Red Hat Summit4.2. Configuring Capsule Server with External DHCP
To configure Capsule Server with external DHCP, you must complete the following procedures:
4.2.1. Configuring an External DHCP Server to Use with Capsule Server
To configure an external DHCP server to use with Capsule Server, on a Red Hat Enterprise Linux server, you must install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) packages. You must also share the DHCP configuration and lease files with Capsule Server. The example in this procedure uses the distributed Network File System (NFS) protocol to share the DHCP configuration and lease files.
If you use dnsmasq as an external DHCP server, enable the dhcp-no-override setting. This is required because Satellite creates configuration files on the TFTP server under the grub2/ subdirectory. If the dhcp-no-override setting is disabled, clients fetch the bootloader and its configuration from the root directory, which might cause an error.
Procedure
On a Red Hat Enterprise Linux Server server, install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) packages:
yum install dhcp bind
# yum install dhcp bindCopy to Clipboard Copied! Toggle word wrap Toggle overflow Generate a security token:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key
# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow As a result, a key pair that consists of two files is created in the current directory.
Copy the secret hash from the key:
cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2
# cat Komapi_key.+*.private |grep ^Key|cut -d ' ' -f2Copy to Clipboard Copied! Toggle word wrap Toggle overflow Edit the
dhcpdconfiguration file for all of the subnets and add the key. The following is an example:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that the
option routersvalue is the Satellite or Capsule IP address that you want to use with an external DHCP service.- Delete the two key files from the directory that they were created in.
On Satellite Server, define each subnet. Do not set DHCP Capsule for the defined Subnet yet.
To prevent conflicts, set up the lease and reservation ranges separately. For example, if the lease range is 192.168.38.10 to 192.168.38.100, in the Satellite web UI define the reservation range as 192.168.38.101 to 192.168.38.250.
Configure the firewall for external access to the DHCP server:
firewall-cmd --add-service dhcp \ && firewall-cmd --runtime-to-permanent
# firewall-cmd --add-service dhcp \ && firewall-cmd --runtime-to-permanentCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Satellite Server, determine the UID and GID of the
foremanuser:id -u foreman id -g foreman
# id -u foreman 993 # id -g foreman 990Copy to Clipboard Copied! Toggle word wrap Toggle overflow On the DHCP server, create the
foremanuser and group with the same IDs as determined in a previous step:groupadd -g 990 foreman useradd -u 993 -g 990 -s /sbin/nologin foreman
# groupadd -g 990 foreman # useradd -u 993 -g 990 -s /sbin/nologin foremanCopy to Clipboard Copied! Toggle word wrap Toggle overflow To ensure that the configuration files are accessible, restore the read and execute flags:
chmod o+rx /etc/dhcp/ chmod o+r /etc/dhcp/dhcpd.conf chattr +i /etc/dhcp/ /etc/dhcp/dhcpd.conf
# chmod o+rx /etc/dhcp/ # chmod o+r /etc/dhcp/dhcpd.conf # chattr +i /etc/dhcp/ /etc/dhcp/dhcpd.confCopy to Clipboard Copied! Toggle word wrap Toggle overflow Start the DHCP service:
systemctl start dhcpd
# systemctl start dhcpdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Export the DHCP configuration and lease files using NFS:
yum install nfs-utils systemctl enable rpcbind nfs-server systemctl start rpcbind nfs-server nfs-lock nfs-idmapd
# yum install nfs-utils # systemctl enable rpcbind nfs-server # systemctl start rpcbind nfs-server nfs-lock nfs-idmapdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create directories for the DHCP configuration and lease files that you want to export using NFS:
mkdir -p /exports/var/lib/dhcpd /exports/etc/dhcp
# mkdir -p /exports/var/lib/dhcpd /exports/etc/dhcpCopy to Clipboard Copied! Toggle word wrap Toggle overflow To create mount points for the created directories, add the following line to the
/etc/fstabfile:/var/lib/dhcpd /exports/var/lib/dhcpd none bind,auto 0 0 /etc/dhcp /exports/etc/dhcp none bind,auto 0 0
/var/lib/dhcpd /exports/var/lib/dhcpd none bind,auto 0 0 /etc/dhcp /exports/etc/dhcp none bind,auto 0 0Copy to Clipboard Copied! Toggle word wrap Toggle overflow Mount the file systems in
/etc/fstab:mount -a
# mount -aCopy to Clipboard Copied! Toggle word wrap Toggle overflow Ensure the following lines are present in
/etc/exports:/exports 192.168.38.1(rw,async,no_root_squash,fsid=0,no_subtree_check) /exports/etc/dhcp 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide) /exports/var/lib/dhcpd 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide)
/exports 192.168.38.1(rw,async,no_root_squash,fsid=0,no_subtree_check) /exports/etc/dhcp 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide) /exports/var/lib/dhcpd 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that the IP address that you enter is the Satellite or Capsule IP address that you want to use with an external DHCP service.
Reload the NFS server:
exportfs -rva
# exportfs -rvaCopy to Clipboard Copied! Toggle word wrap Toggle overflow Configure the firewall for the DHCP omapi port 7911:
firewall-cmd --add-port="7911/tcp" \ && firewall-cmd --runtime-to-permanent
# firewall-cmd --add-port="7911/tcp" \ && firewall-cmd --runtime-to-permanentCopy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: Configure the firewall for external access to NFS. Clients are configured using NFSv3.
firewall-cmd --zone public --add-service mountd \ && firewall-cmd --zone public --add-service rpc-bind \ && firewall-cmd --zone public --add-service nfs \ && firewall-cmd --runtime-to-permanent
# firewall-cmd --zone public --add-service mountd \ && firewall-cmd --zone public --add-service rpc-bind \ && firewall-cmd --zone public --add-service nfs \ && firewall-cmd --runtime-to-permanentCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}