此内容没有您所选择的语言版本。
Chapter 4. Configuring Networking
Each provisioning type requires some network configuration. Use this chapter to configure network services in Satellite Server’s integrated Capsule.
New hosts must have access to your Capsule Server. Capsule Server can be either Satellite Server’s integrated Capsule or an external Capsule Server. You might want to provision hosts from an external Capsule Server when the hosts are on isolated networks and cannot connect to the Satellite Server directly, or when the content is synchronized with the Capsule Server. Provisioning using the external Capsule Server can save on network bandwidth.
Configuring the Capsule Server has two basic requirements:
Configuring network services. This includes:
- Content delivery services
- Network services (DHCP, DNS, and TFTP)
- Puppet configuration
- Defining network resource data in Satellite Server to help configure network interfaces on new hosts.
Network Resources
Satellite contains networking resources that you must set up and configure to create a host. Satellite includes the following networking resources:
- Domain
-
You must assign every host that you want to manage with Satellite to a domain. Using the domain, Satellite can manage A, AAAA and PTR records. If there is no record integration, you still must create and associate at least one domain. Domains are included in the naming conventions Satellite hosts, for example, a host
test123
in theexample.com
domain has the host nametest123.example.com
. - Subnet
You must assign every host managed by Satellite to a subnet. Using subnets, Satellite can then manage IPv4 reservations. If there are no reservation integrations, you still must create and associate at least one subnet. You can manage IP addresses with one of the following options:
- Manual: when the IPAM is set to None
- DHCP: the managed DHCP server requests a free IP from its pool
- Database: a serial or random IP address book that is kept in the Satellite database
The following instructions have similar applications to configuring standalone Capsule Servers managing a specific network. To configure Satellite to use external DHCP, DNS, and TFTP services, see Configuring External Services in Installing Satellite Server from a Connected Network.
DHCP Ranges
You can define the same DHCP range in Satellite Server for both discovered and provisioned systems, but use a separate range for each service within the same subnet.
4.1. Satellite and DHCP Options
Satellite manages DHCP reservations through a DHCP Capsule. Satellite also sets the next-server
and filename
DHCP options.
The next-server option
The next-server
option provides the IP address of the TFTP server to boot from. This option is not set by default and must be set for each TFTP Capsule. You can use the satellite-installer
command with the --foreman-proxy-tftp-servername
option to set the TFTP server in the /etc/foreman-proxy/settings.d/tftp.yml
file:
# satellite-installer --foreman-proxy-tftp-servername 1.2.3.4
Each TFTP Capsule then reports this setting through the API and Satellite can retrieve the configuration information when it creates the DHCP record.
When the PXE loader is set to none
, Satellite does not populate the next-server
option into the DHCP record.
If the next-server
option remains undefined, Satellite uses reverse DNS search to find a TFTP server address to assign, but you might encounter the following problems:
- DNS timeouts during provisioning
- Querying of incorrect DNS server. For example, authoritative rather than caching
-
Errors about incorrect IP address for the TFTP server. For example,
PTR record was invalid
If you encounter these problems, check the DNS setup on both Satellite and Capsule, specifically the PTR record resolution.
The filename option
The filename
option contains the full path to the file that downloads and executes during provisioning. The PXE loader that you select for the host or host group defines which filename
option to use. When the PXE loader is set to none
, Satellite does not populate the filename
option into the DHCP record. Depending on the PXE loader option, the filename
changes as follows:
PXE loader option | filename entry | Notes |
---|---|---|
PXELinux BIOS |
| |
PXELinux UEFI |
| |
iPXE Chain BIOS |
| |
PXEGrub2 UEFI |
| x64 can differ depending on architecture |
iPXE UEFI HTTP |
|
Requires the |
Grub2 UEFI HTTP |
|
Requires the |
4.2. Prerequisites for Image Based Provisioning
Post-Boot Configuration Method
Images that use the finish
post-boot configuration scripts require a managed DHCP server, such as Satellite’s integrated Capsule or an external Capsule. The host must be created with a subnet associated with a DHCP Capsule, and the IP address of the host must be a valid IP address from the DHCP range.
