Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 6. Configuring Satellite Server with external services

If you do not want to configure the DNS, DHCP, and TFTP services on Satellite Server, use this section to configure your Satellite Server to work with external DNS, DHCP, and TFTP services.

6.1. Configuring Satellite Server with external DNS
Copiar o link

You can configure Satellite Server with external DNS. Satellite Server uses the nsupdate utility to update DNS records on the remote server.

To make any changes persistent, you must enter the satellite-installer command with the options appropriate for your environment.

Prerequisites

  • You must have a configured external DNS server.
  • This guide assumes you have an existing installation.

Procedure

  1. Copy the /etc/rndc.key file from the external DNS server to Satellite Server: 

    # scp root@dns.example.com:/etc/rndc.key /etc/foreman-proxy/rndc.key
    Copy to Clipboard Toggle word wrap

  2. Configure the ownership, permissions, and SELinux context: 

    # restorecon -v /etc/foreman-proxy/rndc.key
# chown -v root:foreman-proxy /etc/foreman-proxy/rndc.key
# chmod -v 640 /etc/foreman-proxy/rndc.key
    Copy to Clipboard Toggle word wrap

  3. To test the nsupdate utility, add a host remotely: 

    # echo -e "server DNS_IP_Address\n \
update add aaa.example.com 3600 IN A Host_IP_Address\n \
send\n" | nsupdate -k /etc/foreman-proxy/rndc.key
# nslookup aaa.example.com DNS_IP_Address
# echo -e "server DNS_IP_Address\n \
update delete aaa.example.com 3600 IN A Host_IP_Address\n \
send\n" | nsupdate -k /etc/foreman-proxy/rndc.key
    Copy to Clipboard Toggle word wrap

  4. Enter the satellite-installer command to make the following persistent changes to the /etc/foreman-proxy/settings.d/dns.yml file: 

    # satellite-installer --foreman-proxy-dns=true \
--foreman-proxy-dns-managed=false \
--foreman-proxy-dns-provider=nsupdate \
--foreman-proxy-dns-server="DNS_IP_Address" \
--foreman-proxy-keyfile=/etc/foreman-proxy/rndc.key
    Copy to Clipboard Toggle word wrap
  5. In the Satellite web UI, navigate to Infrastructure > Capsules.
  6. Locate the Satellite Server and select Refresh from the list in the Actions column.
  7. Associate the DNS service with the appropriate subnets and domain.

6.2. Configuring Satellite Server with external DHCP
Copiar o link

To configure Satellite Server with external DHCP, you must complete the following procedures:

  1. Section 6.2.1, “Configuring an external DHCP server to use with Satellite Server”
  2. Section 6.2.2, “Configuring Satellite Server with an external DHCP server”

6.2.1. Configuring an external DHCP server to use with Satellite Server
Copiar o link

To configure an external DHCP server running Red Hat Enterprise Linux to use with Satellite Server, you must install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages. You must also share the DHCP configuration and lease files with Satellite Server. The example in this procedure uses the distributed Network File System (NFS) protocol to share the DHCP configuration and lease files.

Note

If you use dnsmasq as an external DHCP server, enable the dhcp-no-override setting. This is required because Satellite creates configuration files on the TFTP server under the grub2/ subdirectory. If the dhcp-no-override setting is disabled, hosts fetch the bootloader and its configuration from the root directory, which might cause an error.

Procedure

  1. On your Red Hat Enterprise Linux host, install the ISC DHCP Service and Berkeley Internet Name Domain (BIND) utilities packages: 

    # dnf install dhcp-server bind-utils
    Copy to Clipboard Toggle word wrap

  2. Generate a security token: 

    # tsig-keygen -a hmac-md5 omapi_key
    Copy to Clipboard Toggle word wrap

  3. Edit the dhcpd configuration file for all subnets and add the key generated by tsig-keygen. The following is an example: 

    # cat /etc/dhcp/dhcpd.conf
default-lease-time 604800;
max-lease-time 2592000;
log-facility local7;

subnet 192.168.38.0 netmask 255.255.255.0 {
	range 192.168.38.10 192.168.38.100;
	option routers 192.168.38.1;
	option subnet-mask 255.255.255.0;
	option domain-search "virtual.lan";
	option domain-name "virtual.lan";
	option domain-name-servers 8.8.8.8;
}

omapi-port 7911;
key omapi_key {
	algorithm hmac-md5;
	secret "My_Secret";
};
omapi-key omapi_key;
    Copy to Clipboard Toggle word wrap

    Note that the option routers value is the IP address of your Satellite Server or Capsule Server that you want to use with an external DHCP service.

