Chapter 5. Managing DHCP by using Capsule
Satellite can integrate with a DHCP service by using your Capsule. A Capsule has multiple DHCP providers that you can use to integrate Satellite with your existing DHCP infrastructure or deploy a new one. You can use the DHCP module of Capsule to query for available IP addresses, add new, and delete existing reservations. Note that your Capsule cannot manage subnet declarations.
Available DHCP providers
-
dhcp_infoblox
– For more information, see Chapter 7, Using Infoblox as DHCP and DNS providers. -
dhcp_isc
– ISC DHCP server over OMAPI. For more information, see Section 3.6, “Configuring DNS, DHCP, and TFTP on Capsule Server”. -
dhcp_remote_isc
– ISC DHCP server over OMAPI with leases mounted through networking. For more information, see Section 4.2, “Configuring Capsule Server with external DHCP”.
5.1. Securing the dhcpd API
Capsule interacts with DHCP daemon using the dhcpd API to manage DHCP. By default, the dhcpd API listens to any host without access control. You can add an omapi_key
to provide basic security.
Procedure
On your Capsule, install the required packages:
# satellite-maintain packages install bind-utils
Generate a key:
# dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key # cat Komapi_key.+*.private | grep ^Key|cut -d ' ' -f2-
Use
satellite-installer
to secure the dhcpd API:# satellite-installer \ --foreman-proxy-dhcp-key-name "My_Name" \ --foreman-proxy-dhcp-key-secret "My_Secret"