Project

General

Profile

Bug #14749

DNS proxy is no enable after installation.

Added by Mario Gamboa over 3 years ago. Updated about 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Hi Team

i install katello dns proxy using the following configuration

foreman-installer --scenario katello --foreman-proxy-dns true --foreman-proxy-dns-interface ens192 --foreman-proxy-dns-zone pp.example.net.nz --foreman-proxy-dns-reverse 179.25.172.in-addr.arpa --foreman-proxy-dns-provider nsupdate_gss --foreman-proxy-dns-tsig-principal --foreman-proxy-dns-tsig-keytab /etc/foreman-proxy/dns.keytab --foreman-proxy-dns-server 172.25.176.37 --foreman-proxy-dns-forwarders 172.25.176.38 -v

instead to use the default nsupdate i'm using nsupdate_gss for create the record in a Active directory

When i go to the gui the smart proxy only have the following services
Pulp, TFTP, DHCP, Puppet, and Puppet CA

I try refresh the features and nothing happen

The fix was on /etc/foreman-proxy is the 2 files
dns_nsupdate.yml
-- #
  1. Configuration file for 'nsupdate' dns provider #
:dns_key: /etc/rndc.key
  1. use this setting if you are managing a dns server which is not localhost though this proxy
    :dns_server: 172.25.176.37
###dns_nsupdate_gss.yml
-- #
  1. Configuration file for 'nsupdate_gss' dns provider with GSS-TSIG support #
  1. use this setting if you are managing a dns server which is not localhost though this proxy
    :dns_server: 172.25.176.37
  2. use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
  3. Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
    :dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
    :dns_tsig_principal:

The solution was on the file dns_nsupdate.yml

comment out
#:dns_key: /etc/rndc.key

after do this restart the foreman-proxy service
systemctl restart foreman-proxy

Now come back to the GUI refresh the features and Bam!!!!
Pulp, TFTP, DNS, DHCP, Puppet, and Puppet CA

DNS Proxy now is enable

History

#1 Updated by Eric Helms about 3 years ago

  • Status changed from New to Rejected
  • Legacy Backlogs Release (now unused) changed from 86 to 114

Looks like this was fixed with https://github.com/theforeman/puppet-foreman_proxy/commit/8346937a5db69213afa7978e2f0fb1d6f6d0407c and should be included by Foreman 1.11. If not, please open an issue against Foreman.

#2 Updated by Mario Gamboa about 3 years ago

Hi Eric

Today i installed fresh install of Katello RC and have this issue , i can't get dns proxy enable after fresh install including the dns proxy setup with the foreman installer

Also available in: Atom PDF