It is possible to use an external DHCP service, but IP addresses must be entered manually. The SSH credentials corresponding to the configuration in the image must be configured in Satellite to enable the post-boot configuration to be made.
Check following items when troubleshooting a virtual machine booted from an image that depends on post-configuration scripts:
- The host has a subnet assigned in Satellite Server.
- The subnet has a DHCP Capsule assigned in Satellite Server.
- The host has a valid IP address assigned in Satellite Server.
- The IP address acquired by the virtual machine using DHCP matches the address configured in Satellite Server.
- The virtual machine created from an image responds to SSH requests.
- The virtual machine created from an image authorizes the user and password, over SSH, which is associated with the image being deployed.
- Satellite Server has access to the virtual machine via SSH keys. This is required for the virtual machine to receive post-configuration scripts from Satellite Server.
Pre-Boot Initialization Configuration Method
Images that use the cloud-init
scripts require a DHCP server to avoid having to include the IP address in the image. A managed DHCP Capsule is preferred. The image must have the cloud-init
service configured to start when the system boots and fetch a script or configuration data to use in completing the configuration.
Check the following items when troubleshooting a virtual machine booted from an image that depends on initialization scripts included in the image:
- There is a DHCP server on the subnet.
-
The virtual machine has the
cloud-init
service installed and enabled.
For information about the differing levels of support for finish
and cloud-init
scripts in virtual-machine images, see the Red Hat Knowledgebase Solution What are the supported compute resources for the finish and cloud-init scripts on the Red Hat Customer Portal.
4.3. Configuring Network Services
Some provisioning methods use Capsule Server services. For example, a network might require the Capsule Server to act as a DHCP server. A network can also use PXE boot services to install the operating system on new hosts. This requires configuring the Capsule Server to use the main PXE boot services: DHCP, DNS, and TFTP.
Use the satellite-installer
script with the options to configure these services on the Satellite Server.
To configure these services on an external Capsule Server, run satellite-installer --scenario capsule
.
Satellite Server uses eth0
for external communication, such as connecting to Red Hat’s CDN.
Procedure
To configure network services on Satellite’s integrated Capsule, complete the following steps:
Enter the
satellite-installer
command to configure the required network services:# satellite-installer --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-managed true \ --foreman-proxy-dhcp-gateway "192.168.140.1" \ --foreman-proxy-dhcp-interface "eth1" \ --foreman-proxy-dhcp-nameservers "192.168.140.2" \ --foreman-proxy-dhcp-range "192.168.140.10 192.168.140.110" \ --foreman-proxy-dhcp-server "192.168.140.2" \ --foreman-proxy-dns true \ --foreman-proxy-dns-managed true \ --foreman-proxy-dns-forwarders "8.8.8.8; 8.8.4.4" \ --foreman-proxy-dns-interface "eth1" \ --foreman-proxy-dns-reverse "140.168.192.in-addr.arpa" \ --foreman-proxy-dns-server "127.0.0.1" \ --foreman-proxy-dns-zone "example.com" \ --foreman-proxy-tftp true \ --foreman-proxy-tftp-managed true
Find the Capsule Server that you configure:
# hammer proxy list
Refresh features of the Capsule Server to view the changes:
# hammer proxy refresh-features --name "satellite.example.com"
Verify the services configured on the Capsule Server:
# hammer proxy info --name "satellite.example.com"
4.3.1. DHCP, DNS, and TFTP Options for Network Configuration
DHCP Options
- --foreman-proxy-dhcp
-
Enables the DHCP service. You can set this option to
true
orfalse
. - --foreman-proxy-dhcp-managed
-
Enables Foreman to manage the DHCP service. You can set this option to
true
orfalse
. - --foreman-proxy-dhcp-gateway
- The DHCP pool gateway. Set this to the address of the external gateway for hosts on your private network.