  4. On Satellite Server, define each subnet. Do not set DHCP Capsule for the defined Subnet yet.

    To prevent conflicts, set up the lease and reservation ranges separately. For example, if the lease range is 192.168.38.10 to 192.168.38.100, in the Satellite web UI define the reservation range as 192.168.38.101 to 192.168.38.250.

  5. Configure the firewall for external access to the DHCP server: 

    # firewall-cmd --add-service dhcp
    Copy to Clipboard Toggle word wrap

  6. Make the changes persistent: 

    # firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap

  7. On Satellite Server, determine the UID and GID of the foreman user: 

    # id -u foreman
993
# id -g foreman
990
    Copy to Clipboard Toggle word wrap

  8. On the DHCP server, create the foreman user and group with the same IDs as determined in a previous step: 

    # groupadd -g 990 foreman
# useradd -u 993 -g 990 -s /sbin/nologin foreman
    Copy to Clipboard Toggle word wrap

  9. To ensure that the configuration files are accessible, restore the read and execute flags: 

    # chmod o+rx /etc/dhcp/
# chmod o+r /etc/dhcp/dhcpd.conf
# chattr +i /etc/dhcp/ /etc/dhcp/dhcpd.conf
    Copy to Clipboard Toggle word wrap

  10. Enable and start the DHCP service: 

    # systemctl enable --now dhcpd
    Copy to Clipboard Toggle word wrap

  11. Export the DHCP configuration and lease files using NFS: 

    # dnf install nfs-utils
# systemctl enable --now nfs-server
    Copy to Clipboard Toggle word wrap

  12. Create directories for the DHCP configuration and lease files that you want to export using NFS: 

    # mkdir -p /exports/var/lib/dhcpd /exports/etc/dhcp
    Copy to Clipboard Toggle word wrap

  13. To create mount points for the created directories, add the following line to the /etc/fstab file: 

    /var/lib/dhcpd /exports/var/lib/dhcpd none bind,auto 0 0
/etc/dhcp /exports/etc/dhcp none bind,auto 0 0
    Copy to Clipboard Toggle word wrap

  14. Mount the file systems in /etc/fstab: 

    # mount -a
    Copy to Clipboard Toggle word wrap

  15. Ensure the following lines are present in /etc/exports: 

    /exports 192.168.38.1(rw,async,no_root_squash,fsid=0,no_subtree_check)

/exports/etc/dhcp 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide)

/exports/var/lib/dhcpd 192.168.38.1(ro,async,no_root_squash,no_subtree_check,nohide)
    Copy to Clipboard Toggle word wrap

    Note that the IP address that you enter is the Satellite or Capsule IP address that you want to use with an external DHCP service.

  16. Reload the NFS server: 

    # exportfs -rva
    Copy to Clipboard Toggle word wrap

  17. Configure the firewall for DHCP omapi port 7911: 

    # firewall-cmd --add-port=7911/tcp
    Copy to Clipboard Toggle word wrap

  18. Optional: Configure the firewall for external access to NFS. Clients are configured using NFSv3. 

    # firewall-cmd \
--add-service mountd \
--add-service nfs \
--add-service rpc-bind \
--zone public
    Copy to Clipboard Toggle word wrap

  19. Make the changes persistent: 

    # firewall-cmd --runtime-to-permanent
    Copy to Clipboard Toggle word wrap

6.2.2. Configuring Satellite Server with an external DHCP server
Copiar o link

You can configure Satellite Server with an external DHCP server.

