/etc/fstab` file, add the following line: +. Edit the `/etc/fstab` file, and add entry for the NFS share to mount them automatically when the system boots: + [options="nowrap" subs="+quotes"] ---- -_TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 +__:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 ---- -. Mount the file systems in `/etc/fstab`: +. Mount the NFS share: + [options="nowrap"] ---- -# mount -a +# mount /mnt/nfs/var/lib/tftpboot/ ---- . Configure {ProjectServer} or {SmartProxyServer} to use the TFTP server: @@ -40,14 +36,11 @@ _TFTP_Server_IP_Address_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ +--foreman-proxy-managed false \ +--foreman-proxy-tftp true \ --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ ---foreman-proxy-tftp true +--foreman-proxy-tftp-servername _ ---- -. If the TFTP service is running on a different server than the DHCP service, update the `tftp_servername` setting with the FQDN or IP address of the server that the TFTP service is running on: -+ -[options="nowrap" subs="+quotes,attributes"] ----- -# {foreman-installer} --foreman-proxy-tftp-servername _TFTP_Server_FQDN_ ----- +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 9c2d437d85a..8a4e761044a 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -31,16 +31,16 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. -. Optional: Secure the `dhcpd` API on the {SmartProxy} by using an OMAPI key: +. Optional: Secure the `dhcpd` API on the {SmartProxy} by using an Object Management Application Programming Interface (OMAPI) key: -.. Install the required packages: +.. Install the required package: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- # {project-package-install} {bind-package} ---- -.. Generate a key: +.. Generate an OMAPI key: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 5315f684e9b..05a0eb3ceff 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -1,9 +1,10 @@ [id="enabling-the-installer-managed-tftp-service"] = Enabling the installer-managed TFTP service -If you do not have a TFTP server available in your network, you can use the installer-managed TFTP service. This feature enables you to provide a TFTP service with a low maintenance effort. +If you do not have a TFTP server available in your network, you can use the installer-managed TFTP service to perform unattended installations. +With the installer-managed TFTP service, you can run a TFTP server with a low maintenance effort because {Project} fully manages the TFTP service, including the files on that service. -Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. +Perform the steps on the {Project} or {SmartProxyServer} that you want to configure as TFTP service. .Procedure diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 2d8e1692042..7af40e086e2 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -1,33 +1,39 @@ [id="integrating-a-generic-rfc-2136-compatible-remote-dns-server"] = Integrating a generic RFC 2136-compatible remote DNS server -You can configure {ProductName} to integrate a remote DNS server that supports dynamic updates as defined in RFC 2136. +You can configure {ProductName} to integrate a remote DNS server that supports dynamic updates as defined in link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]. In this case, {ProductName} uses the `nsupdate` utility to update DNS records on the remote server. .Prerequisites -* The remote DNS service is configured. +* The remote DNS service is configured and can be queried. * The remote DNS service supports RFC 2136-compatible dynamic updates -* You copied the `/etc/rndc.key` file from the external DNS server to `/etc/foreman-proxy/rndc.key` on the {ProjectServer} or {SmartProxyServer}. +* The Remote Name Daemon Control (RNDC) key file to connect to the remote DNS server is placed in `/etc/foreman-proxy/rndc.key` on the {ProjectServer} or {SmartProxyServer}. .Procedure -. Configure the ownership, permissions, and SELinux context: +. Update the permissions on `/etc/foreman-proxy/rndc.key` to enable members of the `foreman-proxy` group to read this file: + [options="nowrap"] ---- -ifndef::foreman-deb[] -# restorecon -v /etc/foreman-proxy/rndc.key -endif::[] # chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key # chmod -v 640 /etc/foreman-proxy/rndc.key ---- -. Optional: Test if you can use the key file to manually manage DNS entries: +ifndef::foreman-deb[] +. Restore the SELinux context on `/etc/foreman-proxy/rndc.key`:: ++ +[options="nowrap"] +---- +# restorecon -v /etc/foreman-proxy/rndc.key +---- +endif::[] + +. Optional: Verify if you can use the key file to manually manage DNS entries: -.. On {ProjectServer}, create a test DNS entry for a host. -For example, host `_test.example.com_` with an A record of `192.168.25.20` on the IdM server at `192.168.25.1`. +.. Create a test DNS entry. +For example, host `_test.example.com_` with an `A` record of `192.168.25.20` on the DNS server at `192.168.25.1`. + [options="nowrap" subs="+quotes,attributes"] ---- @@ -36,7 +42,7 @@ update add _test.example.com_ 3600 IN A 192.168.25.20\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- -.. On {ProjectServer}, verify that you can query the new DNS entry: +.. Verify that you can query the new DNS entry: + [options="nowrap" subs="+quotes,attributes"] ---- diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index 3e291417be2..c1eb6b05120 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -10,12 +10,12 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the sel .Prerequisites * You installed and configured a DNS service on the {ProjectServer} or {SmartProxyServer} host. -* The DNS service supports RFC 2136-compatible updates +* The DNS service supports link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible updates .Procedure -. Configure {Project} or {SmartProxy} as DNS server: +. Set the local, self-managed DNS service in {Project} or {SmartProxy}: + [options="nowrap",subs="+quotes,attributes"] .... diff --git a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc similarity index 51% rename from guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc rename to guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc index 6b11df1572f..49c67d600ac 100644 --- a/guides/common/modules/proc_integrating-dnsmas-dhcp-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc @@ -1,20 +1,24 @@ -[id="integrating-dnsmas-dhcp-by-using-the-libvirt-api"] +[id="integrating-dnsmasq-dhcp-by-using-the-libvirt-api"] = Integrating dnsmasq DHCP by using the libvirt API -The _dhcp_libvirt_ plugin manages IP reservations and leases using `dnsmasq` through the libvirt API. -It uses `ruby-libvirt` to connect to the local or remote instance of libvirt daemon. +The `dhcp_libvirt` plugin manages IP reservations and leases using `dnsmasq` through the `libvirt` API. +It uses `ruby-libvirt` to connect to the local or remote instance of the `libvirt` service. + .Procedure -. You can use `{foreman-installer}` to configure `dhcp_libvirt`: + +. Configure {ProjectServer} or {SmartProxyServer} to connect to the `libvirt` API: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- -foreman-installer \ +# {foreman-installer} \ --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-provider libvirt \ --foreman-proxy-libvirt-network default \ ---foreman-proxy-libvirt-network qemu:///system +--foreman-proxy-libvirt-url qemu:///system ---- ++ +Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index 5b64fabaff7..0d2232bd641 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -1,11 +1,13 @@ [id="integrating-dnsmasq-dns-by-using-the-libvirt-api"] = Integrating dnsmasq DNS by using the libvirt API -The _dns_libvirt_ DNS provider manages DNS records using dnsmasq through the libvirt API. -It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvirt daemon. +The `dns_libvirt` DNS provider manages DNS records using `dnsmasq` through the `libvirt` API. +It uses `ruby-libvirt` gem to connect to the local or a remote instance of the `libvirt` service. + .Procedure -. You can use `{foreman-installer}` to configure `dns_libvirt`: + +. Configure {ProjectServer} or {SmartProxyServer} to connect to the `libvirt` API: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -16,7 +18,7 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of libvi --foreman-proxy-libvirt-url qemu:///system ---- + -Note that you can only use one network and URL for both _dns_libvirt_ and _dhcp_libvirt_. +Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 7cfbb568f7c..c6f0acf37e9 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -1,101 +1,101 @@ [id="integrating-idm-dns-update-with-gss-tsig-authentication"] -= Integrating IdM DNS with GSS-TSIG authentication += Integrating {FreeIPA} DNS with GSS-TSIG authentication + +You can configure the {FreeIPA} server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in https://tools.ietf.org/html/rfc3645[RFC3645]. +To configure the {FreeIPA} server to use the GSS-TSIG technology, you must install the {FreeIPA} client on the {ProductName} base operating system. -You can configure the IdM server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in https://tools.ietf.org/html/rfc3645[RFC3645]. -To configure the IdM server to use the GSS-TSIG technology, you must install the IdM client on the {ProductName} base operating system. .Prerequisites -* You must ensure the IdM server is deployed and the host-based firewall is configured correctly. -ifdef::satellite[] -For more information, see {RHELDocsBaseURL}9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for IdM] in _{RHEL}{nbsp}9 Installing Identity Management_. -endif::[] -* You must contact the IdM server administrator to ensure that you obtain an account on the IdM server with permissions to create zones on the IdM server. -* You should create a backup of the answer file. -You can use the backup to restore the answer file to its original state if it becomes corrupted. +* The {FreeIPA} server is deployed and functional. +* The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] -For more information, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. +See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. endif::[] +* You use an {FreeIPA} account that has permissions to create zones on the {FreeIPA} server. + .Procedure -To configure dynamic DNS update with GSS-TSIG authentication, complete the following steps: -.Creating a Kerberos principal on the IdM server +. Create a Kerberos principal on the {FreeIPA} server: -. Obtain a Kerberos ticket for the account obtained from the IdM administrator: +.. Obtain a Kerberos ticket: + [options="nowrap" subs="+quotes,attributes"] ---- -# kinit _idm_user_ +# kinit _<{FreeIPA}_user>_ ---- -. Create a new Kerberos principal for {ProductName} to use to authenticate on the IdM server: +.. Create a new Kerberos principal {ProductName} to use to authenticate on the {FreeIPA} server: + +*** For a {ProjectServer}, enter: + -ifeval::["{context}" == "{smart-proxy-context}"] [options="nowrap" subs="+quotes,attributes"] ---- -# ipa service-add _{smartproxy-example-com}_ +# ipa service-add _{smart-proxy-principal}/{foreman-example-com}_ ---- -endif::[] -ifeval::["{context}" == "{project-context}"] + +*** For a {SmartProxyServer}, enter: ++ [options="nowrap" subs="+quotes,attributes"] ---- -# ipa service-add _{smart-proxy-principal}/{foreman-example-com}_ +# ipa service-add _{smartproxy-example-com}_ ---- -endif::[] -.Installing and configuring the idM client -. On the base operating system of either the {Project} or {SmartProxy} that is managing the DNS service for your deployment, install the `ipa-client` package: +. Install and configure the {FreeIPA} client on either the {Project} or {SmartProxy} that is managing the DNS service for your deployment: + +.. Install the `ipa-client` package: + [options="nowrap" subs="+quotes,attributes"] ---- # {project-package-install} ipa-client ---- -. Configure the IdM client by running the installation script and following the on-screen prompts: +.. Install the {FreeIPA} client: + [options="nowrap"] ---- # ipa-client-install ---- ++ +Follow the on-screen prompts. -. Obtain a Kerberos ticket: +.. Obtain a Kerberos ticket: + [options="nowrap"] ---- # kinit admin ---- -. Remove any preexisting `keytab`: +.. Remove any preexisting `keytab`: + [options="nowrap"] ---- # rm /etc/foreman-proxy/dns.keytab ---- -. Obtain the `keytab` for this system: +.. Obtain a `keytab` file for this system: + - [options="nowrap" subs="+quotes,attributes"] ---- # ipa-getkeytab -p {smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_ \ --s _idm1.example.com_ -k /etc/foreman-proxy/dns.keytab +-s _server.example.com_ -k /etc/foreman-proxy/dns.keytab ---- + [NOTE] ==== When adding a keytab to a standby system with the same host name as the original system in service, add the `r` option to prevent generating new credentials and rendering the credentials on the original system invalid. ==== -+ -. For the `dns.keytab` file, set the group and owner to `foreman-proxy`: + +.. Set the owner and group of the `/etc/foreman-proxy/dns.keytab` to `foreman-proxy`: + [options="nowrap"] ---- # chown foreman-proxy:foreman-proxy /etc/foreman-proxy/dns.keytab ---- -. Optional: To verify that the `keytab` file is valid, enter the following command: +.. Optional: Verify that the `keytab` file is valid: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -103,14 +103,15 @@ When adding a keytab to a standby system with the same host name as the original {smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_ ---- -.Configuring DNS zones in the IdM web UI +. Add a forward DNS zone in the {FreeIPA} web UI: -. Create and configure the zone that you want to manage: .. Navigate to *Network Services* > *DNS* > *DNS Zones*. -.. Select *Add* and enter the zone name. + +.. Select *Add*, and enter the zone name. For example, `example.com`. + .. Click *Add and Edit*. -.. Click the Settings tab and in the *BIND update policy* box, add the following to the semi-colon separated list: +.. On the *Settings* tab, append the following to the semicolon-separated list in the *BIND update policy* field: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -118,15 +119,22 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard ---- .. Set *Dynamic update* to *True*. + .. Enable *Allow PTR sync*. + .. Click *Save* to save the changes. -. Create and configure the reverse zone: +. Add a reverse DNS zone in the {FreeIPA} web UI: + .. Navigate to *Network Services* > *DNS* > *DNS Zones*. + .. Click *Add*. -.. Select *Reverse zone IP network* and add the network address in CIDR format to enable reverse lookups. + +.. Select *Reverse zone IP network*, and add the network address in CIDR format to enable reverse lookups. + .. Click *Add and Edit*. -.. Click the *Settings* tab and in the *BIND update policy* box, add the following to the semi-colon separated list: + +.. On the *Settings* tab, append the following to the semicolon-separated list in the *BIND update policy* field: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -134,22 +142,21 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard ---- .. Set *Dynamic update* to *True*. -.. Click *Save* to save the changes. +.. Click *Save* to save the changes. -.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain - -. Configure your {ProjectServer} or {SmartProxyServer} to connect to your DNS service: +. Configure {ProjectServer} or {SmartProxyServer} to connect to the {FreeIPA} DNS service: + [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ --foreman-proxy-dns-managed false \ --foreman-proxy-dns-provider nsupdate_gss \ ---foreman-proxy-dns-server "_idm1.example.com_" \ +--foreman-proxy-dns-server "_server.example.com_" \ --foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab \ --foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ --foreman-proxy-dns true ---- + . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index b6a5fd2989b..2c23d1dc419 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -1,54 +1,53 @@ [id="integrating-idm-dns-with-tsig-authentication"] -= Integrating IdM DNS with TSIG authentication += Integrating {FreeIPA} DNS with TSIG authentication -You can configure an IdM server to use the secret key transaction authentication for DNS (TSIG) technology that uses the `rndc.key` key file for authentication. +You can configure an {FreeIPA} server to use the secret key transaction authentication for DNS (TSIG) technology that uses a key file for authentication. The TSIG protocol is defined in https://tools.ietf.org/html/rfc2845[RFC2845]. .Prerequisites -* You must ensure the IdM server is deployed and the host-based firewall is configured correctly. -ifdef::satellite[] -For more information, see {RHELDocsBaseURL}7/html/linux_domain_identity_authentication_and_policy_guide/installing-ipa#prereq-ports[Port Requirements] in the _{RHEL}{nbsp}7 Linux Domain Identity, Authentication, and Policy Guide_. -endif::[] -* You must obtain `root` user access on the IdM server. -* You must confirm whether {ProjectServer} or {SmartProxyServer} is configured to provide DNS service for your deployment. -* You must configure DNS, DHCP and TFTP services on the base operating system of either the {Project} or {SmartProxy} that is managing the DNS service for your deployment. -* You must create a backup of the answer file. -You can use the backup to restore the answer file to its original state if it becomes corrupted. +* The {FreeIPA} server is deployed and functional. +* The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] -For more information, see {InstallingServerDocURL}configuring-server_{project-context}[Configuring {ProjectServer}]. +See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. endif::[] +* You have `root` access on the {FreeIPA} server. +* You must confirm whether {ProjectServer} or {SmartProxyServer} is configured to provide DNS service for your deployment. .Procedure -. On the IdM Server, add the following to the top of the `/etc/named.conf` file: +. Perform the following steps on the {FreeIPA} Server: + +.. Insert the following settings at the top of the `/etc/named.conf` file: + -[source, none, options="nowrap" subs="+attributes"] +[source, none, options="nowrap" subs="+quotes,attributes"] ---- -######################################################################## - include "/etc/rndc.key"; controls { -inet _IdM_Server_IP_Address_ port 953 allow { _{Project}_IP_Address_; } keys { "rndc-key"; }; +inet _<{FreeIPA}_server_ip_address>_ port 953 allow { _<{Project}_ip_address>_; } keys { "rndc-key"; }; }; -######################################################################## ---- -. Reload the `named` service to make the changes take effect: +.. Reload the `named` service: + [options="nowrap" subs="+quotes,attributes"] ---- # systemctl reload named ---- -. In the IdM web UI, navigate to *Network Services* > *DNS* > *DNS Zones* and click the name of the zone. -In the *Settings* tab, apply the following changes: +. In the {FreeIPA} web UI: -.. Add the following in the `BIND update policy` box: +.. Navigate to *Network Services* > *DNS* > *DNS Zones* + +.. Click the name of the zone. + +.. Open the *Settings* tab. + +.. Enter in the *BIND update policy* field: + -[source, none, options="nowrap" subs="+quotes,attributes"] +[source, none, options="nowrap"] ---- grant "rndc-key" zonesub ANY; ---- @@ -57,8 +56,6 @@ grant "rndc-key" zonesub ANY; .. Click *Update* to save the changes. -. Configure dynamic DNS updates in {ProjectServer}. +. Configure dynamic DNS updates in {ProjectServer} or {SmartProxyServer}. For details, see xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[]. -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index d8efe8e884c..e3110a313f4 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -3,51 +3,49 @@ Install the DHCP Infoblox provider on {ProductName}. Note that you cannot manage records in separate views. -[NOTE] -==== -If you want to use the DHCP and DNS Infoblox modules together, configure the DHCP Infoblox module with the `fixedaddress` record type only. -The `host` record type causes DNS conflicts and is not supported. - -If you configure the DHCP Infoblox module with the `host` record type, you have to unset both DNS {SmartProxy} and Reverse DNS {SmartProxy} options on your Infoblox-managed subnets, because Infoblox does DNS management by itself. -Using the `host` record type leads to creating conflicts and being unable to rename hosts in {Project}. -==== - .Limitations * You can manage DHCP entries only in a single network and view, and you cannot edit the view after you create it. -* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. +* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. +By default, it communicates only with a single node. +If you require high availability, configure this feature in Infoblox. .Prerequisites -* You must have Infoblox account credentials to manage DHCP and DNS entries in {Project}. -* Ensure that you have Infoblox administration roles with the names: `DHCP Admin` and `DNS Admin`. -* The administration roles must have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. +* You have an Infoblox account with the roles `DHCP Admin` and `DNS Admin`. +* The Infoblox roles have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. .Procedure -. Download the certificate from the Infoblox server: + +. Download the certificate from the Infoblox server, and store it in the `/etc/pki/ca-trust/source/anchors/infoblox.crt` file: + [options="nowrap" subs="+quotes"] ---- -# update-ca-trust enable # openssl s_client -showcerts -connect _infoblox.example.com_:443 /etc/pki/ca-trust/source/anchors/infoblox.crt -# update-ca-trust extract ---- + -The `_infoblox.example.com_` entry must match the host name for the Infoblox application in the X509 certificate. +The hostname must match the one for the Infoblox application in the X.509 certificate. -. Test the CA certificate by using a `curl` query: +. Add the Infoblox certificate to the system trust store: + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:password https://_infoblox.example.com_/wapi/v2.0/network +# update-ca-trust extract ---- + +. Test the CA certificate by using it in a query to the Infoblox API: + -Example positive response: +[options="nowrap" subs="+quotes"] +---- +# curl -u admin:__ https://_infoblox.example.com_/wapi/v2.0/network +---- ++ +Example of a positive response: + [options="nowrap" subs="+quotes"] ---- @@ -60,8 +58,7 @@ Example positive response: ] ---- - -. On {ProductName}, enter the following command: +. Configure {ProjectServer} or {SmartProxyServer} to connect to the Infoblox DHCP service: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -75,11 +72,23 @@ Example positive response: --foreman-proxy-plugin-dhcp-infoblox-dns-view default \ --foreman-proxy-plugin-dhcp-infoblox-network-view default ---- ++ +[NOTE] +==== +If you want to use the DHCP and DNS Infoblox modules together, configure the DHCP Infoblox module with the `fixedaddress` record type only. +The `host` record type is not supported in this scenario because it causes conflicts and you cannot rename hosts in {Project}. +==== . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. .Verification -* In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the DHCP Infoblox module, and ensure that the *dhcp* feature is listed. +. Log in to the {ProjectWebUI}. + +. Navigate to *Infrastructure* > *{SmartProxies}*. + +. Select the {SmartProxy} with the DHCP Infoblox module. + +. Verify that the *dhcp* feature is listed. diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 008500e52e5..a505c7bf7c7 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -7,39 +7,45 @@ Install the DNS Infoblox provider on {ProductName}. .Limitations * You can manage DNS entries only in a single network and view, and you cannot edit the view after you create it. -* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. +* {ProductName} uses the standard HTTPS web API to communicate with Infoblox. +By default, it communicates only with a single node. +If you require high availability, configure this feature in Infoblox. * You cannot integrate the {Project} IP address management (IPAM) feature into Infoblox. .Prerequisites -* You must have Infoblox account credentials to manage DHCP and DNS entries in {Project}. -* Ensure that you have Infoblox administration roles with the names: `DHCP Admin` and `DNS Admin`. -* The administration roles must have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. +* You have an Infoblox account with the roles `DHCP Admin` and `DNS Admin`. +* The Infoblox roles have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. .Procedure -. Download the certificate from the Infoblox server: +. Download the certificate from the Infoblox server, and store it in the `/etc/pki/ca-trust/source/anchors/infoblox.crt` file: + [options="nowrap" subs="+quotes"] ---- -# update-ca-trust enable # openssl s_client -showcerts -connect _infoblox.example.com_:443 /etc/pki/ca-trust/source/anchors/infoblox.crt -# update-ca-trust extract ---- + -The `_infoblox.example.com_` entry must match the host name for the Infoblox application in the X509 certificate. +The hostname must match the one for the Infoblox application in the X.509 certificate. -. Test the CA certificate by using a `curl` query: +. Add the Infoblox certificate to the system trust store: + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:password https://_infoblox.example.com_/wapi/v2.0/network +# update-ca-trust extract ---- + +. Test the CA certificate by using it in a query to the Infoblox API: + -Example positive response: +[options="nowrap" subs="+quotes"] +---- +# curl -u admin:__ https://_infoblox.example.com_/wapi/v2.0/network +---- ++ +Example of a positive response: + [options="nowrap" subs="+quotes"] ---- @@ -52,7 +58,7 @@ Example positive response: ] ---- -. On {ProductName}, enter the following command to configure the Infoblox module: +. Configure {ProjectServer} or {SmartProxyServer} to connect to the Infoblox DNS service: + [options="nowrap" subs="+quotes,attributes"] ---- @@ -70,6 +76,13 @@ Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `d . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. -. Verification +.Verification + +. Log in to the {ProjectWebUI}. + +. Navigate to *Infrastructure* > *{SmartProxies}*. + +. Select the {SmartProxy} with the Infoblox DNS module. + +. Verify that the *dns* feature is listed. -* In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, select the {SmartProxy} with the Infoblox DNS module, and ensure that the *dns* feature is listed. diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index 227bf739ae2..62b969022ec 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -3,8 +3,11 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerdns.com/[PowerDNS] REST API. + .Procedure -. You can use `{foreman-installer}` to configure `dns_powerdns`: + +. Configure {ProjectServer} or {SmartProxyServer} to connect to the PowerDNS service: + + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -12,8 +15,8 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-dns true \ --foreman-proxy-dns-provider powerdns \ --enable-foreman-proxy-plugin-dns-powerdns \ ---foreman-proxy-plugin-dns-powerdns-rest-api-key _api_key_ \ ---foreman-proxy-plugin-dns-powerdns-rest-url _http://localhost:8081/api/v1/servers/localhost_ +--foreman-proxy-plugin-dns-powerdns-rest-api-key __ \ +--foreman-proxy-plugin-dns-powerdns-rest-url http://__:8081/api/v1/servers/localhost ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index de518e7867c..a054ded3ea6 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -4,8 +4,9 @@ _Route 53_ is a DNS provider by Amazon. For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53]. + .Procedure -. Enable _Route 53_ DNS on your {SmartProxy}: +. Configure {ProjectServer} or {SmartProxyServer} to connect to the Amazon Route 53 DNS service: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -13,8 +14,8 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --enable-foreman-proxy-plugin-dns-route53 \ --foreman-proxy-dns true \ --foreman-proxy-dns-provider route53 \ ---foreman-proxy-plugin-dns-route53-aws-access-key _My_AWS_Access_Key_ \ ---foreman-proxy-plugin-dns-route53-aws-secret-key _My_AWS_Secret_Key_ +--foreman-proxy-plugin-dns-route53-aws-access-key __ \ +--foreman-proxy-plugin-dns-route53-aws-secret-key __ ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From 792b688357762097da5d04f607c280d21e718caf Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 11:12:09 +0200 Subject: [PATCH 27/47] Remove obsolete file about ISC dhcpd settings --- ...assembly_configuring-dhcp-integration.adoc | 3 -- .../common/modules/ref_dhcp-isc-settings.adoc | 43 ------------------- 2 files changed, 46 deletions(-) delete mode 100644 guides/common/modules/ref_dhcp-isc-settings.adoc diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 082c9a07f9d..3f9dc819db7 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -19,9 +19,6 @@ include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] include::modules/proc_troubleshooting-dhcp-problems.adoc[leveloffset=+1] ifndef::satellite[] -[appendix] -include::modules/ref_dhcp-isc-settings.adoc[leveloffset=+1] - [appendix] include::modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+1] endif::[] diff --git a/guides/common/modules/ref_dhcp-isc-settings.adoc b/guides/common/modules/ref_dhcp-isc-settings.adoc deleted file mode 100644 index 34ff54b9383..00000000000 --- a/guides/common/modules/ref_dhcp-isc-settings.adoc +++ /dev/null @@ -1,43 +0,0 @@ -[id="DHCP_ISC_Settings_{context}"] -= dhcp_isc settings - -The _dhcp_isc_ provider uses a combination of the ISC DHCP server OMAPI management interface and parsing of configuration and lease files. -This requires it to be run on the same host as the DHCP server. -The following settings are defined in `dhcp_isc.yml`: - -.Configuring the path to the _config_ and _leases_ files: -ifndef::foreman-deb[] -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -:config: /etc/dhcp/dhcpd.conf -:leases: /var/lib/dhcpd/dhcpd.leases ----- -endif::[] -ifdef::foreman-deb[] -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -:dhcp_config: /etc/dhcp3/dhcpd.conf -:dhcp_leases: /var/lib/dhcp3/dhcpd.leases ----- -endif::[] - -.Securing the DHCP server with an _omapi_key_ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -:key_name: _My_OMAPI_Key_ -:key_secret: _My_Key_Secret_ ----- - -.Setting a port on which the DHCP server listens -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -:omapi_port: _My_DHCP_Server_Port_ # default: 7911 ----- - -The server is defined in `dhcp.yml`: - -.Setting the host on which the DHCP server runs on -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -:server: _My_DHCP_Server_FQDN_ ----- From f381ed169b2827464a152a725e0f37404cf2307e Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 11:30:18 +0200 Subject: [PATCH 28/47] Use a similar order of options for foreman-installer commands --- .../proc_configuring-server-for-use-with-dhcpd.adoc | 8 ++++---- .../proc_configuring-server-for-use-with-tftp.adoc | 2 +- .../proc_enabling-the-installer-managed-dns-service.adoc | 6 +++--- ..._integrating-idm-dns-with-gss-tsig-authentication.adoc | 6 +++--- guides/common/modules/proc_integrating-infoblox-dhcp.adoc | 5 +++-- guides/common/modules/proc_integrating-infoblox-dns.adoc | 5 +++-- guides/common/modules/proc_integrating-route-53-dns.adoc | 2 +- 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 04b387e6a47..b82eb4e97d1 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -92,14 +92,14 @@ $ exit [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---enable-foreman-proxy-plugin-dhcp-remote-isc \ ---foreman-proxy-dhcp-provider remote_isc \ ---foreman-proxy-dhcp-server _My_DHCP_Server_FQDN_ \ --foreman-proxy-dhcp true \ +--foreman-proxy-dhcp-provider remote_isc \ +--enable-foreman-proxy-plugin-dhcp-remote-isc \ +--foreman-proxy-dhcp-server __ \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-config /mnt/nfs/etc/dhcp/dhcpd.conf \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases /mnt/nfs/var/lib/dhcpd/dhcpd.leases \ --foreman-proxy-plugin-dhcp-remote-isc-key-name omapi_key \ ---foreman-proxy-plugin-dhcp-remote-isc-key-secret _My_Secret_ \ +--foreman-proxy-plugin-dhcp-remote-isc-key-secret __ \ --foreman-proxy-plugin-dhcp-remote-isc-omapi-port 7911 ---- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index f0611ec8ca1..2244b38f793 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -36,8 +36,8 @@ __:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-managed false \ --foreman-proxy-tftp true \ +--foreman-proxy-managed false \ --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ --foreman-proxy-tftp-servername _ ---- diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index bfb7d9e106c..df20ba551c5 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -13,10 +13,10 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config [options="nowrap",subs="+quotes,attributes"] .... # {foreman-installer} \ ---foreman-proxy-dns-managed true \ +--foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate \ ---reset-foreman-proxy-dns-server \ ---foreman-proxy-dns true +--foreman-proxy-dns-managed true \ +--reset-foreman-proxy-dns-server .... . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index c6f0acf37e9..1407be8d3f7 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -150,12 +150,12 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard [options="nowrap" subs="+quotes,attributes"] ---- # {foreman-installer} \ ---foreman-proxy-dns-managed false \ +--foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate_gss \ +--foreman-proxy-dns-managed false \ --foreman-proxy-dns-server "_server.example.com_" \ --foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab \ ---foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \ ---foreman-proxy-dns true +--foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index e3110a313f4..38465b1dd9b 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -62,12 +62,13 @@ Example of a positive response: + [options="nowrap" subs="+quotes,attributes"] ---- -# {foreman-installer} --enable-foreman-proxy-plugin-dhcp-infoblox \ +# {foreman-installer} \ --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-provider infoblox \ +--enable-foreman-proxy-plugin-dhcp-infoblox \ --foreman-proxy-dhcp-server _infoblox.example.com_ \ --foreman-proxy-plugin-dhcp-infoblox-username _admin_ \ ---foreman-proxy-plugin-dhcp-infoblox-password _infoblox_ \ +--foreman-proxy-plugin-dhcp-infoblox-password __ \ --foreman-proxy-plugin-dhcp-infoblox-record-type fixedaddress \ --foreman-proxy-plugin-dhcp-infoblox-dns-view default \ --foreman-proxy-plugin-dhcp-infoblox-network-view default diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index a505c7bf7c7..dd7b520ccc4 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -62,12 +62,13 @@ Example of a positive response: + [options="nowrap" subs="+quotes,attributes"] ---- -# {foreman-installer} --enable-foreman-proxy-plugin-dns-infoblox \ +# {foreman-installer} \ --foreman-proxy-dns true \ --foreman-proxy-dns-provider infoblox \ +--enable-foreman-proxy-plugin-dns-infoblox \ --foreman-proxy-plugin-dns-infoblox-dns-server _infoblox.example.com_ \ --foreman-proxy-plugin-dns-infoblox-username _admin_ \ ---foreman-proxy-plugin-dns-infoblox-password _infoblox_ \ +--foreman-proxy-plugin-dns-infoblox-password __ \ --foreman-proxy-plugin-dns-infoblox-dns-view __ ---- + diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index a054ded3ea6..623b6cb6576 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -11,9 +11,9 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 [options="nowrap", subs="+quotes,verbatim,attributes"] ---- # {foreman-installer} \ ---enable-foreman-proxy-plugin-dns-route53 \ --foreman-proxy-dns true \ --foreman-proxy-dns-provider route53 \ +--enable-foreman-proxy-plugin-dns-route53 \ --foreman-proxy-plugin-dns-route53-aws-access-key __ \ --foreman-proxy-plugin-dns-route53-aws-secret-key __ ---- From 08d63224068956db7e10b745b7ebc27144061821 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 11:38:19 +0200 Subject: [PATCH 29/47] Fix broken markups --- .../modules/proc_configuring-dhcpd-to-use-with-server.adoc | 2 +- .../modules/proc_configuring-server-for-use-with-tftp.adoc | 2 +- guides/common/modules/proc_integrating-infoblox-dhcp.adoc | 2 +- guides/common/modules/proc_integrating-infoblox-dns.adoc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 920231e63b8..b239e62e7f5 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -32,7 +32,7 @@ endif::[] .. Generate a security token: + -[options="nowrap"] +[options="nowrap" subs="+quotes"] ---- # tsig-keygen -a hmac-md5 _omapi_key_ key "omapi_key" { diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 2244b38f793..97bc2537c92 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -39,7 +39,7 @@ __:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs --foreman-proxy-tftp true \ --foreman-proxy-managed false \ --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ ---foreman-proxy-tftp-servername _ +--foreman-proxy-tftp-servername __ ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 38465b1dd9b..6c13c5e54d5 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -42,7 +42,7 @@ The hostname must match the one for the Infoblox application in the X.509 certif + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:__ https://_infoblox.example.com_/wapi/v2.0/network +# curl -u admin:____ https://_infoblox.example.com_/wapi/v2.0/network ---- + Example of a positive response: diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index dd7b520ccc4..5f45f64eb6a 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -42,7 +42,7 @@ The hostname must match the one for the Infoblox application in the X.509 certif + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:__ https://_infoblox.example.com_/wapi/v2.0/network +# curl -u admin:____ https://_infoblox.example.com_/wapi/v2.0/network ---- + Example of a positive response: From 8a7cc0193d8bae8b90cacfd8635797e9355d6d55 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 12:16:01 +0200 Subject: [PATCH 30/47] Remove include of a file that no longer exists --- guides/doc-Installing_Proxy/master.adoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/guides/doc-Installing_Proxy/master.adoc b/guides/doc-Installing_Proxy/master.adoc index bf322dac3d4..32d45c559a1 100644 --- a/guides/doc-Installing_Proxy/master.adoc +++ b/guides/doc-Installing_Proxy/master.adoc @@ -33,9 +33,6 @@ include::common/assembly_performing-additional-configuration-on-smart-proxy-serv include::common/modules/ref_smart-proxy-server-scalability-considerations-when-managing-puppet-clients.adoc[leveloffset=+1] ifndef::satellite[] -[appendix] -include::common/modules/ref_dhcp-isc-settings.adoc[leveloffset=+1] - [appendix] include::common/modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+1] endif::[] From ca5069547190a9a16a45a9704f2ad94efdcdf8af Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 12:17:53 +0200 Subject: [PATCH 31/47] Vale fixes --- guides/common/modules/proc_integrating-infoblox-dhcp.adoc | 2 +- guides/common/modules/proc_integrating-infoblox-dns.