- --foreman-proxy-dhcp-interface
-
Sets the interface for the DHCP service to listen for requests. Set this to
eth1
. - --foreman-proxy-dhcp-nameservers
-
Sets the addresses of the nameservers provided to clients through DHCP. Set this to the address for Satellite Server on
eth1
. - --foreman-proxy-dhcp-range
- A space-separated DHCP pool range for Discovered and Unmanaged services.
- --foreman-proxy-dhcp-server
- Sets the address of the DHCP server to manage.
DNS Options
- --foreman-proxy-dns
-
Enables DNS service. You can set this option to
true
orfalse
. - --foreman-proxy-dns-managed
-
Enables Foreman to manage the DNS service. You can set this option to
true
orfalse
. - --foreman-proxy-dns-forwarders
- Sets the DNS forwarders. Set this to your DNS servers.
- --foreman-proxy-dns-interface
-
Sets the interface to listen for DNS requests. Set this to
eth1
. - --foreman-proxy-dns-reverse
- The DNS reverse zone name.
- --foreman-proxy-dns-server
- Sets the address of the DNS server to manage.
- --foreman-proxy-dns-zone
- Sets the DNS zone name.
TFTP Options
- --foreman-proxy-tftp
-
Enables TFTP service. You can set this option to
true
orfalse
. - --foreman-proxy-tftp-managed
-
Enables Foreman to manage the TFTP service. You can set this option to
true
orfalse
. - --foreman-proxy-tftp-servername
- Sets the TFTP server to use. Ensure that you use Capsule’s IP address.
Run satellite-installer --scenario capsule --help
to view more options related to DHCP, DNS, TFTP, and other Satellite Capsule services
4.3.2. Using TFTP Services through NAT
You can use Satellite TFTP services through NAT. To do this, on all NAT routers or firewalls, you must enable a TFTP service on UDP port 69 and enable the TFTP state tracking feature. For more information, see the documentation for your NAT device.
If your NAT routers or firewalls use Red Hat Enterprise Linux, perform this procedure on all devices.
On Red Hat Enterprise Linux 7:
Use the following command to allow TFTP service on UDP port 69, load the kernel TFTP state tracking module, and make the changes persistent:
# firewall-cmd --add-service=tftp && firewall-cmd --runtime-to-permanent
On Red Hat Enterprise Linux 6:
Configure the firewall to allow TFTP service UDP on port 69.
# iptables -A OUTPUT -i eth0 -p udp --sport 69 -m state \ --state ESTABLISHED -j ACCEPT # service iptables save
Load the
ip_conntrack_tftp
kernel TFTP state module. In the/etc/sysconfig/iptables-config
file, locateIPTABLES_MODULES
and addip_conntrack_tftp
as follows:IPTABLES_MODULES="ip_conntrack_tftp"
4.4. Adding a Domain to Satellite Server
Satellite Server defines domain names for each host on the network. Satellite Server must have information about the domain and the Capsule Server responsible for domain name assignment. This provides users with a means to group and name hosts within a particular domain and associate them with parameters and Puppet variables.
Checking for Existing Domains
Satellite Server might already have the relevant domain created as part of Satellite Server installation. Switch the context to Any Organization
and Any Location
then check the domain list to see if it exists.
Procedure
To add a domain to Satellite, complete the following steps:
- In the Satellite web UI, navigate to Infrastructure > Domains and click Create Domain.
- In the DNS Domain field, enter the full DNS domain name.
- In the Fullname field, enter the plain text name of the domain.
- Click the Parameters tab and configure any domain level parameters to apply to hosts attached to this domain. For example, user defined Boolean or string parameters to use in templates.
- Click Add Parameter and fill in the Name and Value fields.
- Click the Locations tab, and add the location where the domain resides.
- Click the Organizations tab, and add the organization that the domain belongs to.
