Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify target of securing DHCP API #2709

Closed
wants to merge 1 commit into from
Closed

Clarify target of securing DHCP API #2709

wants to merge 1 commit into from

Conversation

maximiliankolb
Copy link
Contributor

This procedure is only part of one assembly: "assembly_managing-dhcp-on-smart-proxies.adoc", which itself is only part of "doc-Installing_Proxy".

Please cherry-pick my commits into:

  • Foreman 3.9/Katello 4.11 (planned Satellite 6.15)
  • Foreman 3.8/Katello 4.10
  • Foreman 3.7/Katello 4.9 (Satellite 6.14)

follow-up PR based on #2684 (comment)

@maximiliankolb
Clarify target of securing DHCP API
1c42023 
This procedure is only part of one assembly: "assembly_managing-dhcp-on-smart-proxies.adoc",
which itself is only part of "doc-Installing_Proxy".
@maximiliankolb maximiliankolb requested a review from ekohl January 30, 2024 08:32
@github-actions GitHub Actions
Copy link

The PR preview for 1c42023 is available at theforeman-foreman-documentation-preview-pr-2709.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

ekohl
ekohl requested changes Jan 30, 2024
View reviewed changes
guides/common/modules/proc_securing-the-dhcp-api.adoc
@@ -1,12 +1,12 @@
[id="Securing_the_dhcpd_API_{context}"]
= Securing the dhcpd API

{SmartProxy} interacts with DHCP daemon using the dhcpd API to manage DHCP.
{SmartProxyServer} interacts with DHCP daemon using the dhcpd API to manage DHCP.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't true. It's the Smart Proxy process that communicates with the DHCP daemon. IMHO is SmartProxyServer the whole server.

guides/common/modules/proc_securing-the-dhcp-api.adoc
By default, the dhcpd API listens to any host without access control.
You can add an `omapi_key` to provide basic security.

.Procedure
. On your {SmartProxy}, install the required packages:
. On your {SmartProxyServer}, install the required packages:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can also be done on your ProjectServer if you run DHCP there.

@pr-processor pr-processor bot added Waiting on contributor Requires an action from the author and removed Not yet reviewed labels Jan 30, 2024
@maximiliankolb
Copy link
Contributor Author

I have checked; we do not include this procedure in "Installing Foreman Server". That's why I went with the "SmartProxyServer" attribute. See https://docs.theforeman.org/nightly/Installing_Proxy/index-katello.html#Managing_DHCP_Using_Smart_Proxy_smart-proxy

Should I add this to "Installing Foreman/Katello Server"?

@ekohl ekohl mentioned this pull request Jan 30, 2024
Draft
@ekohl
Copy link
Member

ekohl commented Jan 30, 2024

I started to automate this in theforeman/puppet-foreman_proxy#827 but need to spend a bit more time finalizing it. Time I don't have right now.

have checked; we do not include this procedure in "Installing Foreman Server"

I've talked to @Lennonka about this before, but I think we need a DNS integration guide about how to set up the various DNS integrations. That would all apply to both targets we have. And the exact same thing with DHCP integration.

I'll discuss it with @apinnick as well, because it's one of those overall content strategy things.

Short term I'm not sure what's best.

@maximiliankolb maximiliankolb deleted the fix_target_attribute branch February 8, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl requested changes

Assignees
No one assigned
Labels
Waiting on contributor Requires an action from the author
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maximiliankolb @ekohl