Project

General

Profile

Actions

Feature #3582

closed

Allow Subnets to have Parameters like Domains

Added by Sean Alderman over 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Network
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

User Story: * Subnet level parameters to define Outbound HTTP/HTTPS proxy *

Deploy Foreman/Puppet to broad network with multiple public and private RFC1918 subnets. Designated secure subnets require use of local outbound squid proxy or host specific firewall rules in order to gain access to other subnets, including Internet.

E.G. Subnet 1 (192.168.1.0/24), for PCI compliance, requires use of 192.168.1.5 squid proxy, plus proxy auth. Subnet 2 (192.168.2.0/24), for HIPAA compliance, requires use of 192.168.2.5 squid proxy, no proxy auth. Subnet 3 (192.168.3.0/24), for organization compliance, requires use of <public ip> squid proxy, no proxy auth. Subnet 4 (192.168.4.0/24), does not require proxy. Subnet 5 (172.18.0.0/16), for DoD classified research, requires use of 172.18.0.5 squid proxy, plus proxy auth. Subnet 6 <public DMZ ip>, requires use of <public ip> squid proxy, plus proxy auth.

DNS domains cross subnet boundaries, so parameters applied through DNS domains may not be appropriate for hosts in some subnets. Likewise, HostGroup organization may not follow domain or subnet architecture, so parameter inheritance may not be appropriate.

Parameter inheritance: Global -> Domain -> Subnet -> HostGroup -> Host, would allow for a default proxy parameter to be set at the domain level, and overidden at the subnet level as needed. User defined Boolean params like proxy_required and proxy_auth_required, along with string params like proxy_url, proxy_host and proxy_port could then be applied through numerous templates for things like yum.conf, wgetrc, puppet.conf, etc.


Related issues 3 (1 open2 closed)

Related to Foreman - Tracker #4470: Usability of parameters and overridesNew

Actions
Related to Foreman - Feature #13677: Add NTP settings option in subnet tab Rejected02/11/2016Actions
Has duplicate Foreman - Feature #1464: Parameters in subnetsDuplicateOhad Levy01/22/2012Actions
Actions #1

Updated by Sean Alderman over 10 years ago

Another use case: Per Subnet default gateway parameter accessible at by puppet agent.

Actions #2

Updated by Dominic Cleal almost 10 years ago

  • Related to Tracker #4470: Usability of parameters and overrides added
Actions #3

Updated by Sean O'Keeffe about 8 years ago

  • Related to Feature #13677: Add NTP settings option in subnet tab added
Actions #4

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Sean O'Keeffe
  • Pull request https://github.com/theforeman/foreman/pull/3228 added
Actions #5

Updated by Sean O'Keeffe about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #6

Updated by Dominic Cleal about 8 years ago

  • Category set to Network
Actions #7

Updated by Dominic Cleal about 8 years ago

  • translation missing: en.field_release set to 136
Actions #8

Updated by Bryan Kearney almost 8 years ago

  • Bugzilla link set to 1302931
Actions #9

Updated by Tomer Brisker over 7 years ago

  • Bugzilla link changed from 1302931 to 1291935
Actions #10

Updated by Tomer Brisker over 7 years ago

Actions

Also available in: Atom PDF