Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Chapter 4. Configuring Networking
Each provisioning type requires some network configuration. Ensure that new hosts can access either your Satellite Server’s integrated Capsule or an external Capsule Server. Configuring your Satellite Server or Capsule Server has two basic requirements:
Configuration of network services on the integrated Capsule or Capsule Server. This includes:
- Content delivery services
- Network services (DHCP, DNS, and TFTP)
- Puppet configuration
- Defining network resource data in the Satellite Server to help configure network interfaces on new hosts.
This chapter focuses on configuring network services on the Satellite Server’s integrated Capsule. However, these instructions have similar applications to configuring standalone Capsule Servers managing a specific network.
For this example, ACME has a private network to provision hosts. The details for this private network are:
| Subnet | 192.168.140.0/24 | |
| External Gateway | 192.168.140.1 | |
| Satellite Server | 192.168.140.2 | |
| DHCP Allocation Pool for Discovered and Unmanaged Hosts | 192.168.140.10 - 192.168.140.110 | |
| DHCP Allocation Pool for Host Provisioning | 192.168.140.111 - 192.168.140.250 |
While it is possible to define the same DHCP range on the Satellite Server for both Discovered and Provisioned systems, it is recommended to use a separate range for each service but still within the same subnet.
4.1. Considerations for Image Based Provisioning
Post-Boot Configuration Method
Images that use the finish post-boot configuration scripts require a managed DHCP server, such as Satellite’s integrated Capsule or an external Capsule. The host must be created with a subnet associated with a DHCP Capsule, and the IP address of the host must be a valid IP address from the DHCP range. It is possible to use an external DHCP service, but IP addresses must be entered manually. The SSH credentials corresponding to the configuration in the image must be configured in Satellite to enable the post-boot configuration to be made.
The following items should be checked when troubleshooting a virtual machine booted from an image that depends on post-configuration scripts:
- The host has a subnet assigned in Satellite Server.
- The subnet has a DHCP Capsule assigned in Satellite Server.
- The host has a valid IP address assigned in Satellite Server.
- The IP address acquired by the virtual machine from DHCP matches the address configured in Satellite Server.
- The virtual machine created from an image responds to SSH requests.
- The virtual machine created from an image authorizes the user and password, via SSH, which are associated with the image being deployed.
Pre-Boot Initialization Configuration Method
Images that use the cloud-init scripts usually require a DHCP server to avoid having to include the IP address in the image. A managed DHCP Capsule is preferred. The image must have the cloud-init service configured to start when the system boots and fetch a script or configuration data to use in completing the configuration.
The following items should be checked when troubleshooting a virtual machine booted from an image that depends on initialization scripts included in the image:
- There is a DHCP server on the subnet.
- The virtual machine has the cloud-init service installed and enabled.
For information on the differing levels of support for finish and cloud-init scripts in virtual-machine images, see the Red Hat Knowledgebase Solution What are the supported compute resources for the finish and cloud-init scripts on the Red Hat Customer Portal.
4.2. Configuring Network Services
Some of our provisioning methods use Capsule Server services for various purposes. For example, a network might require the Capsule Server to act as a DHCP server. A network might also require PXE boot services as a means to install the operating system to new hosts. This requires configuring the Capsule Server to use the main PXE boot services: DHCP, DNS, and TFTP. To accomplish this, we run the satellite-installer script with the options to configure these services.
In this example, ACME aims to connect the Satellite Server’s integrated Capsule to a provisioning network to provide PXE boot services. The Satellite Server uses the following NIC configuration:
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:33:e3:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.125.35/24 brd 192.168.125.255 scope global dynamic ens3
valid_lft 3042sec preferred_lft 3042sec
inet6 fe80::5054:ff:fe33:e31c/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:fd:24:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.140.2/24 brd 192.168.140.255 scope global ens8
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fefd:24ae/64 scope link
valid_lft forever preferred_lft forever
The Satellite Server uses eth0 for external communication, such as connection to Red Hat’s CDN. ACME aims to use the eth1 interface to connect to a private provisioning network for hosts using the 192.168.140.0/24 subnet. The goal is for the Satellite Server’s integrated Capsule to act as a DHCP, DNS, and TFTP server for new hosts on this network.
The Satellite Server’s integrated Capsule provides these services. You can also configure these services on additional Satellite Capsules in other networks.
