RH403 - ch08s03

Bookmark this page

Prepare Network Configuration for Provisioning

Objectives

Describe networking requirements for different provisioning types, and configure network services to support provisioning.

Provide Network Services

To fully automate host provisioning, Satellite Server requires access to properly configured DHCP and DNS services. For PXE provisioning, Satellite also requires a TFTP service. For each of these network services, you can either install them directly on an integrated or external Capsule Server, or supply them by supported network services from existing, external servers in your organization.

Satellite supports the following external services:

ISC BIND: The original BIND DNS service from the Internet Systems Consortium.
ISC DHCP: A DHCP service from the Internet Systems Consortium, which is mounted to the capsule by using NFS.
Red Hat IdM: The DNS service of Identity Management, which is bundled with every RHEL distribution.
Infoblox: An appliance or service application for DNS and DHCP services.
TFTP: An external TFTP server directory, which is mounted to the capsule by using NFS.

For a typical virtual or bare metal host deployment, a Capsule Server reserves an IP address from the DHCP server for the new host or instance, and registers the address and host name with the DNS service. Because cloud providers integrate managed DHCP and DNS services into their infrastructure, cloud-based deployments requested by Satellite are based on an image and a network that are configured for that provider, and managed by Satellite only when the instance becomes accessible. Cloud-based deployments are covered in a later chapter.

Configure a Capsule Server with Network Services

As a Satellite administrator, you can configure a Satellite or Capsule scenario to use a set of network services and to define options of each service. These network services can be managed by Capsule Server or be provided externally.

You configure network services as managed services and to include the parameter values for the local server. When working with external services, you must configure the Capsule Server with privileged account access to use the external network services, and must allow read and update capabilities for the external service.

You can manage the network service configuration by using the satellite-installer command. You can run this command repetitively to install, enable, revert, or modify features on each Capsule Server. The following example configures and enables DNS, DHCP, and TFTP on the local Capsule Server.

[root@capsule ~]# satellite-installer --scenario capsule \
--foreman-proxy-dns true \
--foreman-proxy-dns-managed true \
--foreman-proxy-dns-interface eth0 \
--foreman-proxy-dns-zone boston.lab.example.com \
--foreman-proxy-dns-forwarders 172.25.250.254 \
--foreman-proxy-dns-reverse 250.25.172.in-addr.arpa \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-managed true \
--foreman-proxy-dhcp-interface eth0 \
--foreman-proxy-dhcp-range "172.25.250.50 172.25.250.100" \
--foreman-proxy-dhcp-gateway 172.25.250.254 \
--foreman-proxy-dhcp-nameservers 172.25.250.220 \
--foreman-proxy-tftp true \
--foreman-proxy-tftp-managed true \
--foreman-proxy-tftp servername $(hostname)

Configure a Capsule Server to Use External Services

For comparison, the following examples illustrate the syntax for configuring external services. For some external services, Capsule Server uses NFS to access the external service's configuration and data files. In this case, you must first install the service on the external server and share it by using NFS. You must then configure the Capsule Server as an NFS client.

Note

Using external services requires creating site-dependent network, service, and security configurations before configuring Capsule Server. These examples demonstrate only the satellite-installer command syntax. To configure your Satellite environment, follow the complete procedures in the Installing Capsule Server and Provisioning Guide product documentation.

The following syntax configures the capsule to use an ISC DHCP server, with the configuration and lease files that are provided locally through NFS mounts.

[root@capsule ~]# satellite-installer --scenario capsule \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-provider=remote_isc \
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-config \
/mnt/nfs/etc/dhcp/dhcpd.conf \
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases \
/mnt/nfs/var/lib/dhcpd/dhcpd.leases \
--foreman-proxy-plugin-dhcp-remote-isc-key-name omapi_key \
--foreman-proxy-plugin-dhcp-remote-isc-key-secret \
jNSE5YI3H1A8Oj/tkV4...A2ZOHb6zv315CkNAY7DMYYCj48Umw== \
--foreman-proxy-plugin-dhcp-remote-isc-omapi-port=7911 \
--enable-foreman-proxy-plugin-dhcp-remote-isc \
--foreman-proxy-dhcp-server=dhcp.lab.example.com

Similarly, the following syntax configures the capsule to use a remote TFTP server, with the configuration files that are provided locally through an NFS mount.

[root@capsule ~]# satellite-installer --scenario capsule \
--foreman-proxy-tftp=true \
--foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \
--foreman-proxy-tftp-servername=tftp.lab.example.com

For an external DNS server, Capsule Server can perform read and update tasks by using a correctly configured DNS client. In this example, you configure the Capsule Server to use the nsupdate utility to interact with an ISC DNS server. Although Capsule Server does not manage the DNS service, it still requires the correct RNDC keys to have read and update access for the DNS service records.