Prerequisites

Procedure

  1. Install the nfs-utils package: 

    # satellite-maintain packages install nfs-utils
    Copy to Clipboard Toggle word wrap

  2. Create the DHCP directories for NFS: 

    # mkdir -p /mnt/nfs/etc/dhcp /mnt/nfs/var/lib/dhcpd
    Copy to Clipboard Toggle word wrap

  3. Change the file owner: 

    # chown -R foreman-proxy /mnt/nfs
    Copy to Clipboard Toggle word wrap

  4. Verify communication with the NFS server and the Remote Procedure Call (RPC) communication paths: 

    # showmount -e DHCP_Server_FQDN
# rpcinfo -p DHCP_Server_FQDN
    Copy to Clipboard Toggle word wrap

  5. Add the following lines to the /etc/fstab file: 

    DHCP_Server_FQDN:/exports/etc/dhcp /mnt/nfs/etc/dhcp nfs
ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcp_etc_t:s0" 0 0

DHCP_Server_FQDN:/exports/var/lib/dhcpd /mnt/nfs/var/lib/dhcpd nfs
ro,vers=3,auto,nosharecache,context="system_u:object_r:dhcpd_state_t:s0" 0 0
    Copy to Clipboard Toggle word wrap

  6. Mount the file systems on /etc/fstab: 

    # mount -a
    Copy to Clipboard Toggle word wrap

  7. To verify that the foreman-proxy user can access the files that are shared over the network, display the DHCP configuration and lease files: 

    # su foreman-proxy -s /bin/bash
$ cat /mnt/nfs/etc/dhcp/dhcpd.conf
$ cat /mnt/nfs/var/lib/dhcpd/dhcpd.leases
$ exit
    Copy to Clipboard Toggle word wrap

  8. Enter the satellite-installer command to make the following persistent changes to the /etc/foreman-proxy/settings.d/dhcp.yml file: 

    # satellite-installer \
--enable-foreman-proxy-plugin-dhcp-remote-isc \
--foreman-proxy-dhcp-provider=remote_isc \
--foreman-proxy-dhcp-server=My_DHCP_Server_FQDN \
--foreman-proxy-dhcp=true \
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-config /mnt/nfs/etc/dhcp/dhcpd.conf \
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-leases /mnt/nfs/var/lib/dhcpd/dhcpd.leases \
--foreman-proxy-plugin-dhcp-remote-isc-key-name=omapi_key \
--foreman-proxy-plugin-dhcp-remote-isc-key-secret=My_Secret \
--foreman-proxy-plugin-dhcp-remote-isc-omapi-port=7911
    Copy to Clipboard Toggle word wrap
  9. Associate the DHCP service with the appropriate subnets and domain.

6.3. Configuring Satellite Server with external TFTP
Copiar o link

You can configure Satellite Server with external TFTP services.

Procedure

  1. Create the TFTP directory for NFS: 

    # mkdir -p /mnt/nfs/var/lib/tftpboot
    Copy to Clipboard Toggle word wrap

  2. In the /etc/fstab file, add the following line: 

    TFTP_Server_IP_Address:/exports/var/lib/tftpboot /mnt/nfs/var/lib/tftpboot nfs rw,vers=3,auto,nosharecache,context="system_u:object_r:tftpdir_rw_t:s0" 0 0
    Copy to Clipboard Toggle word wrap

  3. Mount the file systems in /etc/fstab: 

    # mount -a
    Copy to Clipboard Toggle word wrap

  4. Enter the satellite-installer command to make the following persistent changes to the /etc/foreman-proxy/settings.d/tftp.yml file: 

    # satellite-installer \
--foreman-proxy-tftp-root /mnt/nfs/var/lib/tftpboot \
--foreman-proxy-tftp=true
    Copy to Clipboard Toggle word wrap

  5. If the TFTP service is running on a different server than the DHCP service, update the tftp_servername setting with the FQDN or IP address of the server that the TFTP service is running on: 

    # satellite-installer --foreman-proxy-tftp-servername=TFTP_Server_FQDN
    Copy to Clipboard Toggle word wrap
  6. In the Satellite web UI, navigate to Infrastructure > Capsules.
  7. Locate the Satellite Server and select Refresh from the list in the Actions column.
  8. Associate the TFTP service with the appropriate subnets and domain.

6.4. Configuring Satellite Server with external IdM DNS
Copiar o link

When Satellite Server adds a DNS record for a host, it first determines which Capsule is providing DNS for that domain. It then communicates with the Capsule that is configured to provide DNS service for your deployment and adds the record. The hosts are not involved in this process. Therefore, you must install and configure the IdM client on the Satellite or Capsule that is currently configured to provide a DNS service for the domain you want to manage using the IdM server.

Satellite Server can be configured to use a Red Hat Identity Management (IdM) server to provide DNS service. For more information about Red Hat Identity Management, see the Linux Domain Identity, Authentication, and Policy Guide.