For this example, the satellite-installer script uses the following options to configure these services:
DHCP Options
- --foreman-proxy-dhcp
-
Enables the DHCP service. Set this option to
true. - --foreman-proxy-dhcp-gateway
-
Defines the DHCP pool gateway. For this example, set this to
192.168.140.1, which is the address of the external gateway for hosts on ACME’s private network. - --foreman-proxy-dhcp-interface
-
Sets the interface for the DHCP service to listen for requests. For this example, set this to
eth1. - --foreman-proxy-dhcp-nameservers
-
Sets the addresses of the nameservers provided to clients through DHCP. For this example, set this to
192.168.140.1, which is the address for the Satellite Server oneth1. - --foreman-proxy-dhcp-range
-
Defines a space-separated DHCP pool range for Discovered and Unmanaged services. For this example, set this to
192.168.140.10 192.168.140.110, which provides a pool with 100 addresses. - --foreman-proxy-dhcp-server
-
Sets the address of the DHCP server to manage. For this example, it is
192.168.140.2.
DNS Options
- --foreman-proxy-dns
-
Enables DNS service. Set this option to
true. - --foreman-proxy-dns-forwarders
-
Sets the DNS forwarders. This example sets this to
8.8.8.8; 4.4.4.4, which uses two public DNS servers. For your purposes, use your own DNS servers instead. - --foreman-proxy-dns-interface
-
Sets the interface to listen for DNS requests. For this example, set this to
eth1. - --foreman-proxy-dns-reverse
-
Defines DNS reverse zone name. This example uses
140.168.192.in-addr.arpa. - --foreman-proxy-dns-server
-
Sets the address of the DNS server to manage. For this example, it is
192.168.140.2. - --foreman-proxy-dns-zone
-
Sets the DNS zone name. This example uses
example.com.
TFTP Options
- --foreman-proxy-tftp
-
Enables TFTP service. Set this option to
true.
Run satellite-installer --scenario capsule --help to view more options related to DHCP, DNS, TFTP, and other Satellite Capsule services
The following is an example configuration command:
# satellite-installer --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-gateway "192.168.140.1" \ --foreman-proxy-dhcp-interface "eth1" \ --foreman-proxy-dhcp-nameservers "192.168.140.2" \ --foreman-proxy-dhcp-range "192.168.140.10 192.168.140.110" \ --foreman-proxy-dhcp-server "192.168.140.2" \ --foreman-proxy-dns true \ --foreman-proxy-dns-forwarders "8.8.8.8; 4.4.4.4" \ --foreman-proxy-dns-interface "eth1" \ --foreman-proxy-dns-reverse "140.168.192.in-addr.arpa" \ --foreman-proxy-dns-server "192.168.140.2" \ --foreman-proxy-dns-zone "example.com" \ --foreman-proxy-tftp true
The satellite-installer script applies these configuration options and sets up the required network services. After the configuration completes, use the hammer proxy info command to verify these services on the chosen Capsule Server. In this example, we use satellite.example.com as the domain name of the Satellite Server’s integrated Capsule:
# hammer proxy info --name "satellite.example.com"
The output shows a list of enabled features, including DNS, DHCP, and TFTP:
Features:
Pulp
TFTP
DNS
DHCP
Puppet
Puppet CA
Dynflow
SSH4.3. Adding a Domain to the Satellite Server
The Satellite Server defines domain names for each host on the network. This means the Satellite Server needs to know about the domain and the Capsule Server responsible for domain name assignment. For this example, we create the example.com domain for ACME’s internal network.
The Satellite Server might already have the relevant domain created as part of the Satellite Server installation. Switch the context to Any Organization and Any Location then check the domain list to see if it exists. If so, modify this domain entry, define the DNS capsule, set the organization, and set the location.
For Web UI Users
Navigate to Infrastructure > Domains and click New Domain. The UI provides a set of fields where you can input details for the domain:
In the Domain tab:
-
DNS Domain - The domain name. For this example:
example.com -
Description - A plain text description of the domain. For this example:
ACME's example domain. - DNS Capsule - The capsule to use for DNS assignments. For this example, use the Satellite Server’s integrated Capsule.
-
DNS Domain - The domain name. For this example:
In the Locations tab:
-
Select the locations that use this domain. For example, select the
New Yorklocation.
-
Select the locations that use this domain. For example, select the
In the Organizations tab:
-
Select the organizations that use this domain. For example, select
ACME.