- Click Submit to save the changes.
For CLI Users
Use the hammer domain create
command to create a domain:
# hammer domain create --name "domain_name.com" \ --description "My example domain" --dns-id 1 \ --locations "My_Location" --organizations "My_Organization"
In this example, the --dns-id
option uses 1
, which is the ID of Satellite Server’s integrated Capsule.
4.5. Adding a Subnet to Satellite Server
Subnets in Red Hat Satellite define networks specified for groups of systems. Subnets use standard IP-address settings to define the network and use the Red Hat Satellite Capsule Server DHCP features to assign IP addresses to systems within the subnet.
You must add information for each of your subnets to Satellite Server because Satellite configures interfaces for new hosts. To configure interfaces, Satellite Server must have all the information about the network that connects these interfaces.
Procedure
To add a subnet to Satellite Server, complete the following steps:
- In the Satellite web UI, navigate to Infrastructure > Subnets, and in the Subnets window, click Create Subnet.
- In the Name field, enter a name for the subnet.
- In the Description field, enter a description for the subnet.
- In the Network address field, enter the network address for the subnet.
- In the Network prefix field, enter the network prefix for the subnet.
- In the Network mask field, enter the network mask for the subnet.
- In the Gateway address field, enter the external gateway for the subnet.
- In the Primary DNS server field, enter a primary DNS for the subnet.
- In the Secondary DNS server, enter a secondary DNS for the subnet.
From the IPAM list, select the method that you want to use for IP address management (IPAM):
- DHCP - The subnet contains a DHCP server.
- Internal DB - The subnet does not contain a DHCP server but Satellite can manage the IP address assignment and record IP addresses in its internal database.
- None - No IP address management.
- Enter the information for the IPAM method that you select.
- Click the Remote Execution tab and select the capsule that controls the remote execution.
- Click the Domains tab and select the domains that apply to this subnet.
- Click the Capsules tab and select the Capsule that you want to provide each service in the subnet.
- Click the Parameters tab and configure any subnet level parameters to apply to hosts attached to this subnet. For example, user defined Boolean or string parameters to use in templates.
- Click the Locations tab and select the locations that use this capsule.
- Click the Organizations tab and select the organizations that use this capsule.
- Click Submit to save the subnet information.
For CLI Users
Create the subnet with the following command:
# hammer subnet create --name "My_Network" \ --description "your_description" \ --network "192.168.140.0" --mask "255.255.255.0" \ --gateway "192.168.140.1" --dns-primary "192.168.140.2" \ --dns-secondary "8.8.8.8" --ipam "DHCP" \ --from "192.168.140.111" --to "192.168.140.250" --boot-mode "DHCP" \ --domains "example.com" --dhcp-id 1 --dns-id 1 --tftp-id 1 --template-id 1 \ --locations "My_Location" --organizations "My_Organization"
In this example, the --dhcp-id
, --dns-id
, and --tftp-id
options use 1, which is the ID of the integrated Capsule in Satellite Server.
4.6. Configuring iPXE to Reduce Provisioning Times
In Red Hat Satellite 6.6, you can configure PXELinux to chainboot iPXE and boot using the HTTP protocol, which is faster and more reliable on high latency networks than TFTP.
There are three methods of using iPXE with Red Hat Satellite 6.6:
- Chainbooting virtual machines using hypervisors that use iPXE as primary firmware
- Using PXELinux through TFTP to chainload iPXE directly on bare metal hosts
- Using PXELinux through UNDI, which uses HTTP to transfer the kernel and the initial RAM disk on bare metal hosts
Prerequisites
Before you begin, ensure that the following conditions are met:
- A host exists on Red Hat Satellite to use
- The MAC address of the provisioning interface matches the host configuration
- The provisioning interface of the host has a valid DHCP reservation
- The NIC is capable of PXE booting. For more information, see http://ipxe.org/appnote/hardware_drivers
- The NIC is compatible with iPXE
4.6.1. Chainbooting virtual machines
Most virtualization hypervisors use iPXE as primary firmware for PXE booting. Because of this, you can chainboot without TFTP and PXELinux.