To configure Satellite Server to use a Red Hat Identity Management (IdM) server to provide DNS service, use one of the following procedures:

To revert to internal DNS service, use the following procedure:

Note

You are not required to use Satellite Server to manage DNS. When you are using the realm enrollment feature of Satellite, where provisioned hosts are enrolled automatically to IdM, the ipa-client-install script creates DNS records for the client. Configuring Satellite Server with external IdM DNS and realm enrollment are mutually exclusive. For more information about configuring realm enrollment, see Section 5.8, “External authentication for provisioned hosts”.

6.4.1. Configuring dynamic DNS update with GSS-TSIG authentication
Copiar o link

You can configure the IdM server to use the generic security service algorithm for secret key transaction (GSS-TSIG) technology defined in RFC3645. To configure the IdM server to use the GSS-TSIG technology, you must install the IdM client on the Satellite Server base operating system.

Prerequisites

  • You must ensure the IdM server is deployed and the host-based firewall is configured correctly. For more information, see Port Requirements for IdM in the Installing Identity Management Guide.
  • You must contact the IdM server administrator to ensure that you obtain an account on the IdM server with permissions to create zones on the IdM server.
  • You should create a backup of the answer file. You can use the backup to restore the answer file to its original state if it becomes corrupted. For more information, see Configuring Satellite Server.

Procedure

To configure dynamic DNS update with GSS-TSIG authentication, complete the following steps:

Creating a Kerberos principal on the IdM server

  1. Obtain a Kerberos ticket for the account obtained from the IdM administrator: 

    # kinit idm_user
    Copy to Clipboard Toggle word wrap

  2. Create a new Kerberos principal for Satellite Server to use to authenticate on the IdM server: 

    # ipa service-add capsule/satellite.example.com
    Copy to Clipboard Toggle word wrap

Installing and configuring the idM client

  1. On the base operating system of either the Satellite or Capsule that is managing the DNS service for your deployment, install the ipa-client package: 

    # satellite-maintain packages install ipa-client
    Copy to Clipboard Toggle word wrap

  2. Configure the IdM client by running the installation script and following the on-screen prompts: 

    # ipa-client-install
    Copy to Clipboard Toggle word wrap

  3. Obtain a Kerberos ticket: 

    # kinit admin
    Copy to Clipboard Toggle word wrap

  4. Remove any preexisting keytab: 

    # rm /etc/foreman-proxy/dns.keytab
    Copy to Clipboard Toggle word wrap

  5. Obtain the keytab for this system: 

    # ipa-getkeytab -p capsule/satellite.example.com@EXAMPLE.COM \
-s idm1.example.com -k /etc/foreman-proxy/dns.keytab
    Copy to Clipboard Toggle word wrap
    Note

    When adding a keytab to a standby system with the same host name as the original system in service, add the r option to prevent generating new credentials and rendering the credentials on the original system invalid.

  6. For the dns.keytab file, set the group and owner to foreman-proxy: 

    # chown foreman-proxy:foreman-proxy /etc/foreman-proxy/dns.keytab
    Copy to Clipboard Toggle word wrap

  7. Optional: To verify that the keytab file is valid, enter the following command: 

    # kinit -kt /etc/foreman-proxy/dns.keytab \
capsule/satellite.example.com@EXAMPLE.COM
    Copy to Clipboard Toggle word wrap

Configuring DNS zones in the IdM web UI

  1. Create and configure the zone that you want to manage:

    1. Navigate to Network Services > DNS > DNS Zones.
    2. Select Add and enter the zone name. For example, example.com.
    3. Click Add and Edit.

    4. Click the Settings tab and in the BIND update policy box, add the following to the semi-colon separated list: 

      grant capsule\047satellite.example.com@EXAMPLE.COM wildcard * ANY;
      Copy to Clipboard Toggle word wrap
    5. Set Dynamic update to True.
    6. Enable Allow PTR sync.
    7. Click Save to save the changes.

  2. Create and configure the reverse zone:

    1. Navigate to Network Services > DNS > DNS Zones.
    2. Click Add.
    3. Select Reverse zone IP network and add the network address in CIDR format to enable reverse lookups.
    4. Click Add and Edit.