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 6c13c5e54d5..de8f0d6038f 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -31,7 +31,7 @@ openssl x509 -text >/etc/pki/ca-trust/source/anchors/infoblox.crt + The hostname must match the one for the Infoblox application in the X.509 certificate. -. Add the Infoblox certificate to the system trust store: +. Add the Infoblox certificate to the system truststore: + [options="nowrap" subs="+quotes"] ---- diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 5f45f64eb6a..d8afcca246a 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -31,7 +31,7 @@ openssl x509 -text >/etc/pki/ca-trust/source/anchors/infoblox.crt + The hostname must match the one for the Infoblox application in the X.509 certificate. -. Add the Infoblox certificate to the system trust store: +. Add the Infoblox certificate to the system truststore: + [options="nowrap" subs="+quotes"] ---- From 56bb51e1b3164442dab04c6604b2dc406d994821 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Fri, 25 Apr 2025 14:11:09 +0200 Subject: [PATCH 32/47] Update guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc Co-authored-by: Ewoud Kohl van Wijngaarden --- .../modules/proc_configuring-dhcpd-to-use-with-server.adoc | 5 ----- 1 file changed, 5 deletions(-) diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index b239e62e7f5..cc7d10517d1 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -72,11 +72,6 @@ Note that the `option routers` value is the IP address of your {ProjectServer} o . Perform the following steps on {ProjectServer}: -.. Define each subnet. -Do not set DHCP {SmartProxy} for the defined Subnet yet. -+ -To prevent conflicts, set up the lease and reservation ranges separately. -For example, if the lease range is 192.168.38.10 to 192.168.38.100, in the {ProjectWebUI} define the reservation range as 192.168.38.101 to 192.168.38.250. .. Open the DHCP port in the `firewalld` service: + From 9315188edf4e0a8f784982942c57f21d72ba8537 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Fri, 25 Apr 2025 15:51:09 +0200 Subject: [PATCH 33/47] Apply suggestions from code review Co-authored-by: Ewoud Kohl van Wijngaarden --- guides/common/modules/con_dhcp-service-providers.adoc | 2 +- .../modules/proc_configuring-dhcpd-to-use-with-server.adoc | 4 ++-- ...oc_integrating-idm-dns-with-gss-tsig-authentication.adoc | 2 +- .../proc_integrating-idm-dns-with-tsig-authentication.adoc | 6 +++--- guides/common/modules/proc_integrating-infoblox-dhcp.adoc | 2 +- guides/common/modules/proc_integrating-infoblox-dns.adoc | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 52970b15b23..970d2e191d4 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -1,7 +1,7 @@ [id="dhcp-serivce-proviers"] = DHCP service providers -{Project} can manage IP leases on a DHCP server by using {SmartProxy}. +{Project} can manage IP leases on a DHCP server through a {SmartProxy}. This management contains querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. Note that {SmartProxy} cannot manage subnet declarations. diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index cc7d10517d1..2f9672c0e3b 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -15,7 +15,7 @@ If the `dhcp-no-override` setting is disabled, hosts fetch the boot loader and i ifdef::foreman-deb[] [NOTE] ==== -This procedure describes how to run a remote ISC DHCP server on {EL} 8. +This procedure describes how to run a remote ISC DHCP server on {EL} 9. ==== endif::[] @@ -70,7 +70,7 @@ omapi-key _omapi_key_; + Note that the `option routers` value is the IP address of your {ProjectServer} or {SmartProxyServer} that you want to use with an external DHCP service. -. Perform the following steps on {ProjectServer}: +. Perform the following steps on {ProjectServer} or {SmartProxyServer}: .. Open the DHCP port in the `firewalld` service: diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 1407be8d3f7..dc4f26b9dc3 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -72,7 +72,7 @@ Follow the on-screen prompts. + [options="nowrap"] ---- -# rm /etc/foreman-proxy/dns.keytab +# rm --force /etc/foreman-proxy/dns.keytab ---- .. Obtain a `keytab` file for this system: diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 2c23d1dc419..5836043a96c 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -10,7 +10,7 @@ The TSIG protocol is defined in https://tools.ietf.org/html/rfc2845[RFC2845]. * The {FreeIPA} server is deployed and functional. * The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] -See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. +See {RHELDocsBaseURL}9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. endif::[] * You have `root` access on the {FreeIPA} server. * You must confirm whether {ProjectServer} or {SmartProxyServer} is configured to provide DNS service for your deployment. @@ -25,8 +25,8 @@ endif::[] [source, none, options="nowrap" subs="+quotes,attributes"] ---- include "/etc/rndc.key"; -controls { -inet _<{FreeIPA}_server_ip_address>_ port 953 allow { _<{Project}_ip_address>_; } keys { "rndc-key"; }; +controls { + inet _<{FreeIPA}_server_ip_address>_ port 953 allow { _<{Project}_ip_address>_; } keys { "rndc-key"; }; }; ---- diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index de8f0d6038f..39d5b6b2750 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -1,7 +1,7 @@ [id="integrating-infoblox-dhcp"] = Integrating Infoblox DHCP -Install the DHCP Infoblox provider on {ProductName}. Note that you cannot manage records in separate views. +Install the DHCP Infoblox provider on {ProductName}. .Limitations diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index d8afcca246a..facbfe3f9fe 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -5,7 +5,7 @@ Install the DNS Infoblox provider on {ProductName}. .Limitations -* You can manage DNS entries only in a single network and view, and you cannot edit the view after you create it. +* You can manage DNS entries only in a single view, and you cannot edit the view after you create it. * {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. From 70385ab271d75de8cd9d57ceb6b888bd87f7e86a Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Fri, 25 Apr 2025 15:50:27 +0200 Subject: [PATCH 34/47] SME feedback --- ..._configuring-dhcpd-to-use-with-server.adoc | 26 +++++++------------ ...-idm-dns-with-gss-tsig-authentication.adoc | 2 +- ...ting-idm-dns-with-tsig-authentication.adoc | 3 +-- .../proc_integrating-infoblox-dhcp.adoc | 11 -------- .../proc_integrating-infoblox-dns.adoc | 11 -------- 5 files changed, 11 insertions(+), 42 deletions(-) diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 2f9672c0e3b..0ba1e97e1d5 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -5,13 +5,6 @@ To configure an external DHCP server running {EL} to use with {ProductName}, you You must also share the DHCP configuration and lease files with {ProductName}. The example in this procedure uses the distributed Network File System (NFS) protocol to share the DHCP configuration and lease files. -[NOTE] -==== -If you use dnsmasq as an external DHCP server, enable the `dhcp-no-override` setting. -This is required because {Project} creates configuration files on the TFTP server under the `grub2/` subdirectory. -If the `dhcp-no-override` setting is disabled, hosts fetch the boot loader and its configuration from the root directory, which might cause an error. -==== - ifdef::foreman-deb[] [NOTE] ==== @@ -70,9 +63,6 @@ omapi-key _omapi_key_; + Note that the `option routers` value is the IP address of your {ProjectServer} or {SmartProxyServer} that you want to use with an external DHCP service. -. Perform the following steps on {ProjectServer} or {SmartProxyServer}: - - .. Open the DHCP port in the `firewalld` service: + [options="nowrap"] @@ -87,31 +77,33 @@ Note that the `option routers` value is the IP address of your {ProjectServer} o # firewall-cmd --runtime-to-permanent ---- -.. Determine both the UID and the primary GID of the `foreman` user: +. Perform the following steps on {ProjectServer}: + +.. Determine both the UID and the primary GID of the `foreman-proxy` user: + [options="nowrap" subs="+quotes"] ---- -# id -u foreman +# id -u foreman-proxy _993_ -# id -g foreman +# id -g foreman-proxy _990_ ---- . Perform the following steps on the DHCP server: -.. Create the `foreman` group with the same group ID as determined in a previous step: +.. Create the `foreman-proxy` group with the same group ID as determined in a previous step: + [options="nowrap" subs="+quotes"] ---- -# groupadd -g _990_ foreman +# groupadd -g _990_ foreman-proxy ---- -.. Create the `foreman` user with the same user ID and primary group ID as determined in a previous step: +.. Create the `foreman-proxy` user with the same user ID and primary group ID as determined in a previous step: + [options="nowrap" subs="+quotes"] ---- -# useradd -u _993_ -g _990_ -s /sbin/nologin foreman +# useradd -u _993_ -g _990_ -s /sbin/nologin foreman-proxy ---- .. Ensure that the configuration files are accessible: diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index dc4f26b9dc3..e02ba021ba3 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -12,7 +12,7 @@ To configure the {FreeIPA} server to use the GSS-TSIG technology, you must insta ifndef::orcharhino[] See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. endif::[] -* You use an {FreeIPA} account that has permissions to create zones on the {FreeIPA} server. +* The {FreeIPA} account has permissions to create zones on the {FreeIPA} server. .Procedure diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 5836043a96c..af01bce61a0 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -1,7 +1,7 @@ [id="integrating-idm-dns-with-tsig-authentication"] = Integrating {FreeIPA} DNS with TSIG authentication -You can configure an {FreeIPA} server to use the secret key transaction authentication for DNS (TSIG) technology that uses a key file for authentication. +You can configure {FreeIPA} to use the secret key transaction authentication for DNS (TSIG) technology that uses a key file for authentication. The TSIG protocol is defined in https://tools.ietf.org/html/rfc2845[RFC2845]. @@ -13,7 +13,6 @@ ifndef::orcharhino[] See {RHELDocsBaseURL}9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. endif::[] * You have `root` access on the {FreeIPA} server. -* You must confirm whether {ProjectServer} or {SmartProxyServer} is configured to provide DNS service for your deployment. .Procedure diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 39d5b6b2750..6503152a239 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -82,14 +82,3 @@ The `host` record type is not supported in this scenario because it causes confl . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. - -.Verification - -. Log in to the {ProjectWebUI}. - -. Navigate to *Infrastructure* > *{SmartProxies}*. - -. Select the {SmartProxy} with the DHCP Infoblox module. - -. Verify that the *dhcp* feature is listed. - diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index facbfe3f9fe..5338dba9028 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -76,14 +76,3 @@ Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `d . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - -.Verification - -. Log in to the {ProjectWebUI}. - -. Navigate to *Infrastructure* > *{SmartProxies}*. - -. Select the {SmartProxy} with the Infoblox DNS module. - -. Verify that the *dns* feature is listed. - From bb4bd19a6dba373d9fdea76d2f94f3bdf47890bf Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 11:45:38 +0200 Subject: [PATCH 35/47] Remove all superfluous blank lines according to the projects guidelines --- .../modules/con_dns-service-providers.adoc | 6 --- ..._integrating-a-remote-isc-dhcp-server.adoc | 1 - ...iating-the-dhcp-service-with-a-subnet.adoc | 7 ---- ...-dns-service-with-a-domain-and-subnet.adoc | 12 ------ ...iating-the-tftp-service-with-a-subnet.adoc | 6 --- ..._configuring-dhcpd-to-use-with-server.adoc | 23 ------------ ...configuring-server-for-use-with-dhcpd.adoc | 18 +-------- .../proc_disabling-dhcp-for-integration.adoc | 10 ----- .../proc_disabling-dns-for-integration.adoc | 16 -------- .../proc_disabling-tftp-for-integration.adoc | 10 ----- ...ng-the-installer-managed-dhcp-service.adoc | 9 ----- ...ing-the-installer-managed-dns-service.adoc | 9 ++--- ...ng-the-installer-managed-tftp-service.adoc | 2 - ...rfc-2136-compatible-remote-dns-server.adoc | 15 +------- ...ting-a-local-self-managed-dns-service.adoc | 7 +--- ...dnsmasq-dhcp-by-using-the-libvirt-api.adoc | 6 +-- ...-dnsmasq-dns-by-using-the-libvirt-api.adoc | 6 +-- ...-idm-dns-with-gss-tsig-authentication.adoc | 37 +------------------ ...ting-idm-dns-with-tsig-authentication.adoc | 14 ------- .../proc_integrating-infoblox-dhcp.adoc | 14 +------ .../proc_integrating-infoblox-dns.adoc | 13 +------ .../modules/proc_integrating-powerdns.adoc | 7 +--- .../proc_integrating-route-53-dns.adoc | 5 +-- 23 files changed, 24 insertions(+), 229 deletions(-) diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index 8a33a1d46bd..3d3e0534f07 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -13,24 +13,18 @@ See: ** xref:integrating-a-local-self-managed-dns-service[] ** xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[] ** xref:integrating-idm-dns-with-tsig-authentication[]. - `dns_nsupdate_gss`:: Dynamic DNS updates on an link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible DNS server by using the `nsupdate` utility with Generic Security Service algorithm for Transaction Signature (GSS-TSIG) authentication. See xref:integrating-idm-dns-update-with-gss-tsig-authentication[]. - `dns_infoblox`:: Dynamic DNS updates on an Infoblox DNS server. See xref:integrating-infoblox-dns[]. - ifndef::satellite[] `dns_libvirt`:: Dynamic DNS updates on a dnsmasq DNS server by using the `libvirt` API. See xref:integrating-dnsmasq-dns-by-using-the-libvirt-api[]. - `dns_powerdns`:: Dynamic DNS updates on a PowerDNS server. See xref:integrating-powerdns[]. - `dns_route53`:: Dynamic DNS updates on an Amazon Route 53 DNS server. See xref:integratinig-route-53[]. endif::[] - ifdef::orcharhino[] `dns_dnscmd`:: Static DNS records in Microsoft Active Directory. endif::[] diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index 1a04ec4bb64..7b91187d61f 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -6,7 +6,6 @@ To configure {ProductName} with a remote ISC DHCP server, complete the following . xref:configuring-dhcpd-to-use-with-server[] . xref:configuring-server-for-use-with-dhcpd[] - include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] include::proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+1] diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index 90ed73fff9d..ad2fdfaf0a2 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -3,21 +3,14 @@ After you configured or changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. - .Prerequisites * You configured a DHCP provider. * You are logged in to the {ProjectWebUI}. - .Procedure - . Navigate to *Infrastructure* > *Subnets*. - . Select the subnet name. - . On the *Subnet* tab, set *IPAM* to *DHCP*. - . On the *{SmartProxy}* tab, set *DHCP Proxy* to your {SmartProxy}. - . Click *Submit*. diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 7ad571fdb34..fa6dab7e1bd 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -3,31 +3,19 @@ After you configured or changed the DNS provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. - .Prerequisites * You configured a DNS provider. * You are logged in to the {ProjectWebUI}. - .Procedure - . Configure the domain: - .. Navigate to *Infrastructure* > *Domains*. - .. Select the domain name. - .. On the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. - . Configure the subnet: - .. Navigate to *Infrastructure* > *Subnets*. - .. Select the subnet name. - .. On the *Domains* tab, select the domains that are valid on the subnet. - .. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. - .. Click *Submit*. diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index e475fb7dddc..8954465859f 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -3,19 +3,13 @@ After you configured or changed the TFTP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. - .Prerequisites * You configured a TFTP server. * You are logged in to the {ProjectWebUI}. - .Procedure - . Navigate to *Infrastructure* > *Subnets*. - . Select the subnet name. - . On the *{SmartProxies}* tab, select the {SmartProxy} for TFTP. - . Click *Submit*. diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 0ba1e97e1d5..8f6e8d257af 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -12,17 +12,14 @@ This procedure describes how to run a remote ISC DHCP server on {EL} 9. ==== endif::[] - .Procedure . Perform the following steps on the DHCP server: - .. Install the required packages: + [options="nowrap" subs="+quotes,attributes"] ---- # {client-package-install-el8} dhcp-server bind-utils ---- - .. Generate a security token: + [options="nowrap" subs="+quotes"] @@ -33,7 +30,6 @@ key "omapi_key" { secret "4z1jwYO0RGUTJbWDepFBdg=="; }; ---- - .. Edit the `/etc/dhcp/dhcpd.conf` file for all subnets, and add the key generated by `tsig-keygen`. The following is an example: + @@ -62,23 +58,19 @@ omapi-key _omapi_key_; ---- + Note that the `option routers` value is the IP address of your {ProjectServer} or {SmartProxyServer} that you want to use with an external DHCP service. - .. Open the DHCP port in the `firewalld` service: + [options="nowrap"] ---- # firewall-cmd --add-service dhcp ---- - .. Make the changes persistent: + [options="nowrap"] ---- # firewall-cmd --runtime-to-permanent ---- - . Perform the following steps on {ProjectServer}: - .. Determine both the UID and the primary GID of the `foreman-proxy` user: + [options="nowrap" subs="+quotes"] @@ -89,23 +81,19 @@ _993_ # id -g foreman-proxy _990_ ---- - . Perform the following steps on the DHCP server: - .. Create the `foreman-proxy` group with the same group ID as determined in a previous step: + [options="nowrap" subs="+quotes"] ---- # groupadd -g _990_ foreman-proxy ---- - .. Create the `foreman-proxy` user with the same user ID and primary group ID as determined in a previous step: + [options="nowrap" subs="+quotes"] ---- # useradd -u _993_ -g _990_ -s /sbin/nologin foreman-proxy ---- - .. Ensure that the configuration files are accessible: + [options="nowrap"] @@ -114,35 +102,30 @@ _990_ # chmod o+r /etc/dhcp/dhcpd.conf # chattr +i /etc/dhcp/ /etc/dhcp/dhcpd.conf ---- - .. Enable and start the `dhcpd` service: + [options="nowrap"] ---- # systemctl enable --now dhcpd ---- - .. Install the `nfs-server` package: + [options="nowrap" subs="+quotes,attributes"] ---- # {client-package-install-el8} {nfs-server-package} ---- - .. Enable and start the NFS server service: + [options="nowrap" subs="+quotes,attributes"] ---- # systemctl enable --now nfs-server ---- - .. Create directories for the DHCP configuration and lease files that you want to export by using NFS: + [options="nowrap"] ---- # mkdir -p /exports/var/lib/dhcpd /exports/etc/dhcp ---- - .. Edit the `/etc/fstab` file and add bind mount entries for the exported directories: + [options="nowrap"] @@ -152,14 +135,12 @@ _990_ ---- + These entries use bind mounts which mount the original directories to the ones you use for the export in NFS. - .. Activate the bind mounts from the `/etc/fstab` file: + [options="nowrap"] ---- # mount -a ---- - .. Edit the `/etc/exports` file, and export the required directories in NFS: + [options="nowrap" subs="+quotes"] @@ -170,21 +151,18 @@ These entries use bind mounts which mount the original directories to the ones y ---- + Use the IP address of the {Project} or {SmartProxy} in the export options to ensure that only these hosts have access. - .. Reload the NFS server: + [options="nowrap"] ---- # exportfs -rva ---- - .. Enable the `dhcpd` OMAPI port in `firewalld`: + [options="nowrap"] ---- # firewall-cmd --add-port=7911/tcp ---- - .. Enable the services required for NFSv3 in `firewalld`: + [options="nowrap"] @@ -195,7 +173,6 @@ Use the IP address of the {Project} or {SmartProxy} in the export options to ens --add-service rpc-bind \ --zone public ---- - .. Make the changes persistent: + [options="nowrap"] diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index b82eb4e97d1..d307da8067e 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -5,41 +5,34 @@ You can configure {ProductName} with a non-installer-managed DHCP server. Perform the steps on the {ProjectServer} or {SmartProxyServer}. - .Prerequisites * xref:configuring-dhcpd-to-use-with-server[You configured the DHCP service and shared the configuration and lease files over the network]. - .Procedure - . Install the required package: + [options="nowrap" subs="+quotes,attributes"] ---- # {project-package-install} {nfs-client-package} ---- - . Create the directories into which you later mount the NFS shares: + [options="nowrap"] ---- # mkdir -p /mnt/nfs/etc/dhcp /mnt/nfs/var/lib/dhcpd ---- - . Set the owner of the `/mnt/nfs` and sub-directories to `foreman-proxy`: + [options="nowrap"] ---- # chown -R foreman-proxy /mnt/nfs ---- - . Verify that the NFS server exports the required directories: + [options="nowrap" subs="+quotes"] ---- # showmount -e _DHCP_Server_FQDN_ ---- - . Edit the `/etc/fstab` file, and add entries for the NFS shares to mount them automatically when the system boots: + [options="nowrap" subs="+quotes"] @@ -48,7 +41,6 @@ __:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs ro,ver __:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0 ---- - . Mount the NFS shares: + [options="nowrap"] @@ -56,37 +48,31 @@ __:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs ro,ver # mount /mnt/nfs/etc/dhcp/ # mount /mnt/nfs/var/lib/dhcpd/ ---- - . Optional: Verify that the `foreman-proxy` user can access the files on the NFS server: - .. Switch to the `foreman-proxy` user: + [options="nowrap"] ---- # su foreman-proxy -s /bin/bash ---- - .. Display the `/mnt/nfs/etc/dhcp/dhcpd.conf` file: + [options="nowrap"] ---- $ cat /mnt/nfs/etc/dhcp/dhcpd.conf ---- - .. Display the `/mnt/nfs/var/lib/dhcpd/dhcpd.leases` file: + [options="nowrap"] ---- $ cat /mnt/nfs/var/lib/dhcpd/dhcpd.leases ---- - .. Log out the `foreman-proxy` user to switch back to the `root` user: + [options="nowrap"] ---- $ exit ---- - . Configure {ProjectServer} or {SmartProxyServer} to use the DHCP server: + [options="nowrap" subs="+quotes,attributes"] @@ -102,6 +88,6 @@ $ exit --foreman-proxy-plugin-dhcp-remote-isc-key-secret __ \ --foreman-proxy-plugin-dhcp-remote-isc-omapi-port 7911 ---- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 705ba61c069..50d3a417a8d 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -8,24 +8,15 @@ If you want to manually manage a DHCP service, you must prevent {Project} from m Disabling DHCP in {Project} does not remove the related backend service on the operating system. ==== - .Prerequisites - * You are logged in to the {ProjectWebUI}. - .Procedure - . Navigate to *Infrastructure* > *Subnets*. - . For each subnet that is associated with the DHCP {SmartProxy}: - .. Select the subnet. - .. On the *{SmartProxies}* tab, clear the *DHCP {SmartProxy}* field. - .. Click *Submit*. - . On {ProjectServer} and {SmartProxyServer}, enter: + [options="nowrap", subs="+quotes,attributes"] @@ -33,7 +24,6 @@ Disabling DHCP in {Project} does not remove the related backend service on the o # {foreman-installer} --foreman-proxy-dhcp false ---- - [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index 5793c77d5aa..b823e0d5f91 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -8,42 +8,26 @@ If you want to manually manage a DNS service, you must prevent {Project} from ma Disabling DNS in {Project} does not remove the related backend service on the operating system. ==== - .Prerequisites - * You are logged in to the {ProjectWebUI}. - .Procedure - . Navigate to *Infrastructure* > *Subnets*. - . For each subnet that is associated with the DNS {SmartProxy}: - .. Select the subnet. - .. On the *{SmartProxies}* tab, clear the *Reverse DNS {SmartProxy}* field. - .. Click *Submit*. - . Navigate to *Infrastructure* > *Domains*. - . For each domain that is associated with the DNS {SmartProxy}: - .. Select the domain. - .. Clear the *DNS {SmartProxy}* field. - .. Click *Submit*. - . On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] ---- # {foreman-installer} --foreman-proxy-dns false ---- - - [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index f39e7045aa8..f70cd86af8a 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -8,24 +8,15 @@ If you want to manually manage a TFTP service, you must prevent {Project} from m Disabling TFTP in {Project} does not remove the related backend service on the operating system. ==== - .Prerequisites - * You are logged in to the {ProjectWebUI}. - .Procedure - . Navigate to *Infrastructure* > *Subnets*. - . For each subnet that is associated with the TFTP {SmartProxy}: - .. Select the subnet. - .. On the *{SmartProxies}* tab, clear the *TFTP {SmartProxy}* field. - .. Click *Submit*. - . On {ProjectServer}, enter: + [options="nowrap", subs="+quotes,attributes"] @@ -33,7 +24,6 @@ Disabling TFTP in {Project} does not remove the related backend service on the o # {foreman-installer} --foreman-proxy-tftp false ---- - [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 8a4e761044a..5ddd95d0c43 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -5,17 +5,13 @@ If you do not have a DHCP server available in your network, you can use the inst Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. - .Prerequisites - * You know the following network information: ** The range of IP addresses the DHCP should manage ** The IP address of the default gateway in the subnet ** The IP addresses of the name servers for the subnet - .Procedure - . Configure {ProjectServer} or {SmartProxyServer} as DHCP server: + [options="nowrap" subs="+quotes,attributes"] @@ -28,18 +24,14 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config --foreman-proxy-dhcp-gateway 192.0.2.1 \ --foreman-proxy-dhcp-nameservers 192.0.2.2,192.0.2.3 ---- - . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. - . Optional: Secure the `dhcpd` API on the {SmartProxy} by using an Object Management Application Programming Interface (OMAPI) key: - .. Install the required package: + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- # {project-package-install} {bind-package} ---- - .. Generate an OMAPI key: + [options="nowrap", subs="+quotes,verbatim,attributes"] @@ -50,7 +42,6 @@ key "omapi_key" { secret "hJBge7QC5AaUkRVsZmFUlg=="; }; ---- - . Add the `dhcpd` API key to the {SmartProxy} configuration: + [options="nowrap", subs="+quotes,verbatim,attributes"] diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index df20ba551c5..082af1f1d42 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -1,13 +1,12 @@ [id="enabling-the-installer-managed-dns-service"] = Enabling the installer-managed DNS service -If you do not have a DNS server available in your network, you can use the installer-managed DNS service. This feature enables you to provide a DNS service with a low maintenance effort. +If you do not have a DNS server available in your network, you can use the installer-managed DNS service. +This feature enables you to provide a DNS service with a low maintenance effort. Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DNS service for the domain. - .Procedure - . Configure {Project} or {SmartProxy} as DNS server: + [options="nowrap",subs="+quotes,attributes"] @@ -18,6 +17,6 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config --foreman-proxy-dns-managed true \ --reset-foreman-proxy-dns-server .... - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 05a0eb3ceff..8682aa3e5b3 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -6,9 +6,7 @@ With the installer-managed TFTP service, you can run a TFTP server with a low ma Perform the steps on the {Project} or {SmartProxyServer} that you want to configure as TFTP service. - .Procedure - * Configure {Project} or {SmartProxy} as TFTP server: + [options="nowrap",subs="+quotes,attributes"] diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 7af40e086e2..853bacbac5f 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -4,15 +4,12 @@ You can configure {ProductName} to integrate a remote DNS server that supports dynamic updates as defined in link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]. In this case, {ProductName} uses the `nsupdate` utility to update DNS records on the remote server. - .Prerequisites * The remote DNS service is configured and can be queried. * The remote DNS service supports RFC 2136-compatible dynamic updates * The Remote Name Daemon Control (RNDC) key file to connect to the remote DNS server is placed in `/etc/foreman-proxy/rndc.key` on the {ProjectServer} or {SmartProxyServer}. - .Procedure - . Update the permissions on `/etc/foreman-proxy/rndc.key` to enable members of the `foreman-proxy` group to read this file: + [options="nowrap"] @@ -20,7 +17,6 @@ In this case, {ProductName} uses the `nsupdate` utility to update DNS records on # chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key # chmod -v 640 /etc/foreman-proxy/rndc.key ---- - ifndef::foreman-deb[] . Restore the SELinux context on `/etc/foreman-proxy/rndc.key`:: + @@ -29,9 +25,7 @@ ifndef::foreman-deb[] # restorecon -v /etc/foreman-proxy/rndc.key ---- endif::[] - . Optional: Verify if you can use the key file to manually manage DNS entries: - .. Create a test DNS entry. For example, host `_test.example.com_` with an `A` record of `192.168.25.20` on the DNS server at `192.168.25.1`. + @@ -41,7 +35,6 @@ For example, host `_test.example.com_` with an `A` record of `192.168.25.20` on update add _test.example.com_ 3600 IN A 192.168.25.20\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- - .. Verify that you can query the new DNS entry: + [options="nowrap" subs="+quotes,attributes"] @@ -60,7 +53,6 @@ Aliases: test.example.com has address 192.168.25.20 ---- - .. If resolved successfully, remove the test DNS entry: + [options="nowrap" subs="+quotes,attributes"] @@ -69,7 +61,6 @@ test.example.com has address 192.168.25.20 update delete _test.example.com_ 3600 IN A 192.168.25.20\n \ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- - .. Confirm that the DNS entry was removed: + [options="nowrap" subs="+quotes,attributes"] @@ -78,8 +69,6 @@ send\n" | nsupdate -k /etc/foreman-proxy/rndc.key ---- + If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the record was successfully deleted. - - . Configure {ProjectServer} or {SmartProxyServer} to use the DNS server: + [options="nowrap", subs="+quotes,attributes"] @@ -91,6 +80,6 @@ If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the rec --foreman-proxy-dns-server "__" \ --foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- - -. For the affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For the affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index c1eb6b05120..c7f50f2a546 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -7,14 +7,11 @@ As an alternative to the installer-managed DNS service, you can run a DNS server Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the self-managed DNS service. - .Prerequisites * You installed and configured a DNS service on the {ProjectServer} or {SmartProxyServer} host. * The DNS service supports link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible updates - .Procedure - . Set the local, self-managed DNS service in {Project} or {SmartProxy}: + [options="nowrap",subs="+quotes,attributes"] @@ -25,6 +22,6 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the sel --foreman-proxy-dns-managed false \ --foreman-proxy-dns-server "127.0.0.1" .... - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc index 49c67d600ac..e2bf5576f38 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc @@ -4,9 +4,7 @@ The `dhcp_libvirt` plugin manages IP reservations and leases using `dnsmasq` through the `libvirt` API. It uses `ruby-libvirt` to connect to the local or remote instance of the `libvirt` service. - .Procedure - . Configure {ProjectServer} or {SmartProxyServer} to connect to the `libvirt` API: + [options="nowrap", subs="+quotes,verbatim,attributes"] @@ -19,6 +17,6 @@ It uses `ruby-libvirt` to connect to the local or remote instance of the `libvir ---- + Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index 0d2232bd641..92d03e4ee50 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -4,9 +4,7 @@ The `dns_libvirt` DNS provider manages DNS records using `dnsmasq` through the `libvirt` API. It uses `ruby-libvirt` gem to connect to the local or a remote instance of the `libvirt` service. - .Procedure - . Configure {ProjectServer} or {SmartProxyServer} to connect to the `libvirt` API: + [options="nowrap", subs="+quotes,verbatim,attributes"] @@ -19,6 +17,6 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of the ` ---- + Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index e02ba021ba3..28d6364f691 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -4,9 +4,7 @@ You can configure the {FreeIPA} server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in https://tools.ietf.org/html/rfc3645[RFC3645]. To configure the {FreeIPA} server to use the GSS-TSIG technology, you must install the {FreeIPA} client on the {ProductName} base operating system. - .Prerequisites - * The {FreeIPA} server is deployed and functional. * The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] @@ -14,44 +12,34 @@ See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system endif::[] * The {FreeIPA} account has permissions to create zones on the {FreeIPA} server. - .Procedure - . Create a Kerberos principal on the {FreeIPA} server: - .. Obtain a Kerberos ticket: + [options="nowrap" subs="+quotes,attributes"] ---- # kinit _<{FreeIPA}_user>_ ---- - .. Create a new Kerberos principal {ProductName} to use to authenticate on the {FreeIPA} server: - *** For a {ProjectServer}, enter: + [options="nowrap" subs="+quotes,attributes"] ---- # ipa service-add _{smart-proxy-principal}/{foreman-example-com}_ ---- - *** For a {SmartProxyServer}, enter: + [options="nowrap" subs="+quotes,attributes"] ---- # ipa service-add _{smartproxy-example-com}_ ---- - - . Install and configure the {FreeIPA} client on either the {Project} or {SmartProxy} that is managing the DNS service for your deployment: - .. Install the `ipa-client` package: + [options="nowrap" subs="+quotes,attributes"] ---- # {project-package-install} ipa-client ---- - .. Install the {FreeIPA} client: + [options="nowrap"] @@ -60,21 +48,18 @@ endif::[] ---- + Follow the on-screen prompts. - .. Obtain a Kerberos ticket: + [options="nowrap"] ---- # kinit admin ---- - .. Remove any preexisting `keytab`: + [options="nowrap"] ---- # rm --force /etc/foreman-proxy/dns.keytab ---- - .. Obtain a `keytab` file for this system: + [options="nowrap" subs="+quotes,attributes"] @@ -87,14 +72,12 @@ Follow the on-screen prompts. ==== When adding a keytab to a standby system with the same host name as the original system in service, add the `r` option to prevent generating new credentials and rendering the credentials on the original system invalid. ==== - .. Set the owner and group of the `/etc/foreman-proxy/dns.keytab` to `foreman-proxy`: + [options="nowrap"] ---- # chown foreman-proxy:foreman-proxy /etc/foreman-proxy/dns.keytab ---- - .. Optional: Verify that the `keytab` file is valid: + [options="nowrap" subs="+quotes,attributes"] @@ -102,14 +85,10 @@ When adding a keytab to a standby system with the same host name as the original # kinit -kt /etc/foreman-proxy/dns.keytab \ {smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_ ---- - . Add a forward DNS zone in the {FreeIPA} web UI: - .. Navigate to *Network Services* > *DNS* > *DNS Zones*. - .. Select *Add*, and enter the zone name. For example, `example.com`. - .. Click *Add and Edit*. .. On the *Settings* tab, append the following to the semicolon-separated list in the *BIND update policy* field: + @@ -117,34 +96,22 @@ For example, `example.com`. ---- grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard * ANY; ---- - .. Set *Dynamic update* to *True*. - .. Enable *Allow PTR sync*. - .. Click *Save* to save the changes. - . Add a reverse DNS zone in the {FreeIPA} web UI: - .. Navigate to *Network Services* > *DNS* > *DNS Zones*. - .. Click *Add*. - .. Select *Reverse zone IP network*, and add the network address in CIDR format to enable reverse lookups. - .. Click *Add and Edit*. - .. On the *Settings* tab, append the following to the semicolon-separated list in the *BIND update policy* field: + [options="nowrap" subs="+quotes,attributes"] ---- grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard * ANY; ---- - .. Set *Dynamic update* to *True*. - .. Click *Save* to save the changes. - . Configure {ProjectServer} or {SmartProxyServer} to connect to the {FreeIPA} DNS service: + [options="nowrap" subs="+quotes,attributes"] @@ -157,6 +124,6 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard --foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab \ --foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" ---- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index af01bce61a0..9d03bac673b 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -4,9 +4,7 @@ You can configure {FreeIPA} to use the secret key transaction authentication for DNS (TSIG) technology that uses a key file for authentication. The TSIG protocol is defined in https://tools.ietf.org/html/rfc2845[RFC2845]. - .Prerequisites - * The {FreeIPA} server is deployed and functional. * The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] @@ -14,11 +12,8 @@ See {RHELDocsBaseURL}9/html/installing_identity_management/preparing-the-system- endif::[] * You have `root` access on the {FreeIPA} server. - .Procedure - . Perform the following steps on the {FreeIPA} Server: - .. Insert the following settings at the top of the `/etc/named.conf` file: + [source, none, options="nowrap" subs="+quotes,attributes"] @@ -28,33 +23,24 @@ controls { inet _<{FreeIPA}_server_ip_address>_ port 953 allow { _<{Project}_ip_address>_; } keys { "rndc-key"; }; }; ---- - .. Reload the `named` service: + [options="nowrap" subs="+quotes,attributes"] ---- # systemctl reload named ---- - . In the {FreeIPA} web UI: - .. Navigate to *Network Services* > *DNS* > *DNS Zones* - .. Click the name of the zone. - .. Open the *Settings* tab. - .. Enter in the *BIND update policy* field: + [source, none, options="nowrap"] ---- grant "rndc-key" zonesub ANY; ---- - .. Set *Dynamic update* to *True*. - .. Click *Update* to save the changes. - . Configure dynamic DNS updates in {ProjectServer} or {SmartProxyServer}. For details, see xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 6503152a239..5e355dddaca 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -3,24 +3,17 @@ Install the DHCP Infoblox provider on {ProductName}. - .Limitations * You can manage DHCP entries only in a single network and view, and you cannot edit the view after you create it. - * {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. - - .Prerequisites - * You have an Infoblox account with the roles `DHCP Admin` and `DNS Admin`. * The Infoblox roles have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. - .Procedure - . Download the certificate from the Infoblox server, and store it in the `/etc/pki/ca-trust/source/anchors/infoblox.crt` file: + [options="nowrap" subs="+quotes"] @@ -30,14 +23,12 @@ openssl x509 -text >/etc/pki/ca-trust/source/anchors/infoblox.crt ---- + The hostname must match the one for the Infoblox application in the X.509 certificate. - . Add the Infoblox certificate to the system truststore: + [options="nowrap" subs="+quotes"] ---- # update-ca-trust extract ---- - . Test the CA certificate by using it in a query to the Infoblox API: + [options="nowrap" subs="+quotes"] @@ -57,7 +48,6 @@ Example of a positive response: } ] ---- - . Configure {ProjectServer} or {SmartProxyServer} to connect to the Infoblox DHCP service: + [options="nowrap" subs="+quotes,attributes"] @@ -79,6 +69,6 @@ Example of a positive response: If you want to use the DHCP and DNS Infoblox modules together, configure the DHCP Infoblox module with the `fixedaddress` record type only. The `host` record type is not supported in this scenario because it causes conflicts and you cannot rename hosts in {Project}. ==== - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dhcp-service-with-a-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 5338dba9028..20be7a89278 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -3,23 +3,17 @@ Install the DNS Infoblox provider on {ProductName}. - .Limitations * You can manage DNS entries only in a single view, and you cannot edit the view after you create it. - * {ProductName} uses the standard HTTPS web API to communicate with Infoblox. By default, it communicates only with a single node. If you require high availability, configure this feature in Infoblox. - * You cannot integrate the {Project} IP address management (IPAM) feature into Infoblox. - .Prerequisites - * You have an Infoblox account with the roles `DHCP Admin` and `DNS Admin`. * The Infoblox roles have permissions or belong to an admin group that permits the accounts to perform tasks through the Infoblox API. - .Procedure . Download the certificate from the Infoblox server, and store it in the `/etc/pki/ca-trust/source/anchors/infoblox.crt` file: + @@ -30,14 +24,12 @@ openssl x509 -text >/etc/pki/ca-trust/source/anchors/infoblox.crt ---- + The hostname must match the one for the Infoblox application in the X.509 certificate. - . Add the Infoblox certificate to the system truststore: + [options="nowrap" subs="+quotes"] ---- # update-ca-trust extract ---- - . Test the CA certificate by using it in a query to the Infoblox API: + [options="nowrap" subs="+quotes"] @@ -57,7 +49,6 @@ Example of a positive response: } ] ---- - . Configure {ProjectServer} or {SmartProxyServer} to connect to the Infoblox DNS service: + [options="nowrap" subs="+quotes,attributes"] @@ -73,6 +64,6 @@ Example of a positive response: ---- + Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `default` view in Infoblox DNS. - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index 62b969022ec..f6ab40db5df 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -3,11 +3,8 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerdns.com/[PowerDNS] REST API. - .Procedure - . Configure {ProjectServer} or {SmartProxyServer} to connect to the PowerDNS service: - + [options="nowrap", subs="+quotes,verbatim,attributes"] ---- @@ -18,6 +15,6 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-plugin-dns-powerdns-rest-api-key __ \ --foreman-proxy-plugin-dns-powerdns-rest-url http://__:8081/api/v1/servers/localhost ---- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index 623b6cb6576..28199e1eedc 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -4,7 +4,6 @@ _Route 53_ is a DNS provider by Amazon. For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53]. - .Procedure . Configure {ProjectServer} or {SmartProxyServer} to connect to the Amazon Route 53 DNS service: + @@ -17,6 +16,6 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --foreman-proxy-plugin-dns-route53-aws-access-key __ \ --foreman-proxy-plugin-dns-route53-aws-secret-key __ ---- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From 63de05e67e0b135b44a4e08838849b67c2adc3d0 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 12:17:53 +0200 Subject: [PATCH 36/47] Peer review feedback --- guides/common/attributes-base.adoc | 1 + guides/common/attributes-satellite.adoc | 1 + .../common/modules/proc_disabling-dhcp-for-integration.adoc | 2 +- guides/common/modules/proc_disabling-dns-for-integration.adoc | 1 + .../common/modules/proc_disabling-tftp-for-integration.adoc | 2 +- ...proc_integrating-idm-dns-with-gss-tsig-authentication.adoc | 4 ++-- 6 files changed, 7 insertions(+), 4 deletions(-) diff --git a/guides/common/attributes-base.adoc b/guides/common/attributes-base.adoc index 69cf21ead2e..2e6c2a27391 100644 --- a/guides/common/attributes-base.adoc +++ b/guides/common/attributes-base.adoc @@ -80,6 +80,7 @@ :foreman-maintain: foreman-maintain :FreeIPA: FreeIPA :FreeIPA-context: {FreeIPA} +:freeipaserver-example-com: freeipa_server.example.com :hammer-smart-proxy: hammer proxy :install-on-os: {EL} :installer-log-file: /var/log/foreman-installer/foreman.log diff --git a/guides/common/attributes-satellite.adoc b/guides/common/attributes-satellite.adoc index e1bf74ca147..fb8da34e8d2 100644 --- a/guides/common/attributes-satellite.adoc +++ b/guides/common/attributes-satellite.adoc @@ -77,6 +77,7 @@ :foreman-maintain: satellite-maintain :FreeIPA: Identity{nbsp}Management :FreeIPA-context: Identity_Management +:freeipaserver-example-com: idm_server.example.com :hammer-smart-proxy: hammer capsule :installer-log-file: /var/log/foreman-installer/satellite.log :installer-scenario-smartproxy: satellite-installer --scenario capsule diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 50d3a417a8d..1a08648a3a7 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -23,7 +23,7 @@ Disabling DHCP in {Project} does not remove the related backend service on the o ---- # {foreman-installer} --foreman-proxy-dhcp false ---- - ++ [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index b823e0d5f91..1da5f32bb34 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -28,6 +28,7 @@ Disabling DNS in {Project} does not remove the related backend service on the op ---- # {foreman-installer} --foreman-proxy-dns false ---- ++ [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index f70cd86af8a..5b5a79f2b2d 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -23,7 +23,7 @@ Disabling TFTP in {Project} does not remove the related backend service on the o ---- # {foreman-installer} --foreman-proxy-tftp false ---- - ++ [NOTE] ==== {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 28d6364f691..28b357f6df5 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -65,7 +65,7 @@ Follow the on-screen prompts. [options="nowrap" subs="+quotes,attributes"] ---- # ipa-getkeytab -p {smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_ \ --s _server.example.com_ -k /etc/foreman-proxy/dns.keytab +-s _{freeipaserver-example-com}_ -k /etc/foreman-proxy/dns.keytab ---- + [NOTE] @@ -120,7 +120,7 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard --foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate_gss \ --foreman-proxy-dns-managed false \ ---foreman-proxy-dns-server "_server.example.com_" \ +--foreman-proxy-dns-server "_{freeipaserver-example-com}_" \ --foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab \ --foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" ---- From dde22140af1335315595d50ebe72941c1f3d9161 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 12:21:45 +0200 Subject: [PATCH 37/47] Remove a module that is no longer needed --- ...assembly_configuring-dhcp-integration.adoc | 6 ---- .../common/assembly_preparing-networking.adoc | 2 -- ...hcp-options-for-network-configuration.adoc | 36 ------------------- guides/doc-Installing_Proxy/master.adoc | 5 --- 4 files changed, 49 deletions(-) delete mode 100644 guides/common/modules/ref_dhcp-options-for-network-configuration.adoc diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 3f9dc819db7..4b4277bcb21 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -18,9 +18,3 @@ include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] include::modules/proc_troubleshooting-dhcp-problems.adoc[leveloffset=+1] -ifndef::satellite[] -[appendix] -include::modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+1] -endif::[] - - diff --git a/guides/common/assembly_preparing-networking.adoc b/guides/common/assembly_preparing-networking.adoc index 2c7743e2eb0..b31f53338c0 100644 --- a/guides/common/assembly_preparing-networking.adoc +++ b/guides/common/assembly_preparing-networking.adoc @@ -16,8 +16,6 @@ endif::[] include::modules/ref_multiple-subnets-or-domains-using-installer.adoc[leveloffset=+2] -include::modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+2] - include::modules/ref_dns-options-for-network-configuration.adoc[leveloffset=+2] include::modules/ref_tftp-options-for-network-configuration.adoc[leveloffset=+2] diff --git a/guides/common/modules/ref_dhcp-options-for-network-configuration.adoc b/guides/common/modules/ref_dhcp-options-for-network-configuration.adoc deleted file mode 100644 index cbd1c6bf5a3..00000000000 --- a/guides/common/modules/ref_dhcp-options-for-network-configuration.adoc +++ /dev/null @@ -1,36 +0,0 @@ -[id="DHCP_Options_For_Network_Configuration_{context}"] -= DHCP options for network configuration - ---foreman-proxy-dhcp:: - Enables the DHCP service. -You can set this option to `true` or `false`. - ---foreman-proxy-dhcp-managed:: - Enables Foreman to manage the DHCP service. -You can set this option to `true` or `false`. - ---foreman-proxy-dhcp-gateway:: - The DHCP pool gateway. -Set this to the address of the external gateway for hosts on your private network. - ---foreman-proxy-dhcp-interface:: - Sets the interface for the DHCP service to listen for requests. -Set this to `eth1`. - ---foreman-proxy-dhcp-nameservers:: - Sets the addresses of the nameservers provided to clients through DHCP. -Set this to the address for {ProjectServer} on `eth1`. - ---foreman-proxy-dhcp-range:: - A space-separated DHCP pool range for Discovered and Unmanaged services. - ---foreman-proxy-dhcp-server:: - Sets the address of the DHCP server to manage. - -ifdef::orcharhino[] ---foreman-proxy-dhcp-subnets:: - Sets the subnets of the DHCP server to manage. -Example: `--foreman-proxy-dhcp-subnets 192.168.205.0/255.255.255.128` or `--foreman-proxy-dhcp-subnets 192.168.205.128/255.255.255.128` -endif::[] - -Run `{foreman-installer} --help` to view more options related to DHCP and other {SmartProxy} services. diff --git a/guides/doc-Installing_Proxy/master.adoc b/guides/doc-Installing_Proxy/master.adoc index 32d45c559a1..400a4c0a36b 100644 --- a/guides/doc-Installing_Proxy/master.adoc +++ b/guides/doc-Installing_Proxy/master.adoc @@ -32,8 +32,3 @@ include::common/assembly_performing-additional-configuration-on-smart-proxy-serv [appendix] include::common/modules/ref_smart-proxy-server-scalability-considerations-when-managing-puppet-clients.adoc[leveloffset=+1] -ifndef::satellite[] -[appendix] -include::common/modules/ref_dhcp-options-for-network-configuration.adoc[leveloffset=+1] -endif::[] -endif::[] From c6f5a96e5a193d9d570856807fcc167dc47c8d41 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Mon, 28 Apr 2025 12:21:28 +0200 Subject: [PATCH 38/47] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Aneta Šteflová Petrová --- .../modules/proc_configuring-server-for-use-with-dhcpd.adoc | 2 +- ...proc_integrating-idm-dns-with-gss-tsig-authentication.adoc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index d307da8067e..2e027196260 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -6,7 +6,7 @@ You can configure {ProductName} with a non-installer-managed DHCP server. Perform the steps on the {ProjectServer} or {SmartProxyServer}. .Prerequisites -* xref:configuring-dhcpd-to-use-with-server[You configured the DHCP service and shared the configuration and lease files over the network]. +* You configured the DHCP service and shared the configuration and lease files over the network. For more information, see xref:configuring-dhcpd-to-use-with-server[]. .Procedure . Install the required package: diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index 28b357f6df5..a9408762e29 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -8,7 +8,7 @@ To configure the {FreeIPA} server to use the GSS-TSIG technology, you must insta * The {FreeIPA} server is deployed and functional. * The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] -See {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for {FreeIPA}] in the _{RHEL}{nbsp}9 Installing Identity Management guide_. +For more information, see {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for IdM] in _{RHEL}{nbsp}9 Installing Identity Management. endif::[] * The {FreeIPA} account has permissions to create zones on the {FreeIPA} server. @@ -18,7 +18,7 @@ endif::[] + [options="nowrap" subs="+quotes,attributes"] ---- -# kinit _<{FreeIPA}_user>_ +# kinit _My_{FreeIPA}_User_ ---- .. Create a new Kerberos principal {ProductName} to use to authenticate on the {FreeIPA} server: *** For a {ProjectServer}, enter: From aa9c85317bdf68ddc596695db43e9c8931cf043d Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 12:28:37 +0200 Subject: [PATCH 39/47] Remove <> from replaceables to follow the repo convention --- .../proc_configuring-dhcpd-to-use-with-server.adoc | 2 +- .../proc_configuring-server-for-use-with-dhcpd.adoc | 8 ++++---- .../proc_configuring-server-for-use-with-tftp.adoc | 4 ++-- .../proc_enabling-the-installer-managed-dhcp-service.adoc | 2 +- ...g-a-generic-rfc-2136-compatible-remote-dns-server.adoc | 2 +- ...proc_integrating-idm-dns-with-tsig-authentication.adoc | 2 +- guides/common/modules/proc_integrating-infoblox-dhcp.adoc | 4 ++-- guides/common/modules/proc_integrating-infoblox-dns.adoc | 6 +++--- guides/common/modules/proc_integrating-powerdns.adoc | 4 ++-- guides/common/modules/proc_integrating-route-53-dns.adoc | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 8f6e8d257af..e56756b577a 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -52,7 +52,7 @@ subnet _192.168.38.0_ netmask _255.255.255.0_ { omapi-port 7911; key _omapi_key_ { algorithm hmac-md5; - secret "__"; + secret "_key_secret_"; }; omapi-key _omapi_key_; ---- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index 2e027196260..b72944c29e6 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -37,9 +37,9 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer}. + [options="nowrap" subs="+quotes"] ---- -__:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcp_etc_t:s0" 0 0 +_dhcp_server_fqdn_:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcp_etc_t:s0" 0 0 -__:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0 +_dhcp_server_fqdn_:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0 ---- . Mount the NFS shares: + @@ -81,11 +81,11 @@ $ exit --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-provider remote_isc \ --enable-foreman-proxy-plugin-dhcp-remote-isc \ ---foreman-proxy-dhcp-server __ \ +--foreman-proxy-dhcp-server _dhcp_server_fqdn_ \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-config /mnt/nfs/etc/dhcp/dhcpd.conf \ --foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases /mnt/nfs/var/lib/dhcpd/dhcpd.leases \ --foreman-proxy-plugin-dhcp-remote-isc-key-name omapi_key \ ---foreman-proxy-plugin-dhcp-remote-isc-key-secret __ \ +--foreman-proxy-plugin-dhcp-remote-isc-key-secret _key_secret_ \ --foreman-proxy-plugin-dhcp-remote-isc-omapi-port 7911 ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 97bc2537c92..d8daa58ab67 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -21,7 +21,7 @@ After you prepared the TFTP server and shared the root directory of the TFTP ser + [options="nowrap" subs="+quotes"] ---- -__:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 +_tftp_server_fqdn_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 ---- . Mount the NFS share: @@ -39,7 +39,7 @@ __:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs --foreman-proxy-tftp true \ --foreman-proxy-managed false \ --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ ---foreman-proxy-tftp-servername __ +--foreman-proxy-tftp-servername _tftp_server_fqdn_ ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 5ddd95d0c43..de942d55e2f 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -48,6 +48,6 @@ key "omapi_key" { ---- # {foreman-installer} \ --foreman-proxy-dhcp-key-name "_omapi_key_" \ ---foreman-proxy-dhcp-key-secret "__" +--foreman-proxy-dhcp-key-secret "_key_secret_" ---- diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 853bacbac5f..7f17bfa6a2b 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -77,7 +77,7 @@ If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the rec --foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate \ --foreman-proxy-dns-managed false \ ---foreman-proxy-dns-server "__" \ +--foreman-proxy-dns-server "_dns_server_ip_address_" \ --foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- . For the affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 9d03bac673b..29c3eaac801 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -20,7 +20,7 @@ endif::[] ---- include "/etc/rndc.key"; controls { - inet _<{FreeIPA}_server_ip_address>_ port 953 allow { _<{Project}_ip_address>_; } keys { "rndc-key"; }; + inet _{FreeIPA}_server_ip_address_ port 953 allow { _{Project}_ip_address_; } keys { "rndc-key"; }; }; ---- .. Reload the `named` service: diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 5e355dddaca..81f2e299e60 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -33,7 +33,7 @@ The hostname must match the one for the Infoblox application in the X.509 certif + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:____ https://_infoblox.example.com_/wapi/v2.0/network +# curl -u admin:__password__ https://_infoblox.example.com_/wapi/v2.0/network ---- + Example of a positive response: @@ -58,7 +58,7 @@ Example of a positive response: --enable-foreman-proxy-plugin-dhcp-infoblox \ --foreman-proxy-dhcp-server _infoblox.example.com_ \ --foreman-proxy-plugin-dhcp-infoblox-username _admin_ \ ---foreman-proxy-plugin-dhcp-infoblox-password __ \ +--foreman-proxy-plugin-dhcp-infoblox-password _password_ \ --foreman-proxy-plugin-dhcp-infoblox-record-type fixedaddress \ --foreman-proxy-plugin-dhcp-infoblox-dns-view default \ --foreman-proxy-plugin-dhcp-infoblox-network-view default diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index 20be7a89278..b77b7c3e1fa 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -34,7 +34,7 @@ The hostname must match the one for the Infoblox application in the X.509 certif + [options="nowrap" subs="+quotes"] ---- -# curl -u admin:____ https://_infoblox.example.com_/wapi/v2.0/network +# curl -u admin:__password__ https://_infoblox.example.com_/wapi/v2.0/network ---- + Example of a positive response: @@ -59,8 +59,8 @@ Example of a positive response: --enable-foreman-proxy-plugin-dns-infoblox \ --foreman-proxy-plugin-dns-infoblox-dns-server _infoblox.example.com_ \ --foreman-proxy-plugin-dns-infoblox-username _admin_ \ ---foreman-proxy-plugin-dns-infoblox-password __ \ ---foreman-proxy-plugin-dns-infoblox-dns-view __ +--foreman-proxy-plugin-dns-infoblox-password _password_ \ +--foreman-proxy-plugin-dns-infoblox-dns-view _view_name_ ---- + Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `default` view in Infoblox DNS. diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index f6ab40db5df..26b4f90178f 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -12,8 +12,8 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-dns true \ --foreman-proxy-dns-provider powerdns \ --enable-foreman-proxy-plugin-dns-powerdns \ ---foreman-proxy-plugin-dns-powerdns-rest-api-key __ \ ---foreman-proxy-plugin-dns-powerdns-rest-url http://__:8081/api/v1/servers/localhost +--foreman-proxy-plugin-dns-powerdns-rest-api-key _api_key_ \ +--foreman-proxy-plugin-dns-powerdns-rest-url http://_powerdns_hostname_or_ip_address_:8081/api/v1/servers/localhost ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index 28199e1eedc..6334dbe1e49 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -13,8 +13,8 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --foreman-proxy-dns true \ --foreman-proxy-dns-provider route53 \ --enable-foreman-proxy-plugin-dns-route53 \ ---foreman-proxy-plugin-dns-route53-aws-access-key __ \ ---foreman-proxy-plugin-dns-route53-aws-secret-key __ +--foreman-proxy-plugin-dns-route53-aws-access-key _AWS_access_key_ \ +--foreman-proxy-plugin-dns-route53-aws-secret-key _AWS_secret_key_ ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-dns-service-with-a-domain-and-subnet[]. From 1f7264f4c7c692c87e2b41a96e3bf2d59b80dbd9 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Mon, 28 Apr 2025 14:09:13 +0200 Subject: [PATCH 40/47] Apply suggestions from code review Co-authored-by: Maximilian Kolb --- .../common/assembly_configuring-dhcp-integration.adoc | 1 - .../common/assembly_configuring-dns-integration.adoc | 2 ++ guides/common/attributes-base.adoc | 2 +- guides/common/attributes-satellite.adoc | 2 +- guides/common/modules/con_dhcp-service-providers.adoc | 1 - guides/common/modules/con_dns-service-providers.adoc | 1 - .../modules/con_integrating-a-generic-tftp-server.adoc | 3 +-- .../con_integrating-a-remote-isc-dhcp-server.adoc | 1 - ...roc_associating-the-dhcp-service-with-a-subnet.adoc | 3 +-- ...ating-the-dns-service-with-a-domain-and-subnet.adoc | 3 +-- ...roc_associating-the-tftp-service-with-a-subnet.adoc | 3 +-- .../proc_configuring-server-for-use-with-dhcpd.adoc | 6 +++--- .../proc_configuring-server-for-use-with-tftp.adoc | 10 ++-------- .../modules/proc_disabling-dhcp-for-integration.adoc | 3 +-- .../modules/proc_disabling-dns-for-integration.adoc | 3 +-- .../modules/proc_disabling-tftp-for-integration.adoc | 3 +-- ...oc_enabling-the-installer-managed-dhcp-service.adoc | 1 - ...roc_enabling-the-installer-managed-dns-service.adoc | 3 +-- ...oc_enabling-the-installer-managed-tftp-service.adoc | 1 - ...-generic-rfc-2136-compatible-remote-dns-server.adoc | 5 ++--- ...c_integrating-a-local-self-managed-dns-service.adoc | 5 ++--- ...egrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc | 3 +-- ...tegrating-dnsmasq-dns-by-using-the-libvirt-api.adoc | 3 +-- ...tegrating-idm-dns-with-gss-tsig-authentication.adoc | 5 ++--- ...c_integrating-idm-dns-with-tsig-authentication.adoc | 3 +-- .../common/modules/proc_integrating-infoblox-dhcp.adoc | 3 +-- .../common/modules/proc_integrating-infoblox-dns.adoc | 3 +-- guides/common/modules/proc_integrating-powerdns.adoc | 7 +++---- .../common/modules/proc_integrating-route-53-dns.adoc | 7 +++---- .../modules/proc_troubleshooting-dhcp-problems.adoc | 2 +- 30 files changed, 35 insertions(+), 63 deletions(-) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 4b4277bcb21..011e100ad04 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -17,4 +17,3 @@ include::modules/proc_associating-the-dhcp-service-with-a-subnet.adoc[leveloffse include::modules/proc_disabling-dhcp-for-integration.adoc[leveloffset=+1] include::modules/proc_troubleshooting-dhcp-problems.adoc[leveloffset=+1] - diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc index f2e3cb1a559..59a0e860fed 100644 --- a/guides/common/assembly_configuring-dns-integration.adoc +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -16,7 +16,9 @@ include::modules/proc_integrating-infoblox-dns.adoc[leveloffset=+1] ifndef::satellite[] include::modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc[leveloffset=+1] + include::modules/proc_integrating-powerdns.adoc[leveloffset=+1] + include::modules/proc_integrating-route-53-dns.adoc[leveloffset=+1] endif::[] diff --git a/guides/common/attributes-base.adoc b/guides/common/attributes-base.adoc index 2e6c2a27391..76fa09405d6 100644 --- a/guides/common/attributes-base.adoc +++ b/guides/common/attributes-base.adoc @@ -80,7 +80,7 @@ :foreman-maintain: foreman-maintain :FreeIPA: FreeIPA :FreeIPA-context: {FreeIPA} -:freeipaserver-example-com: freeipa_server.example.com +:freeipaserver-example-com: freeipa-server.example.com :hammer-smart-proxy: hammer proxy :install-on-os: {EL} :installer-log-file: /var/log/foreman-installer/foreman.log diff --git a/guides/common/attributes-satellite.adoc b/guides/common/attributes-satellite.adoc index fb8da34e8d2..3c97501fb46 100644 --- a/guides/common/attributes-satellite.adoc +++ b/guides/common/attributes-satellite.adoc @@ -77,7 +77,7 @@ :foreman-maintain: satellite-maintain :FreeIPA: Identity{nbsp}Management :FreeIPA-context: Identity_Management -:freeipaserver-example-com: idm_server.example.com +:freeipaserver-example-com: idm-server.example.com :hammer-smart-proxy: hammer capsule :installer-log-file: /var/log/foreman-installer/satellite.log :installer-scenario-smartproxy: satellite-installer --scenario capsule diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 970d2e191d4..039e7a2f6f2 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -25,4 +25,3 @@ endif::[] ifdef::orcharhino[] `dhcp_native_ms`:: Managing IP leases in Microsoft Active Directory. endif::[] - diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index 3d3e0534f07..023f1ada280 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -28,4 +28,3 @@ endif::[] ifdef::orcharhino[] `dns_dnscmd`:: Static DNS records in Microsoft Active Directory. endif::[] - diff --git a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc index 8442debae3b..f17eb217945 100644 --- a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc +++ b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc @@ -7,10 +7,9 @@ However, in this case, {Project} does not manage the files on the TFTP server. [NOTE] ==== -If you prefer a low maintenance solution that also manages files on the TFTP server, prefer the installer-managed TFTP service. +If you prefer a low maintenance solution that also manages files on the TFTP server, use the installer-managed TFTP service. ==== //== Configuring TFTP to use with {ProductName} include::proc_configuring-server-for-use-with-tftp.adoc[leveloffset=+1] - diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index 7b91187d61f..f7a9180808c 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -9,4 +9,3 @@ To configure {ProductName} with a remote ISC DHCP server, complete the following include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] include::proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+1] - diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index ad2fdfaf0a2..210c25c08c5 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -8,9 +8,8 @@ After you configured or changed the DHCP provider, you must update the configura * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, vavigate to *Infrastructure* > *Subnets*. . Select the subnet name. . On the *Subnet* tab, set *IPAM* to *DHCP*. . On the *{SmartProxy}* tab, set *DHCP Proxy* to your {SmartProxy}. . Click *Submit*. - diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index fa6dab7e1bd..80a26ca403d 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -9,7 +9,7 @@ After you configured or changed the DNS provider, you must update the configurat .Procedure . Configure the domain: -.. Navigate to *Infrastructure* > *Domains*. +.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains*. .. Select the domain name. .. On the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. . Configure the subnet: @@ -18,4 +18,3 @@ After you configured or changed the DNS provider, you must update the configurat .. On the *Domains* tab, select the domains that are valid on the subnet. .. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected. .. Click *Submit*. - diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index 8954465859f..5f5f6392459 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -8,8 +8,7 @@ After you configured or changed the TFTP provider, you must update the configura * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . Select the subnet name. . On the *{SmartProxies}* tab, select the {SmartProxy} for TFTP. . Click *Submit*. - diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc index b72944c29e6..4146a9374d8 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc @@ -6,7 +6,8 @@ You can configure {ProductName} with a non-installer-managed DHCP server. Perform the steps on the {ProjectServer} or {SmartProxyServer}. .Prerequisites -* You configured the DHCP service and shared the configuration and lease files over the network. For more information, see xref:configuring-dhcpd-to-use-with-server[]. +* You configured the DHCP service and shared the configuration and lease files over the network. +For more information, see xref:configuring-dhcpd-to-use-with-server[]. .Procedure . Install the required package: @@ -89,5 +90,4 @@ $ exit --foreman-proxy-plugin-dhcp-remote-isc-omapi-port 7911 ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dhcp-service-with-a-subnet[]. - +For more information, see xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index d8daa58ab67..76953e9435e 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -3,12 +3,10 @@ After you prepared the TFTP server and shared the root directory of the TFTP service over the network, integrate the service into {Project}. - .Prerequisites * You configured the TFTP server. * You shared the `/exports/var/lib/tftpboot` on the TFTP server with NFS. - .Procedure . Create the directory into which you later mount the NFS share: + @@ -16,21 +14,18 @@ After you prepared the TFTP server and shared the root directory of the TFTP ser ---- # mkdir -p /mnt/nfs/var/lib/tftpboot ---- - . Edit the `/etc/fstab` file, and add entry for the NFS share to mount them automatically when the system boots: + [options="nowrap" subs="+quotes"] ---- _tftp_server_fqdn_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0 ---- - . Mount the NFS share: + [options="nowrap"] ---- # mount /mnt/nfs/var/lib/tftpboot/ ---- - . Configure {ProjectServer} or {SmartProxyServer} to use the TFTP server: + [options="nowrap" subs="+quotes,attributes"] @@ -41,6 +36,5 @@ _tftp_server_fqdn_:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw --foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \ --foreman-proxy-tftp-servername _tftp_server_fqdn_ ---- - -. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. See xref:associating-the-tftp-service-with-a-subnet[]. - +. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. +For more information, see xref:associating-the-tftp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 1a08648a3a7..9b6113ac8c4 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -12,7 +12,7 @@ Disabling DHCP in {Project} does not remove the related backend service on the o * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DHCP {SmartProxy}: .. Select the subnet. .. On the *{SmartProxies}* tab, clear the *DHCP {SmartProxy}* field. @@ -29,4 +29,3 @@ Disabling DHCP in {Project} does not remove the related backend service on the o {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== - diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index 1da5f32bb34..b25d2b226d0 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -12,7 +12,7 @@ Disabling DNS in {Project} does not remove the related backend service on the op * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DNS {SmartProxy}: .. Select the subnet. .. On the *{SmartProxies}* tab, clear the *Reverse DNS {SmartProxy}* field. @@ -34,4 +34,3 @@ Disabling DNS in {Project} does not remove the related backend service on the op {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet and domain. When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== - diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index 5b5a79f2b2d..036b2d755d3 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -12,7 +12,7 @@ Disabling TFTP in {Project} does not remove the related backend service on the o * You are logged in to the {ProjectWebUI}. .Procedure -. Navigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the TFTP {SmartProxy}: .. Select the subnet. .. On the *{SmartProxies}* tab, clear the *TFTP {SmartProxy}* field. @@ -29,4 +29,3 @@ Disabling TFTP in {Project} does not remove the related backend service on the o {Project} does not perform orchestration when a {SmartProxy} is not set for a given subnet. When you disable {SmartProxy} associations, orchestration commands for existing hosts can fail if the expected records and configuration files are not present. ==== - diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index de942d55e2f..252edbc592d 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -50,4 +50,3 @@ key "omapi_key" { --foreman-proxy-dhcp-key-name "_omapi_key_" \ --foreman-proxy-dhcp-key-secret "_key_secret_" ---- - diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 082af1f1d42..4c2680de313 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -18,5 +18,4 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config --reset-foreman-proxy-dns-server .... . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 8682aa3e5b3..84319b9c636 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -15,4 +15,3 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config --foreman-proxy-tftp true \ --foreman-proxy-tftp-managed true .... - diff --git a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc index 7f17bfa6a2b..ffc96dfaee1 100644 --- a/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc +++ b/guides/common/modules/proc_integrating-a-generic-rfc-2136-compatible-remote-dns-server.adoc @@ -7,7 +7,7 @@ In this case, {ProductName} uses the `nsupdate` utility to update DNS records on .Prerequisites * The remote DNS service is configured and can be queried. * The remote DNS service supports RFC 2136-compatible dynamic updates -* The Remote Name Daemon Control (RNDC) key file to connect to the remote DNS server is placed in `/etc/foreman-proxy/rndc.key` on the {ProjectServer} or {SmartProxyServer}. +* The Remote Name Daemon Control (RNDC) key file to connect to the remote DNS server is placed in `/etc/foreman-proxy/rndc.key` on your {ProjectServer} or {SmartProxyServer}. .Procedure . Update the permissions on `/etc/foreman-proxy/rndc.key` to enable members of the `foreman-proxy` group to read this file: @@ -81,5 +81,4 @@ If the command returns `Host _test.example.com_ not found: 3(NXDOMAIN)`, the rec --foreman-proxy-keyfile /etc/foreman-proxy/rndc.key ---- . For the affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index c7f50f2a546..0b0814f0c34 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -12,7 +12,7 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the sel * The DNS service supports link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible updates .Procedure -. Set the local, self-managed DNS service in {Project} or {SmartProxy}: +. Set the local, self-managed DNS service on your {ProjectServer} or {SmartProxyServer}: + [options="nowrap",subs="+quotes,attributes"] .... @@ -23,5 +23,4 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the sel --foreman-proxy-dns-server "127.0.0.1" .... . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc index e2bf5576f38..417c7b1de8a 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dhcp-by-using-the-libvirt-api.adoc @@ -18,5 +18,4 @@ It uses `ruby-libvirt` to connect to the local or remote instance of the `libvir + Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dhcp-service-with-a-subnet[]. - +For more information, see xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc index 92d03e4ee50..876ccd02b86 100644 --- a/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc +++ b/guides/common/modules/proc_integrating-dnsmasq-dns-by-using-the-libvirt-api.adoc @@ -18,5 +18,4 @@ It uses `ruby-libvirt` gem to connect to the local or a remote instance of the ` + Note that you can only use one network and URL for both the `dns_libvirt` and `dhcp_libvirt` providers. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc index a9408762e29..066a5e14728 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-gss-tsig-authentication.adoc @@ -8,7 +8,7 @@ To configure the {FreeIPA} server to use the GSS-TSIG technology, you must insta * The {FreeIPA} server is deployed and functional. * The firewall on the {FreeIPA} server allows access to the required ports. ifndef::orcharhino[] -For more information, see {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for IdM] in _{RHEL}{nbsp}9 Installing Identity Management. +For more information, see {RHELDocsBaseURL}/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation[Port requirements for IdM] in _{RHEL}{nbsp}9 Installing Identity Management_. endif::[] * The {FreeIPA} account has permissions to create zones on the {FreeIPA} server. @@ -125,5 +125,4 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard --foreman-proxy-dns-tsig-principal "{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc index 29c3eaac801..5c5b37dba0c 100644 --- a/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc +++ b/guides/common/modules/proc_integrating-idm-dns-with-tsig-authentication.adoc @@ -42,5 +42,4 @@ grant "rndc-key" zonesub ANY; .. Set *Dynamic update* to *True*. .. Click *Update* to save the changes. . Configure dynamic DNS updates in {ProjectServer} or {SmartProxyServer}. -For details, see xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[]. - +For more information, see xref:integrating-a-generic-rfc-2136-compatible-remote-dns-server[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc index 81f2e299e60..eeba6fedbd7 100644 --- a/guides/common/modules/proc_integrating-infoblox-dhcp.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dhcp.adoc @@ -70,5 +70,4 @@ If you want to use the DHCP and DNS Infoblox modules together, configure the DHC The `host` record type is not supported in this scenario because it causes conflicts and you cannot rename hosts in {Project}. ==== . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dhcp-service-with-a-subnet[]. - +For more information, see xref:associating-the-dhcp-service-with-a-subnet[]. diff --git a/guides/common/modules/proc_integrating-infoblox-dns.adoc b/guides/common/modules/proc_integrating-infoblox-dns.adoc index b77b7c3e1fa..3666c135ee4 100644 --- a/guides/common/modules/proc_integrating-infoblox-dns.adoc +++ b/guides/common/modules/proc_integrating-infoblox-dns.adoc @@ -65,5 +65,4 @@ Example of a positive response: + Omit the `--foreman-proxy-plugin-dns-infoblox-dns-view` option if you use the `default` view in Infoblox DNS. . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-powerdns.adoc b/guides/common/modules/proc_integrating-powerdns.adoc index 26b4f90178f..ea4b9e96290 100644 --- a/guides/common/modules/proc_integrating-powerdns.adoc +++ b/guides/common/modules/proc_integrating-powerdns.adoc @@ -12,9 +12,8 @@ The _dns_powerdns_ DNS provider manages DNS records using the https://www.powerd --foreman-proxy-dns true \ --foreman-proxy-dns-provider powerdns \ --enable-foreman-proxy-plugin-dns-powerdns \ ---foreman-proxy-plugin-dns-powerdns-rest-api-key _api_key_ \ ---foreman-proxy-plugin-dns-powerdns-rest-url http://_powerdns_hostname_or_ip_address_:8081/api/v1/servers/localhost +--foreman-proxy-plugin-dns-powerdns-rest-api-key _My_API_Key_ \ +--foreman-proxy-plugin-dns-powerdns-rest-url http://_powerdns.example.com_:8081/api/v1/servers/localhost ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_integrating-route-53-dns.adoc b/guides/common/modules/proc_integrating-route-53-dns.adoc index 6334dbe1e49..69c4a4609f9 100644 --- a/guides/common/modules/proc_integrating-route-53-dns.adoc +++ b/guides/common/modules/proc_integrating-route-53-dns.adoc @@ -13,9 +13,8 @@ For more information, see https://aws.amazon.com/route53/[aws.amazon.com/route53 --foreman-proxy-dns true \ --foreman-proxy-dns-provider route53 \ --enable-foreman-proxy-plugin-dns-route53 \ ---foreman-proxy-plugin-dns-route53-aws-access-key _AWS_access_key_ \ ---foreman-proxy-plugin-dns-route53-aws-secret-key _AWS_secret_key_ +--foreman-proxy-plugin-dns-route53-aws-access-key _My_AWS_Access_Key_ \ +--foreman-proxy-plugin-dns-route53-aws-secret-key _My_AWS_Secret_Key_ ---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. -See xref:associating-the-dns-service-with-a-domain-and-subnet[]. - +For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc b/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc index 7129044cf85..436973be06c 100644 --- a/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc +++ b/guides/common/modules/proc_troubleshooting-dhcp-problems.adoc @@ -1,4 +1,4 @@ -[id="Troubleshooting_DHCP_Problems"] +[id="troubleshooting-dhcp-problems"] = Troubleshooting DHCP problems {Project} can manage an ISC DHCP server on internal or external DHCP {SmartProxy}. From ccba0248be69aae836f38b4f4e188bbfd84a616c Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 14:09:25 +0200 Subject: [PATCH 41/47] Fix broken condition --- guides/doc-Installing_Proxy/master.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/guides/doc-Installing_Proxy/master.adoc b/guides/doc-Installing_Proxy/master.adoc index 400a4c0a36b..9a58e97ad4a 100644 --- a/guides/doc-Installing_Proxy/master.adoc +++ b/guides/doc-Installing_Proxy/master.adoc @@ -31,4 +31,5 @@ include::common/assembly_performing-additional-configuration-on-smart-proxy-serv // {SmartProxyServer} Scalability Considerations [appendix] include::common/modules/ref_smart-proxy-server-scalability-considerations-when-managing-puppet-clients.adoc[leveloffset=+1] +endif::[] From 1e82020bc97c755e5f18e67fdfc88d83ae1d4c51 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Mon, 28 Apr 2025 14:25:07 +0200 Subject: [PATCH 42/47] More peer review feedback --- guides/common/assembly_configuring-dhcp-integration.adoc | 4 ++++ guides/common/assembly_configuring-dns-integration.adoc | 1 - guides/common/assembly_configuring-tftp-integration.adoc | 5 ++++- .../modules/con_integrating-a-generic-tftp-server.adoc | 4 ---- .../modules/con_integrating-a-remote-isc-dhcp-server.adoc | 4 ---- .../proc_associating-the-dhcp-service-with-a-subnet.adoc | 1 - ...associating-the-dns-service-with-a-domain-and-subnet.adoc | 1 - .../proc_associating-the-tftp-service-with-a-subnet.adoc | 1 - .../common/modules/proc_disabling-dhcp-for-integration.adoc | 3 --- .../common/modules/proc_disabling-dns-for-integration.adoc | 3 --- .../common/modules/proc_disabling-tftp-for-integration.adoc | 3 --- 11 files changed, 8 insertions(+), 22 deletions(-) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 011e100ad04..2e40e5453fe 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -6,6 +6,10 @@ include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffs include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] +include::modules/proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+2] + +include::modules/proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+2] + include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] ifndef::satellite[] diff --git a/guides/common/assembly_configuring-dns-integration.adoc b/guides/common/assembly_configuring-dns-integration.adoc index 59a0e860fed..8ace5bf09f8 100644 --- a/guides/common/assembly_configuring-dns-integration.adoc +++ b/guides/common/assembly_configuring-dns-integration.adoc @@ -25,4 +25,3 @@ endif::[] include::modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-dns-for-integration.adoc[leveloffset=+1] - diff --git a/guides/common/assembly_configuring-tftp-integration.adoc b/guides/common/assembly_configuring-tftp-integration.adoc index c587bc34fbd..768103b0358 100644 --- a/guides/common/assembly_configuring-tftp-integration.adoc +++ b/guides/common/assembly_configuring-tftp-integration.adoc @@ -4,7 +4,10 @@ include::modules/proc_enabling-the-installer-managed-tftp-service.adoc[leveloffs include::modules/con_integrating-a-generic-tftp-server.adoc[leveloffset=+1] +//== Configuring TFTP to use with {ProductName} + +include::modules/proc_configuring-server-for-use-with-tftp.adoc[leveloffset=+2] + include::modules/proc_associating-the-tftp-service-with-a-subnet.adoc[leveloffset=+1] include::modules/proc_disabling-tftp-for-integration.adoc[leveloffset=+1] - diff --git a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc index f17eb217945..af2a2bcb91c 100644 --- a/guides/common/modules/con_integrating-a-generic-tftp-server.adoc +++ b/guides/common/modules/con_integrating-a-generic-tftp-server.adoc @@ -9,7 +9,3 @@ However, in this case, {Project} does not manage the files on the TFTP server. ==== If you prefer a low maintenance solution that also manages files on the TFTP server, use the installer-managed TFTP service. ==== - -//== Configuring TFTP to use with {ProductName} - -include::proc_configuring-server-for-use-with-tftp.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index f7a9180808c..e8f43cd6a04 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -5,7 +5,3 @@ To configure {ProductName} with a remote ISC DHCP server, complete the following . xref:configuring-dhcpd-to-use-with-server[] . xref:configuring-server-for-use-with-dhcpd[] - -include::proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+1] - -include::proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+1] diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index 210c25c08c5..220a380b4a4 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -5,7 +5,6 @@ After you configured or changed the DHCP provider, you must update the configura .Prerequisites * You configured a DHCP provider. -* You are logged in to the {ProjectWebUI}. .Procedure . In the {ProjectWebUI}, vavigate to *Infrastructure* > *Subnets*. diff --git a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc index 80a26ca403d..7f970504939 100644 --- a/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dns-service-with-a-domain-and-subnet.adoc @@ -5,7 +5,6 @@ After you configured or changed the DNS provider, you must update the configurat .Prerequisites * You configured a DNS provider. -* You are logged in to the {ProjectWebUI}. .Procedure . Configure the domain: diff --git a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc index 5f5f6392459..e5979e9e723 100644 --- a/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-tftp-service-with-a-subnet.adoc @@ -5,7 +5,6 @@ After you configured or changed the TFTP provider, you must update the configura .Prerequisites * You configured a TFTP server. -* You are logged in to the {ProjectWebUI}. .Procedure . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. diff --git a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc index 9b6113ac8c4..18d264a52f3 100644 --- a/guides/common/modules/proc_disabling-dhcp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dhcp-for-integration.adoc @@ -8,9 +8,6 @@ If you want to manually manage a DHCP service, you must prevent {Project} from m Disabling DHCP in {Project} does not remove the related backend service on the operating system. ==== -.Prerequisites -* You are logged in to the {ProjectWebUI}. - .Procedure . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DHCP {SmartProxy}: diff --git a/guides/common/modules/proc_disabling-dns-for-integration.adoc b/guides/common/modules/proc_disabling-dns-for-integration.adoc index b25d2b226d0..981cd01e2df 100644 --- a/guides/common/modules/proc_disabling-dns-for-integration.adoc +++ b/guides/common/modules/proc_disabling-dns-for-integration.adoc @@ -8,9 +8,6 @@ If you want to manually manage a DNS service, you must prevent {Project} from ma Disabling DNS in {Project} does not remove the related backend service on the operating system. ==== -.Prerequisites -* You are logged in to the {ProjectWebUI}. - .Procedure . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the DNS {SmartProxy}: diff --git a/guides/common/modules/proc_disabling-tftp-for-integration.adoc b/guides/common/modules/proc_disabling-tftp-for-integration.adoc index 036b2d755d3..3a5314bdb01 100644 --- a/guides/common/modules/proc_disabling-tftp-for-integration.adoc +++ b/guides/common/modules/proc_disabling-tftp-for-integration.adoc @@ -8,9 +8,6 @@ If you want to manually manage a TFTP service, you must prevent {Project} from m Disabling TFTP in {Project} does not remove the related backend service on the operating system. ==== -.Prerequisites -* You are logged in to the {ProjectWebUI}. - .Procedure . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . For each subnet that is associated with the TFTP {SmartProxy}: From 62d847e50857c0ba1d2badb9609f2d33cc06dd8d Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Mon, 28 Apr 2025 16:59:30 +0200 Subject: [PATCH 43/47] Apply suggestions from code review Co-authored-by: Maximilian Kolb --- .../proc_associating-the-dhcp-service-with-a-subnet.adoc | 2 +- .../modules/proc_configuring-dhcpd-to-use-with-server.adoc | 1 - .../proc_enabling-the-installer-managed-dhcp-service.adoc | 3 ++- guides/doc-Installing_Proxy/master.adoc | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index 220a380b4a4..0416b85be47 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -7,7 +7,7 @@ After you configured or changed the DHCP provider, you must update the configura * You configured a DHCP provider. .Procedure -. In the {ProjectWebUI}, vavigate to *Infrastructure* > *Subnets*. +. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . Select the subnet name. . On the *Subnet* tab, set *IPAM* to *DHCP*. . On the *{SmartProxy}* tab, set *DHCP Proxy* to your {SmartProxy}. diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index e56756b577a..6eca52a699c 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -179,4 +179,3 @@ Use the IP address of the {Project} or {SmartProxy} in the export options to ens ---- # firewall-cmd --runtime-to-permanent ---- - diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 252edbc592d..06394612a5e 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -1,7 +1,8 @@ [id="enabling-the-installer-managed-dhcp-service"] = Enabling the installer-managed DHCP service -If you do not have a DHCP server available in your network, you can use the installer-managed DHCP service. This feature enables you to provide a DHCP service with a low maintenance effort. +If you do not have a DHCP server available in your network, you can use the installer-managed DHCP service. +This feature enables you to provide a DHCP service with a low maintenance effort. Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. diff --git a/guides/doc-Installing_Proxy/master.adoc b/guides/doc-Installing_Proxy/master.adoc index 9a58e97ad4a..e7a9c1c544d 100644 --- a/guides/doc-Installing_Proxy/master.adoc +++ b/guides/doc-Installing_Proxy/master.adoc @@ -32,4 +32,3 @@ include::common/assembly_performing-additional-configuration-on-smart-proxy-serv [appendix] include::common/modules/ref_smart-proxy-server-scalability-considerations-when-managing-puppet-clients.adoc[leveloffset=+1] endif::[] - From 2af2d9c7e55717453096c8955157bea29d7a36c5 Mon Sep 17 00:00:00 2001 From: mmuehlfeldRH <43061675+mmuehlfeldRH@users.noreply.github.com> Date: Tue, 29 Apr 2025 15:48:41 +0200 Subject: [PATCH 44/47] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Aneta Šteflová Petrová --- guides/common/modules/con_dhcp-service-providers.adoc | 2 +- .../modules/proc_configuring-dhcpd-to-use-with-server.adoc | 2 +- .../proc_enabling-the-installer-managed-dhcp-service.adoc | 2 +- .../proc_enabling-the-installer-managed-dns-service.adoc | 2 +- .../proc_enabling-the-installer-managed-tftp-service.adoc | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 039e7a2f6f2..29debdfa0d8 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -2,7 +2,7 @@ = DHCP service providers {Project} can manage IP leases on a DHCP server through a {SmartProxy}. -This management contains querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. +This includes querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. Note that {SmartProxy} cannot manage subnet declarations. {SmartProxy} supports the following DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one: diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc index 6eca52a699c..3b51075cd23 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc @@ -1,5 +1,5 @@ [id="configuring-dhcpd-to-use-with-server"] -= Configuring dhcpd to use with {ProductName} += Configuring dhcpd to use with {ProjectServer} To configure an external DHCP server running {EL} to use with {ProductName}, you must install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages. You must also share the DHCP configuration and lease files with {ProductName}. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc index 06394612a5e..65e582a66a1 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dhcp-service.adoc @@ -2,7 +2,7 @@ = Enabling the installer-managed DHCP service If you do not have a DHCP server available in your network, you can use the installer-managed DHCP service. -This feature enables you to provide a DHCP service with a low maintenance effort. +This feature enables you to provide a DHCP service with low maintenance overhead. Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DHCP service for the subnet. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index 4c2680de313..d370de98093 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -2,7 +2,7 @@ = Enabling the installer-managed DNS service If you do not have a DNS server available in your network, you can use the installer-managed DNS service. -This feature enables you to provide a DNS service with a low maintenance effort. +This feature enables you to provide a DNS service with low maintenance overhead. Perform the steps on the {Project} or {SmartProxyServer} that you want to configure to manage the DNS service for the domain. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 84319b9c636..1018ec309c7 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -7,7 +7,7 @@ With the installer-managed TFTP service, you can run a TFTP server with a low ma Perform the steps on the {Project} or {SmartProxyServer} that you want to configure as TFTP service. .Procedure -* Configure {Project} or {SmartProxy} as TFTP server: +* Configure {Project} or {SmartProxy} as the TFTP server: + [options="nowrap",subs="+quotes,attributes"] .... From 18facd61381554bfc1b0d8ff1e7c527d446ea247 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 29 Apr 2025 16:32:40 +0200 Subject: [PATCH 45/47] Peer review feedback --- .../common/assembly_configuring-dhcp-integration.adoc | 4 ++-- .../modules/con_configuring-dhcp-integration.adoc | 3 +++ .../modules/con_configuring-dns-integration.adoc | 3 +++ .../modules/con_configuring-tftp-integration.adoc | 2 ++ guides/common/modules/con_dhcp-service-providers.adoc | 6 +----- guides/common/modules/con_dns-service-providers.adoc | 3 --- .../con_integrating-a-remote-isc-dhcp-server.adoc | 5 +---- ...roc_associating-the-dhcp-service-with-a-subnet.adoc | 3 --- ... proc_configuring-isc-dhcp-to-use-with-server.adoc} | 7 +++---- .../proc_configuring-server-for-use-with-tftp.adoc | 1 - ...onfiguring-smartproxies-for-use-with-isc-dhcp.adoc} | 10 ++++------ ...oc_enabling-the-installer-managed-tftp-service.adoc | 2 -- ...c_integrating-a-local-self-managed-dns-service.adoc | 2 +- 13 files changed, 20 insertions(+), 31 deletions(-) rename guides/common/modules/{proc_configuring-dhcpd-to-use-with-server.adoc => proc_configuring-isc-dhcp-to-use-with-server.adoc} (95%) rename guides/common/modules/{proc_configuring-server-for-use-with-dhcpd.adoc => proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc} (91%) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 2e40e5453fe..0a0296a5548 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -6,9 +6,9 @@ include::modules/proc_enabling-the-installer-managed-dhcp-service.adoc[leveloffs include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] -include::modules/proc_configuring-dhcpd-to-use-with-server.adoc[leveloffset=+2] +include::modules/proc_configuring-isc-dhcp-to-use-with-server.adoc[leveloffset=+2] -include::modules/proc_configuring-server-for-use-with-dhcpd.adoc[leveloffset=+2] +include::modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc[leveloffset=+2] include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] diff --git a/guides/common/modules/con_configuring-dhcp-integration.adoc b/guides/common/modules/con_configuring-dhcp-integration.adoc index d890705ba82..df3ac7d8f26 100644 --- a/guides/common/modules/con_configuring-dhcp-integration.adoc +++ b/guides/common/modules/con_configuring-dhcp-integration.adoc @@ -1,2 +1,5 @@ [id="configuring-dhcp-integration"] = Configuring DHCP integration + +{Project} can manage IP leases on a DHCP server through a {SmartProxy}. +This includes querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. diff --git a/guides/common/modules/con_configuring-dns-integration.adoc b/guides/common/modules/con_configuring-dns-integration.adoc index 62245604d1c..db359179729 100644 --- a/guides/common/modules/con_configuring-dns-integration.adoc +++ b/guides/common/modules/con_configuring-dns-integration.adoc @@ -1,2 +1,5 @@ [id="configuring-dns-integration"] = Configuring DNS integration + +{Project} can manage DNS records by using {SmartProxy}. +This DNS management contains updating and removing DNS records from existing DNS zones. diff --git a/guides/common/modules/con_configuring-tftp-integration.adoc b/guides/common/modules/con_configuring-tftp-integration.adoc index d4dbf36ad89..c860987cee6 100644 --- a/guides/common/modules/con_configuring-tftp-integration.adoc +++ b/guides/common/modules/con_configuring-tftp-integration.adoc @@ -1,2 +1,4 @@ [id="configuring-tftp-integration"] = Configuring TFTP integration + +By integrating a TFTP server, you can perform unattended installations. diff --git a/guides/common/modules/con_dhcp-service-providers.adoc b/guides/common/modules/con_dhcp-service-providers.adoc index 29debdfa0d8..2f5122a0847 100644 --- a/guides/common/modules/con_dhcp-service-providers.adoc +++ b/guides/common/modules/con_dhcp-service-providers.adoc @@ -1,13 +1,9 @@ [id="dhcp-serivce-proviers"] = DHCP service providers -{Project} can manage IP leases on a DHCP server through a {SmartProxy}. -This includes querying for available IP addresses, adding new reservations, and deleting existing reservations from the lease database. -Note that {SmartProxy} cannot manage subnet declarations. - {SmartProxy} supports the following DHCP providers that you can use to integrate {Project} with your existing DHCP infrastructure or deploy a new one: -`dhcp_isc`:: Managing IP leases on an ISC dhcpd server by using the Object Management Application Programming Interface (OMAPI). +`dhcp_isc`:: Managing IP leases on an ISC DHCP server by using the Object Management Application Programming Interface (OMAPI). See xref:enabling-the-installer-managed-dhcp-service[]. `dhcp_remote_isc`:: Managing IP leases on a remote ISC dhcpd server by using OMAPI. diff --git a/guides/common/modules/con_dns-service-providers.adoc b/guides/common/modules/con_dns-service-providers.adoc index 023f1ada280..16ee03eaa23 100644 --- a/guides/common/modules/con_dns-service-providers.adoc +++ b/guides/common/modules/con_dns-service-providers.adoc @@ -1,9 +1,6 @@ [id="dns-service-providers"] = DNS service providers -{Project} can manage DNS records by using {SmartProxy}. -This DNS management contains updating and removing DNS records from existing DNS zones. - {SmartProxy} supports the following DNS providers that you can use to integrate {Project} with your existing DNS infrastructure or deploy a new one: `dns_nsupdate`:: Dynamic DNS updates on an link:https://datatracker.ietf.org/doc/html/rfc2136[RFC 2136]-compatible DNS server by using the `nsupdate` utility. diff --git a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc index e8f43cd6a04..ff7e17e86ca 100644 --- a/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc +++ b/guides/common/modules/con_integrating-a-remote-isc-dhcp-server.adoc @@ -1,7 +1,4 @@ [id="integrating-a-remote-isc-dhcp-server"] = Integrating a remote ISC DHCP server -To configure {ProductName} with a remote ISC DHCP server, complete the following procedures: - -. xref:configuring-dhcpd-to-use-with-server[] -. xref:configuring-server-for-use-with-dhcpd[] +If you already have an ISC DHCP server in your network, you can configure {ProjectServer} and {SmartProxyServer} to integrate this server to manage IP leases. diff --git a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc index 0416b85be47..c82a5d43d2e 100644 --- a/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc +++ b/guides/common/modules/proc_associating-the-dhcp-service-with-a-subnet.adoc @@ -3,9 +3,6 @@ After you configured or changed the DHCP provider, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}. -.Prerequisites -* You configured a DHCP provider. - .Procedure . In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets*. . Select the subnet name. diff --git a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc b/guides/common/modules/proc_configuring-isc-dhcp-to-use-with-server.adoc similarity index 95% rename from guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc rename to guides/common/modules/proc_configuring-isc-dhcp-to-use-with-server.adoc index 3b51075cd23..3fa986e31a6 100644 --- a/guides/common/modules/proc_configuring-dhcpd-to-use-with-server.adoc +++ b/guides/common/modules/proc_configuring-isc-dhcp-to-use-with-server.adoc @@ -1,5 +1,5 @@ -[id="configuring-dhcpd-to-use-with-server"] -= Configuring dhcpd to use with {ProjectServer} +[id="configuring-isc-dhcp-to-use-with-server"] += Configuring ISC DHCP to use with {ProjectServer} To configure an external DHCP server running {EL} to use with {ProductName}, you must install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages. You must also share the DHCP configuration and lease files with {ProductName}. @@ -70,8 +70,7 @@ Note that the `option routers` value is the IP address of your {ProjectServer} o ---- # firewall-cmd --runtime-to-permanent ---- -. Perform the following steps on {ProjectServer}: -.. Determine both the UID and the primary GID of the `foreman-proxy` user: +. On {ProjectServer}, determine both the UID and the primary GID of the `foreman-proxy` user: + [options="nowrap" subs="+quotes"] ---- diff --git a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc index 76953e9435e..98a66e47057 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc +++ b/guides/common/modules/proc_configuring-server-for-use-with-tftp.adoc @@ -4,7 +4,6 @@ After you prepared the TFTP server and shared the root directory of the TFTP service over the network, integrate the service into {Project}. .Prerequisites -* You configured the TFTP server. * You shared the `/exports/var/lib/tftpboot` on the TFTP server with NFS. .Procedure diff --git a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc b/guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc similarity index 91% rename from guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc rename to guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc index 4146a9374d8..5019c50b94d 100644 --- a/guides/common/modules/proc_configuring-server-for-use-with-dhcpd.adoc +++ b/guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc @@ -1,13 +1,11 @@ -[id="configuring-server-for-use-with-dhcpd"] -= Configuring {ProjectServer} for use with dhcpd +[id="configuring-smartproxies-for-use-with-isc-dhcp"] += Configuring {SmartProxies} for use with ISC DHCP -You can configure {ProductName} with a non-installer-managed DHCP server. - -Perform the steps on the {ProjectServer} or {SmartProxyServer}. +You can configure {ProductName} with a non-installer-managed DHCP server. Perform the steps on the {ProjectServer} or {SmartProxyServer}. .Prerequisites * You configured the DHCP service and shared the configuration and lease files over the network. -For more information, see xref:configuring-dhcpd-to-use-with-server[]. +For more information, see xref:configuring-isc-dhcp-to-use-with-server[]. .Procedure . Install the required package: diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 1018ec309c7..2eee75eb4e5 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -4,8 +4,6 @@ If you do not have a TFTP server available in your network, you can use the installer-managed TFTP service to perform unattended installations. With the installer-managed TFTP service, you can run a TFTP server with a low maintenance effort because {Project} fully manages the TFTP service, including the files on that service. -Perform the steps on the {Project} or {SmartProxyServer} that you want to configure as TFTP service. - .Procedure * Configure {Project} or {SmartProxy} as the TFTP server: + diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index 0b0814f0c34..492b2003394 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -1,5 +1,5 @@ [id="integrating-a-local-self-managed-dns-service"] -= Integrating a local, self-managed DNS service += Integrating a local self-managed DNS service The installer exposes a limited feature set for the {Project} installer-managed DNS service. For example, you can configure only a single forward DNS zone. From fe48aadf08392b951cb8bde4c87c47c2553c18b1 Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Tue, 29 Apr 2025 17:23:30 +0200 Subject: [PATCH 46/47] Renamed a title --- guides/common/assembly_configuring-dhcp-integration.adoc | 2 +- ...oc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename guides/common/modules/{proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc => proc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc} (95%) diff --git a/guides/common/assembly_configuring-dhcp-integration.adoc b/guides/common/assembly_configuring-dhcp-integration.adoc index 0a0296a5548..249e24b6534 100644 --- a/guides/common/assembly_configuring-dhcp-integration.adoc +++ b/guides/common/assembly_configuring-dhcp-integration.adoc @@ -8,7 +8,7 @@ include::modules/con_integrating-a-remote-isc-dhcp-server.adoc[leveloffset=+1] include::modules/proc_configuring-isc-dhcp-to-use-with-server.adoc[leveloffset=+2] -include::modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc[leveloffset=+2] +include::modules/proc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc[leveloffset=+2] include::modules/proc_integrating-infoblox-dhcp.adoc[leveloffset=+1] diff --git a/guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc b/guides/common/modules/proc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc similarity index 95% rename from guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc rename to guides/common/modules/proc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc index 5019c50b94d..5a007ab9882 100644 --- a/guides/common/modules/proc_configuring-smartproxies-for-use-with-isc-dhcp.adoc +++ b/guides/common/modules/proc_configuring-server-or-proxy-for-use-with-isc-dhcp.adoc @@ -1,5 +1,5 @@ -[id="configuring-smartproxies-for-use-with-isc-dhcp"] -= Configuring {SmartProxies} for use with ISC DHCP +[id="configuring-server-or-proxy-for-use-with-isc-dhcp"] += Configuring {ProjectServer} or {SmartProxyServer} for use with ISC DHCP You can configure {ProductName} with a non-installer-managed DHCP server. Perform the steps on the {ProjectServer} or {SmartProxyServer}. From 95f279e73595957a7fb585e2adff7a3134383dfb Mon Sep 17 00:00:00 2001 From: Marc Muehlfeld Date: Wed, 30 Apr 2025 10:41:31 +0200 Subject: [PATCH 47/47] Update block delmiter to comply with the conventions --- .../proc_enabling-the-installer-managed-dns-service.adoc | 4 ++-- .../proc_enabling-the-installer-managed-tftp-service.adoc | 4 ++-- .../proc_integrating-a-local-self-managed-dns-service.adoc | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc index d370de98093..79758df6de8 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-dns-service.adoc @@ -10,12 +10,12 @@ Perform the steps on the {Project} or {SmartProxyServer} that you want to config . Configure {Project} or {SmartProxy} as DNS server: + [options="nowrap",subs="+quotes,attributes"] -.... +---- # {foreman-installer} \ --foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate \ --foreman-proxy-dns-managed true \ --reset-foreman-proxy-dns-server -.... +---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[]. diff --git a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc index 2eee75eb4e5..90fd14a5a94 100644 --- a/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc +++ b/guides/common/modules/proc_enabling-the-installer-managed-tftp-service.adoc @@ -8,8 +8,8 @@ With the installer-managed TFTP service, you can run a TFTP server with a low ma * Configure {Project} or {SmartProxy} as the TFTP server: + [options="nowrap",subs="+quotes,attributes"] -.... +---- # {foreman-installer} \ --foreman-proxy-tftp true \ --foreman-proxy-tftp-managed true -.... +---- diff --git a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc index 492b2003394..13d3a4057e3 100644 --- a/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc +++ b/guides/common/modules/proc_integrating-a-local-self-managed-dns-service.adoc @@ -15,12 +15,12 @@ Perform the steps on the {ProjectServer} or {SmartProxyServer} that runs the sel . Set the local, self-managed DNS service on your {ProjectServer} or {SmartProxyServer}: + [options="nowrap",subs="+quotes,attributes"] -.... +---- # {foreman-installer} \ --foreman-proxy-dns true \ --foreman-proxy-dns-provider nsupdate \ --foreman-proxy-dns-managed false \ --foreman-proxy-dns-server "127.0.0.1" -.... +---- . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}. For more information, see xref:associating-the-dns-service-with-a-domain-and-subnet[].