Chainbooting virtual machine workflow
Using virtualization hypervisors removes the need for TFTP and PXELinux. It has the following workflow:
- Virtual machine starts
- iPXE retrieves the network credentials using DHCP
- iPXE retrieves the HTTP address using DHCP
- iPXE chainloads the iPXE template from the template Capsule
- iPXE loads the kernel and initial RAM disk of the installer
Ensure that the hypervisor that you want to use supports iPXE. The following virtualization hypervisors support iPXE:
- libvirt
- oVirt
- RHEV
Configuring Red Hat Satellite Server to use iPXE
You can use the default template to configure iPXE booting for hosts. If you want to change the default values in the template, clone the template and edit the clone.
Procedure
To configure Satellite to use iPXE, complete the following steps:
-
In the Satellite web UI, navigate to Hosts > Provisioning Templates, enter
Kickstart default iPXE
and click Search. - Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.
- Click the name of the template you want to use.
- If you clone the template, you can make changes you require on the Template tab.
- Click the Association tab, and select the operating systems that your host uses.
- Click the Locations tab, and add the location where the host resides.
- Click the Organizations tab, and add the organization that the host belongs to.
- Click Submit to save the changes.
- Navigate to Hosts > Operating systems and select the operating system of your host.
- Click the Templates tab.
- From the iPXE Template list, select the template you want to use.
- Click Submit to save the changes.
- Navigate to Hosts > All Hosts.
- In the Hosts page, select the host that you want to use.
- Select the Templates tab.
- From the iPXE template list, select Review and verify that the Kickstart default iPXE template is the correct template.
To prevent an endless loop of chainbooting iPXE firmware, edit the
/etc/dhcp/dhcpd.conf
file to match the following example. If you use an isolated network, use a Capsule Server URL with TCP port 8000, instead of Satellite Server’s URL.Locate the following lines in the Bootfile Handoff section of the
/etc/dhcp/dhcpd.conf
file:} else { filename "pxelinux.0"; }
Add the following extra
elsif
statement before the else statement:elsif exists user-class and option user-class = "iPXE" { filename "http://satellite.example.com/unattended/iPXE"; }
Verify that the 'if' section matches the following example:
if option architecture = 00:06 { filename "grub2/shim.efi"; } elsif option architecture = 00:07 { filename "grub2/shim.efi"; } elsif option architecture = 00:09 { filename "grub2/shim.efi"; } elsif exists user-class and option user-class = "iPXE" { filename "http://satellite.example.com/unattended/iPXE"; } else { filename "pxelinux.0"; }
NoteFor
http://satellite.example.com/unattended/iPXE
, you can also use a Red Hat Satellite Capsulehttp://capsule.example.com:8000/unattended/iPXE
. You must update the/etc/dhcp/dhcpd.conf
file after every upgrade. The content of the/etc/dhcp/dhcpd.conf
file is case sensitive.
4.6.2. Chainbooting iPXE directly
Use this procedure to set up iPXE to use a built-in driver for network communication or UNDI interface. There are separate procedures to configure Satellite Server and Capsule to use iPXE.
You can use this procedure only with bare metal hosts.
Chainbooting iPXE directly or with UNDI workflow
- Host powers on
- PXE driver retrieves the network credentials using DHCP
-
PXE driver retrieves the PXELinux firmware
pxelinux.0
using TFTP - PXELinux searches for the configuration file on the TFTP server
-
PXELinux chainloads iPXE
ipxe.lkrn
orundionly-ipxe.0
- iPXE retrieves the network credentials using DHCP again
- iPXE retrieves HTTP address using DHCP
- iPXE chainloads the iPXE template from the template Capsule
- iPXE loads the kernel and initial RAM disk of the installer
Configuring Red Hat Satellite Server to use iPXE
You can use the default template to configure iPXE booting for hosts. If you want to change the default values in the template, clone the template and edit the clone.
