Dissociate Smart Proxies unmanaged IPv6 #3645
Conversation
github-actions
bot
added
Needs tech review
Lennonka
force-pushed
the
dissociate-smartproxies-unmanaged-ipv6
branch
2 times, most recently
from
da4f340 to
36058fe
Compare
Lennonka
force-pushed
the
dissociate-smartproxies-unmanaged-ipv6
branch
from
36058fe to
2f8312d
Compare
|
ACK, makes sense |
Lennonka
added
tech review done
maximiliankolb
added
style review done
|
I think it's a bug this can be done in the first place: the DHCP management is IPv4-only and we know the subnet type |
| @@ -4,6 +4,11 @@ | |||
| You must add information for each of your subnets to {ProjectServer} because {Project} configures interfaces for new hosts. | |||
| To configure interfaces, {ProjectServer} must have all the information about the network that connects these interfaces. | |||
|
|
|||
| [IMPORTANT] | |||
| ==== | |||
| In an IPv6 network with unmanaged DHCP and DNS, do not assign DHCP {SmartProxy} and Reverse DNS {SmartProxy} to your subnet. | |||
There was a problem hiding this comment.
This is IMHO a bug that the user can select this in the first place. Is there work tracked to make that impossible?
There was a problem hiding this comment.
I wouldn't mark it as a bug yet. We may start supporting DHCPv6 management in the future. The same goes for DNS, maybe we will be able to support managed DNS for IPv6 networks later on (for example in retroactive mode, where we update the DNS once we get the facts from the host).
There was a problem hiding this comment.
Until we develop the feature, we should make it impossible set unsupported options. Because of that I'd qualify it as a bug.
There was a problem hiding this comment.
Let's create an issue on Redmine then. Sounds fine by me.
| @@ -22,6 +22,11 @@ If you experience timeouts during DNS conflict resolution, check the following s | |||
| * The domain name must have a Start of Authority (SOA) record available from {ProjectServer}. | |||
| * The system resolver in the `/etc/resolv.conf` file must have a valid and working configuration. | |||
|
|
|||
| [IMPORTANT] | |||
| ==== | |||
| In an IPv6 network with unmanaged DNS, do not assign DNS {SmartProxy} to your domain. | |||
There was a problem hiding this comment.
I don't understand this sentence. Why shouldn't a user do this? Why is it IPv6 specific?
There was a problem hiding this comment.
While it's not IPv6 specific, it is relevant here. If a user assigns a DNS proxy to the subnet/domain, Foreman will require IP address, which cannot be set in IPv6 scenario (at least for the foreseeable future).
There was a problem hiding this comment.
The Smart Proxy can manage AAAA records and IPv6 PTR records so I still don't see why it's a problem.
Having said that, for unmanaged DNS you should never set a DNS Smart Proxy anyway so I'm still deeply confused.
There was a problem hiding this comment.
I think making it clear that the user should not set the DNS smart proxy as long as there is no IPv6 set on the machine is useful here. Otherwise the host will require setting an IPv6 address for the host, which is not currently possible (we only support unmanaged DHCPv6 for provisioning).
There was a problem hiding this comment.
But users can assign an IPv6 address statically or rely on EUI64. For dual stack that is fine.
What changes are you introducing?
Adding important instructions for subnets and domains in IPv6 networks, where DHCP and DNS cannot be managed by Foreman
...and a couple of cosmetic improvements
Why are you introducing these changes? (Explanation, links to references, issues, etc.)
Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)
Checklists
Please cherry-pick my commits into: N/A