-
Select the organizations that use this domain. For example, select
For CLI Users
Create the domain with the following command:
# hammer domain create --name "example.com" \ --description "ACME's example domain" --dns_id 1 \ --locations "New York" --organizations "ACME"
In this example, the --dns-id option uses 1, which is the ID of the Satellite Server’s integrated Capsule.
4.4. Adding a Subnet to the Satellite Server
The Satellite Server configures interfaces for new hosts. This is why the Satellite Server needs to know about the network that connects these interfaces. This means you must add information for each of your subnets into the Satellite Server. This includes information such as the gateway, DHCP, and DNS. For this example, we create a subnet mapping for the ‘192.168.140.0/24’ network, which the Satellite Server’s integrated Capsule manages.
For Web UI Users
Navigate to Infrastructure > Subnets and click New Subnet. The UI provides a set of fields where you can input details for the subnet:
In the Subnet tab:
-
Name - Plain text name for the subnet. For this example:
ACME's Internal Network -
Network address - The network address for the subnet. For this example:
192.168.140.0 -
Network mask - The network mask for the subnet. For this example:
255.255.255.0 -
Gateway address - The external gateway for the subnet. For this example:
192.168.140.1 -
Primary DNS server - Primary DNS for the subnet. For this example:
192.168.140.2 -
Secondary DNS server - Primary DNS for the subnet. For this example:
8.8.8.8 IPAM - The method to use for IP address management (IPAM):
- DHCP - The subnet contains a DHCP server.
- Internal DB - The subnet does not contain a DHCP server but you aim for the Satellite to manage IP address assignment and record IP addresses in its internal database.
None - No IP address management.
For this example, use
DHCPsince the Satellite Server acts as a DHCP server.
-
Start of IP range - Defines the start of the IP assignment range for provisioning services. For this example:
192.168.140.111. -
End of IP range - Defines the end of the IP assignment range for provisioning services. For this example:
192.168.140.250. - VLAN ID - Defines a VLAN ID number for the subnet to isolate broadcasts. This example does not use VLANs, so leave this field blank.
Boot mode - Defines the default boot mode for network interfaces on this network.
- Static boot mode means that network interfaces assigned to this subnet will set the IP address and network mask directly to the configuration file, avoiding using DHCP to obtain them. Note that gateway and DNS servers won’t be fetched from DHCP. Therefore, if you need to configure them, provide correct values in Gateway address and Primary DNS server fields. You can omit these only if you don’t route traffic outside your network (installation medium is local) and you use IP addresses directly without DNS resolution.
- DHCP boot mode means that network interfaces assigned to this subnet are configured via DHCP.
-
Name - Plain text name for the subnet. For this example:
In the Remote Execution tab:
- Select the capsule that controls the remote execution. In this example, it is the Satellite Server itself.
In the Domains tab:
- Select the domains that apply to this subnet.
In the Capsules tab:
- Select the capsule that applies to each service in the subnet, including DHCP, TFTP, and reverse DNS services. This example uses the Satellite Server’s integrated Capsule for each.
In the Locations tab:
-
Select the locations that use this capsule. For example, select the
New Yorklocation.
-
Select the locations that use this capsule. For example, select the
In the Organizations tab:
-
Select the organizations that use this capsule. For example, select
ACME.
-
Select the organizations that use this capsule. For example, select
Click Submit to save the subnet information.
For CLI Users
Create the subnet with the following command:
# hammer subnet create --name "ACME's Internal Network" \ --network "192.168.140.0" --mask "255.255.255.0" \ --gateway "192.168.140.1" --dns-primary "192.168.140.2" \ --dns-secondary "8.8.8.8" --ipam "DHCP" \ --from "192.168.140.111" --to "192.168.140.250" --boot-mode "DHCP" \ --domains "example.com" --dhcp-id 1 --dns-id 1 --tftp-id 1 \ --locations "New York" --organizations "ACME"
In this example, the --dhcp-id, --dns-id, and --tftp-id options use 1, which is the ID of the integrated Capsule on the Satellite Server.
4.5. Chapter Summary
In this chapter, we examined how to configure certain network services on the Satellite Server’s integrated Capsule and map the domain and subnet details of the network that the Satellite Server controls. This provides a network for our new hosts and provides the hosts with key services, such as PXE booting and network configuration.
The next chapter looks at the basic provisioning workflow, which includes how to create new hosts and host groups.
