Chapter 5. Managing DHCP Using Capsule
Satellite can integrate with a DHCP service using your Capsule. A Capsule has multiple DHCP providers that you can use to integrate Satellite with your existing DHCP infrastructure or deploy a new one. You can use the DHCP module of Capsule to query for available IP addresses, add new, and delete existing reservations. Note that your Capsule cannot manage subnet declarations.
Available DHCP providers
-
dhcp_infoblox– For more information, see Using Infoblox as DHCP and DNS Providers in Provisioning Hosts. -
dhcp_isc– ISC DHCP server over OMAPI. For more information, see Configuring DNS, DHCP, and TFTP on Capsule Server in Installing Capsule Server. -
dhcp_remote_isc– ISC DHCP server over OMAPI with leases mounted through networking. For more information, see Configuring an External DHCP Server to Use with Capsule Server in Installing Capsule Server.
5.1. Securing the dhcpd API
Capsule interacts with DHCP daemon using the dhcpd API to manage DHCP. By default, the dhcpd API listens to any host without access control. You can add an omapi_key to provide basic security.
Procedure
Install the required packages:
# yum install bind-utils
Generate a key:
# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key # cat Komapi_key.+*.private | grep ^Key|cut -d ' ' -f2-
Use
satellite-installerto secure the dhcpd API:# satellite-installer \ --foreman-proxy-dhcp-key-name "My_Name" \ --foreman-proxy-dhcp-key-secret "My_Secret"