Procedure
To configure Satellite to use iPXE with the UNDI workflow, complete the following steps:
-
In the Satellite web UI, navigate to Hosts > Provisioning Templates, enter
PXELinux chain iPXE
or, for UNDI, enterPXELinux chain iPXE UNDI
, and click Search. - Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.
- Click the name of the template you want to use.
- If you clone the template, you can make changes you require on the Template tab.
- Click the Association tab, and select the operating systems that your host uses.
- Click the Locations tab, and add the location where the host resides.
- Click the Organizations tab, and add the organization that the host belongs to.
- Click Submit to save the changes.
-
In the Provisioning Templates page, enter
Kickstart default iPXE
into the search field and click Search. - Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.
- Click the name of the template you want to use.
- If you clone the template, you can make changes you require on the Template tab.
- Click the Association tab, and associate the template with the operating system that your host uses.
- Click the Locations tab, and add the location where the host resides.
- Click the Organizations tab, and add the organization that the host belongs to.
- Click Submit to save the changes.
- Navigate to Hosts > Operating systems and select the operating system of your host.
- Click the Templates tab.
- From the PXELinux template list, select the template you want to use.
- From the iPXE template list, select the template you want to use.
- Click Submit to save the changes.
- Navigate to Hosts > All Hosts, and select the host you want to use.
- Select the Templates tab, and from the PXELinux template list, select Review and verify the template is the correct template.
- From the iPXE template list, select Review and verify the template is the correct template. If there is no PXELinux entry, or you cannot find the new template, navigate to Hosts > All Hosts, and on your host, click Edit. Click the Operating system tab and click the Provisioning Template Resolve button to refresh the list of templates.
To prevent an endless loop of chainbooting iPXE firmware, edit the
/etc/dhcp/dhcpd.conf
file to match the following example. If you use an isolated network, use a Capsule Server URL with TCP port 8000, instead of Satellite Server’s URL.Locate the following lines in the Bootfile Handoff section of the
/etc/dhcp/dhcpd.conf
file:} else { filename "pxelinux.0"; }
Add the following extra
elsif
statement before the else statement:elsif exists user-class and option user-class = "iPXE" { filename "http://satellite.example.com/unattended/iPXE"; }
Verify that the 'if' section matches the following example:
if option architecture = 00:06 { filename "grub2/shim.efi"; } elsif option architecture = 00:07 { filename "grub2/shim.efi"; } elsif option architecture = 00:09 { filename "grub2/shim.efi"; } elsif exists user-class and option user-class = "iPXE" { filename "http://satellite.example.com/unattended/iPXE"; } else { filename "pxelinux.0"; }
NoteFor
http://satellite.example.com/unattended/iPXE
, you can also use a Red Hat Satellite Capsulehttp://capsule.example.comf:8000/unattended/iPXE
. You must update the/etc/dhcp/dhcpd.conf
file after every upgrade. The content of the/etc/dhcp/dhcpd.conf
file is case sensitive.
Configuring Red Hat Satellite Capsule to use iPXE
You can use this procedure to configure Capsules to use iPXE.
You must perform this procedure on all Capsules.
Procedure
To configure the Capsule to chainboot iPXE, complete the following steps:
Install the
ipxe-bootimgs
RPM package:# yum install ipxe-bootimgs
Copy the iPXE firmware to the TFTP server’s root directory. Do not use symbolic links because TFTP runs in the
chroot
environment.For chainbooting directly, enter the following command:
# cp /usr/share/ipxe/ipxe.lkrn /var/lib/tftpboot/
For UNDI, enter the following command:
# cp /usr/share/ipxe/undionly.kpxe /var/lib/tftpboot/undionly-ipxe.0
Correct the file contexts:
# restorecon -RvF /var/lib/tftpboot/