Project

General

Profile

Feature #3582

Allow Subnets to have Parameters like Domains

Added by Sean Alderman about 7 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Network
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

User Story: * Subnet level parameters to define Outbound HTTP/HTTPS proxy *

Deploy Foreman/Puppet to broad network with multiple public and private RFC1918 subnets. Designated secure subnets require use of local outbound squid proxy or host specific firewall rules in order to gain access to other subnets, including Internet.

E.G. Subnet 1 (192.168.1.0/24), for PCI compliance, requires use of 192.168.1.5 squid proxy, plus proxy auth. Subnet 2 (192.168.2.0/24), for HIPAA compliance, requires use of 192.168.2.5 squid proxy, no proxy auth. Subnet 3 (192.168.3.0/24), for organization compliance, requires use of <public ip> squid proxy, no proxy auth. Subnet 4 (192.168.4.0/24), does not require proxy. Subnet 5 (172.18.0.0/16), for DoD classified research, requires use of 172.18.0.5 squid proxy, plus proxy auth. Subnet 6 <public DMZ ip>, requires use of <public ip> squid proxy, plus proxy auth.

DNS domains cross subnet boundaries, so parameters applied through DNS domains may not be appropriate for hosts in some subnets. Likewise, HostGroup organization may not follow domain or subnet architecture, so parameter inheritance may not be appropriate.

Parameter inheritance: Global -> Domain -> Subnet -> HostGroup -> Host, would allow for a default proxy parameter to be set at the domain level, and overidden at the subnet level as needed. User defined Boolean params like proxy_required and proxy_auth_required, along with string params like proxy_url, proxy_host and proxy_port could then be applied through numerous templates for things like yum.conf, wgetrc, puppet.conf, etc.


Related issues

Related to Foreman - Tracker #4470: Usability of parameters and overridesNew

Related to Foreman - Feature #13677: Add NTP settings option in subnet tab Rejected2016-02-11
Has duplicate Foreman - Feature #1464: Parameters in subnetsDuplicate2012-01-22

Associated revisions

Revision 03261ebb (diff)
Added by Sean O'Keeffe almost 5 years ago

Fixes #3582 - Parameters on subnets

History

#1 Updated by Sean Alderman about 7 years ago

Another use case: Per Subnet default gateway parameter accessible at by puppet agent.

#2 Updated by Dominic Cleal almost 7 years ago

  • Related to Tracker #4470: Usability of parameters and overrides added

#3 Updated by Sean O'Keeffe almost 5 years ago

  • Related to Feature #13677: Add NTP settings option in subnet tab added

#4 Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Sean O'Keeffe
  • Pull request https://github.com/theforeman/foreman/pull/3228 added

#5 Updated by Sean O'Keeffe almost 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal almost 5 years ago

  • Category set to Network

#7 Updated by Dominic Cleal almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 136

#8 Updated by Bryan Kearney over 4 years ago

  • Bugzilla link set to 1302931

#9 Updated by Tomer Brisker about 4 years ago

  • Bugzilla link changed from 1302931 to 1291935

#10 Updated by Tomer Brisker about 4 years ago

Also available in: Atom PDF