[root@capsule ~]# satellite-installer --scenario capsule \
--foreman-proxy-dns true \
--foreman-proxy-dns-managed=false \
--foreman-proxy-dns-provider=nsupdate \
--foreman-proxy-dns-server="172.25.250.220" \
--foreman-proxy-keyfile=/etc/rndc.key \
--foreman-proxy-dns-ttl=86400

Configure Provisioning Contexts

After you configure the Capsule network services, configure the provisioning contexts to be supported for deployments, by adding organizations and locations to the Capsule. When you configure and initiate deployments, select a provision context as a combination of a single organization and a location.

To configure provisioning contexts by using the Satellite web UI, ensure that the correct organization and location context are set for this task, and then navigate to Infrastructure → Capsules. Select the chosen Capsule Server and click Edit. Then, set the locations and organizations.

You can also use the hammer command for the same task:

[root@satellite ~]# hammer capsule update --name capsule \
--locations location1,location2,location3 \
--organizations organization1,organization2,organization3

Create Domains and Subnets

Satellite configures each deployed host to reside in a single DNS domain and a network subnet. You must preconfigure the domains and subnets in the DNS and DHCP services as defined earlier in this section. Then, you create the domain and subnet in Satellite as infrastructure resources.

Before you create infrastructure resources, set the Satellite provisioning context, so that the resources are created for the correct organization and location context. Although it is not typical to use subdomains and subnets in multiple provisioning contexts, you can do so by resetting the organization and location context before configuring the infrastructure resources.

Configure Domains

Provisioned hosts obtain their fully qualified domain name (FQDN) by combining their designated hostname with the name of the domain that they are assigned to. During provisioning, Satellite updates the DNS server to add or modify the address records for the provisioned host's FQDN.

To configure domains in the Satellite web UI, navigate to Infrastructure → Domains and click Create Domain. Enter the previously configured domain name in the DNS Domain field. Indicate the Capsule Server to manage this domain in the DNS Capsule field. Use the Locations and Organizations tabs to verify the domain's locations and organizations.

You can also use the hammer command for the same task:

[root@satellite ~]# hammer domain create --name domain.example.com \
--description "My domain description" \
--dns capsule.lab.example.com \
--locations location1,location2,location3 \
--organizations organization1,organization2,organization3

Import and Configure Subnets

Satellite Server can import the details of the subnets that were declared with the satellite-installer command when the DHCP service was installed or configured on the Capsule Server.

To import the subnet information by using the Satellite web UI, navigate to Infrastructure → Capsules. For the required Capsule Server, click the arrow on the Actions list, and select Import IPv4 subnets.

Note

If the Import IPv4 subnets entry is not available, then the Capsule does not have a properly configured DHCP service.

Enter a subnet name, for later resource recognition, and provide the IP address, in the Primary DNS Server field, for the DNS server that resolves hosts for this subnet. To specify the import source, select DHCP from the IPAM list, and then click Submit. To modify or configure previously imported subnets, navigate to Infrastructure → Subnets and select an imported subnet. On the Domains and Capsules tabs, select the domain to associate with the subnet, and the capsule to manage the subnet. Use the Locations and Organizations tabs to verify the subnet locations and organizations. The available locations and organizations are limited to those resources that are configured for the selected Capsule.

To create subnets, navigate to Infrastructure → Subnets and click Create Subnet. When creating a subnet, you can choose between the IPv4 or IPv6 protocols. However, Satellite currently does not support a dual-stack configuration (both IPv4 and IPv6 protocols) in a single infrastructure deployment.

You can also use the hammer command for the same task:

[root@satellite ~]# hammer subnet create --name subnet_name \
--locations location1,location2,location3 \
--organizations organization1,organization2,organization3 \
--domains domain.example.com \
--network 172.25.250.0 \
--mask 255.255.255.0 \
--dns-primary 172.25.250.220 \
--from 172.25.250.50 \
--to 172.25.250.100 \
--dns capsule.lab.example.com \
--dhcp capsule.lab.example.com \
--tftp capsule.lab.example.com \
--boot-mode DHCP \
--ipam DHCP

The domains and subnets are available for provisioning only in the organizations and locations that they are configured in. With the --network-type option, you can select the protocol to use: IPv4 or IPv6. The default value for this option is IPv4.

References

For more information, see the Configuring Networking chapter in the Red Hat Satellite 6.11 Provisioning Hosts guide at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/provisioning_hosts/index#Configuring_Networking_provisioning

For more information, see Red Hat Satellite 6.11 Installing Capsule Server at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_capsule_server/index

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e