Problem:
Katello installed with TFTP, DHCP, DNS in the same server as Katello.
I create a new domain either from the GUI or the hammer CLI.
The domain is created and associated with the correct locations and organizations.
But, when I try to provision a new host I get an error. Looking at the bind’s configuration I see that the new domain is not added. There are no zone entries and of course no zone files.
Why?
Expected outcome:
New domain is added in the BIND’s configuration file and the relevant zone files are created.
Foreman and Proxy versions: 3.0.0 1.11 Other relevant data:
Katello is installed with a default domain, subnets and the relevant foreman-proxies.
I use the “standard” BIND, ISC DHCP and the TFTP server coming with the CentOS packages.
This is correct. This functionality was never implemented. The bind provider uses nsupdate to modify records, but nsupdate doesn’t allow zones management. We tried to reduce this pain by having the installer set up a domain for you, but it looks like this is creating more confusion. Advanced users also feel limited.
Long term I’m thinking about having optional zone management if the backend supports it. PowerDNS has a full REST API as well as some other providers. The basics for communicating capabilities was merged in 1.22 and I’m writing a blog about this. This will allow us to tell the user whether a domain is actually present or absent on the server and in some cases actually create it.
It can and you can use our Puppet modules and there are some users who do this. Nobody has taken the effort to provide a proper end to end solution and some users prefer not to use Puppet.
We have a foreman() function to query the Foreman and search for domains that belong to a certain proxy server and the dns::zone defined type can be used to create zones.
One snag is that the Foreman model is to create a domain even for what would be considered a subdomain in other cases. For example, I have lan.example.com and example.com in Foreman. This can be represented by a single example.com on the DNS server. It can also be implemented by creating two zones, but in that case you need to create delegations even if it’s on the same server. In most cases it’ll just work, but you must follow the DNS spec if you enable DNSSEC (as experience has taught me).
Absolutely. And what I am facing right now is exactly this. Subdomains (one for each DC) of the main domain.
As you said it’s not exactly straight forward. Many thanks for the discussion and I would like to see how the P-DNS would be implemented.