    5. Click the Settings tab and in the BIND update policy box, add the following to the semi-colon separated list: 

      grant capsule\047satellite.example.com@EXAMPLE.COM wildcard * ANY;
      Copy to Clipboard Toggle word wrap
    6. Set Dynamic update to True.
    7. Click Save to save the changes.

Configuring the Satellite or Capsule Server that manages the DNS service for the domain

  1. Configure your Satellite Server or Capsule Server to connect to your DNS service: 

    # satellite-installer \
--foreman-proxy-dns-managed=false \
--foreman-proxy-dns-provider=nsupdate_gss \
--foreman-proxy-dns-server="idm1.example.com" \
--foreman-proxy-dns-tsig-keytab=/etc/foreman-proxy/dns.keytab \
--foreman-proxy-dns-tsig-principal="capsule/satellite.example.com@EXAMPLE.COM" \
--foreman-proxy-dns=true
    Copy to Clipboard Toggle word wrap

  2. For each affected Capsule, update the configuration of that Capsule in the Satellite web UI:

    1. In the Satellite web UI, navigate to Infrastructure > Capsules, locate the Satellite Server, and from the list in the Actions column, select Refresh.

    2. Configure the domain:

      1. In the Satellite web UI, navigate to Infrastructure > Domains and select the domain name.
      2. In the Domain tab, ensure DNS Capsule is set to the Capsule where the subnet is connected.

    3. Configure the subnet:

      1. In the Satellite web UI, navigate to Infrastructure > Subnets and select the subnet name.
      2. In the Subnet tab, set IPAM to None.
      3. In the Domains tab, select the domain that you want to manage using the IdM server.
      4. In the Capsules tab, ensure Reverse DNS Capsule is set to the Capsule where the subnet is connected.
      5. Click Submit to save the changes.

6.4.2. Configuring dynamic DNS update with TSIG authentication
Copiar o link

You can configure an IdM server to use the secret key transaction authentication for DNS (TSIG) technology that uses the rndc.key key file for authentication. The TSIG protocol is defined in RFC2845.

Prerequisites

  • You must ensure the IdM server is deployed and the host-based firewall is configured correctly. For more information, see Port Requirements in the Linux Domain Identity, Authentication, and Policy Guide.
  • You must obtain root user access on the IdM server.
  • You must confirm whether Satellite Server or Capsule Server is configured to provide DNS service for your deployment.
  • You must configure DNS, DHCP and TFTP services on the base operating system of either the Satellite or Capsule that is managing the DNS service for your deployment.
  • You must create a backup of the answer file. You can use the backup to restore the answer file to its original state if it becomes corrupted. For more information, see Configuring Satellite Server.

Procedure

To configure dynamic DNS update with TSIG authentication, complete the following steps:

Enabling external updates to the DNS zone in the IdM server

  1. On the IdM Server, add the following to the top of the /etc/named.conf file: 

    ########################################################################

include "/etc/rndc.key";
controls  {
inet _IdM_Server_IP_Address_ port 953 allow { _Satellite_IP_Address_; } keys { "rndc-key"; };
};
########################################################################
    Copy to Clipboard Toggle word wrap

  2. Reload the named service to make the changes take effect: 

    # systemctl reload named
    Copy to Clipboard Toggle word wrap

  3. In the IdM web UI, navigate to Network Services > DNS > DNS Zones and click the name of the zone. In the Settings tab, apply the following changes:

    1. Add the following in the BIND update policy box: 

      grant "rndc-key" zonesub ANY;
      Copy to Clipboard Toggle word wrap
    2. Set Dynamic update to True.
    3. Click Update to save the changes.

  4. Copy the /etc/rndc.key file from the IdM server to the base operating system of your Satellite Server. Enter the following command: 

    # scp /etc/rndc.key root@satellite.example.com:/etc/rndc.key
    Copy to Clipboard Toggle word wrap

  5. To set the correct ownership, permissions, and SELinux context for the rndc.key file, enter the following command: 

    # restorecon -v /etc/rndc.key
# chown -v root:named /etc/rndc.key
# chmod -v 640 /etc/rndc.key
    Copy to Clipboard Toggle word wrap

  6. Assign the foreman-proxy user to the named group manually. Normally, satellite-installer ensures that the foreman-proxy user belongs to the named UNIX group, however, in this scenario Satellite does not manage users and groups, therefore you need to assign the foreman-proxy user to the named group manually. 

    # usermod -a -G named foreman-proxy
    Copy to Clipboard Toggle word wrap

  7. On Satellite Server, enter the following satellite-installer command to configure Satellite to use the external DNS server: 

    # satellite-installer \
--foreman-proxy-dns-managed=false \
--foreman-proxy-dns-provider=nsupdate \
--foreman-proxy-dns-server="IdM_Server_IP_Address" \
--foreman-proxy-dns-ttl=86400 \
--foreman-proxy-dns=true \
--foreman-proxy-keyfile=/etc/rndc.key
    Copy to Clipboard Toggle word wrap

Testing external updates to the DNS zone in the IdM server

  1. Ensure that the key in the /etc/rndc.key file on Satellite Server is the same key file that is used on the IdM server: 

    key "rndc-key" {
        algorithm hmac-md5;
        secret "secret-key==";
};
    Copy to Clipboard Toggle word wrap

  2. On Satellite Server, create a test DNS entry for a host. For example, host test.example.com with an A record of 192.168.25.20 on the IdM server at 192.168.25.1. 

    # echo -e "server 192.168.25.1\n \
update add test.example.com 3600 IN A 192.168.25.20\n \
send\n" | nsupdate -k /etc/rndc.key
    Copy to Clipboard Toggle word wrap

  3. On Satellite Server, test the DNS entry: 

    # nslookup test.example.com 192.168.25.1
Server:		192.168.25.1
Address:	192.168.25.1#53

Name:	test.example.com
Address: 192.168.25.20
    Copy to Clipboard Toggle word wrap
  4. To view the entry in the IdM web UI, navigate to Network Services > DNS > DNS Zones. Click the name of the zone and search for the host by name.

  5. If resolved successfully, remove the test DNS entry: 

    # echo -e "server 192.168.25.1\n \
update delete test.example.com 3600 IN A 192.168.25.20\n \
send\n" | nsupdate -k /etc/rndc.key
    Copy to Clipboard Toggle word wrap

  6. Confirm that the DNS entry was removed: 

    # nslookup test.example.com 192.168.25.1
    Copy to Clipboard Toggle word wrap

    The above nslookup command fails and returns the SERVFAIL error message if the record was successfully deleted.

6.4.3. Reverting to internal DNS service
Copiar o link

You can revert to using Satellite Server and Capsule Server as your DNS providers. You can use a backup of the answer file that was created before configuring external DNS, or you can create a backup of the answer file. For more information about answer files, see Configuring Satellite Server.

Procedure

On the Satellite or Capsule Server that you want to configure to manage DNS service for the domain, complete the following steps:

Configuring Satellite or Capsule as a DNS server

  • If you have created a backup of the answer file before configuring external DNS, restore the answer file and then enter the satellite-installer command: 

    # satellite-installer
    Copy to Clipboard Toggle word wrap

  • If you do not have a suitable backup of the answer file, create a backup of the answer file now. To configure Satellite or Capsule as DNS server without using an answer file, enter the following satellite-installer command on Satellite or Capsule: 

    # satellite-installer \
--foreman-proxy-dns-managed=true \
--foreman-proxy-dns-provider=nsupdate \
--foreman-proxy-dns-server="127.0.0.1" \
--foreman-proxy-dns=true
    Copy to Clipboard Toggle word wrap

    For more information, see Configuring DNS, DHCP, and TFTP on Capsule Server.

After you run the satellite-installer command to make any changes to your Capsule configuration, you must update the configuration of each affected Capsule in the Satellite web UI.

Updating the configuration in the Satellite web UI

  1. In the Satellite web UI, navigate to Infrastructure > Capsules.
  2. For each Capsule that you want to update, from the Actions list, select Refresh.

  3. Configure the domain:

    1. In the Satellite web UI, navigate to Infrastructure > Domains and click the domain name that you want to configure.
    2. In the Domain tab, set DNS Capsule to the Capsule where the subnet is connected.

  4. Configure the subnet:

    1. In the Satellite web UI, navigate to Infrastructure > Subnets and select the subnet name.
    2. In the Subnet tab, set IPAM to DHCP or Internal DB.
    3. In the Domains tab, select the domain that you want to manage using Satellite or Capsule.
    4. In the Capsules tab, set Reverse DNS Capsule to the Capsule where the subnet is connected.
    5. Click Submit to save the changes.
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat