From ebca26cb044587d0321ab6e40dd1f26462d328bb Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 9 Jan 2025 11:13:15 +0100 Subject: [PATCH] update networking documentation --- admin-guide/configuration/basic/networking.md | 15 ++-- .../puppet/profiles/networking.rst | 69 ------------------- 2 files changed, 7 insertions(+), 77 deletions(-) delete mode 100644 engineering-guide/puppet/profiles/networking.rst diff --git a/admin-guide/configuration/basic/networking.md b/admin-guide/configuration/basic/networking.md index fb4691e0..174b02f6 100644 --- a/admin-guide/configuration/basic/networking.md +++ b/admin-guide/configuration/basic/networking.md @@ -91,7 +91,7 @@ networking::connection::psi_network: ``` ```{note} -The default value (if not specified) for `ipv6_method` is _disabled_. +The default value (if not specified) for `ipv6_method` is _auto_. ``` ### Ethernet Connection Definition @@ -209,15 +209,15 @@ To remove it you may do it manually or reboot. Manual removal is done with `nmcli connection down $ID/$CONNECTION_NAME`: ``` [root@lx-test-dmz-01 ~]# nmcli connection -NAME UUID TYPE DEVICE -dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33 -ens35 f3ba4a81-8c9b-4aec-88ee-ddffd32f67fa ethernet ens35 +NAME UUID TYPE DEVICE +dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33 +ens35 f3ba4a81-8c9b-4aec-88ee-ddffd32f67fa ethernet ens35 [root@lx-test-dmz-01 ~]# nmcli connection down f3ba4a81-8c9b-4aec-88ee-ddffd32f67fa Connection 'ens35' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) [root@lmu-user-dmz-01 ~]# nmcli connection -NAME UUID TYPE DEVICE -dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33 -[root@lx-test-dmz-01 ~]# +NAME UUID TYPE DEVICE +dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33 +[root@lx-test-dmz-01 ~]# ``` ### DNS Override @@ -274,4 +274,3 @@ Except for the `unmanaged` setup mode you may disable DNS caching with ``` networking::enable_dns_caching: false ``` - diff --git a/engineering-guide/puppet/profiles/networking.rst b/engineering-guide/puppet/profiles/networking.rst deleted file mode 100644 index d047324a..00000000 --- a/engineering-guide/puppet/profiles/networking.rst +++ /dev/null @@ -1,69 +0,0 @@ -``profile::networking`` -============================ - -This module configures most network-related settings, in particular: - -- DNS resolution (``/etc/resolv.conf``) -- DNS caching (via :manpage:`nscd(8)`) -- static host entries - -Notable exceptions are the firewall and ``/etc/hosts.{allow,deny}``. - -It also provides information about networks to other modules through the -variables listed below: - -- ``profile::networking::zone`` - - The name of network zone. This is used by the :doc:`ntp_client - <../profiles/ntp_client>` profile, for example, to determine which NTP servers - to use. - -- ``profile::networking::use_bastions`` - - This boolean indicates to the :doc:`aaa <../profiles/aaa>` profile whether SSH - access should be restricted to connections coming from the bastion hosts. - Override possible with ``aaa::use_bastions``. - - -Notes: - -- the above variables are not configured in ``hiera``, but in the - `Puppet manifest `_ - -- the DNS cache is configured to be persistent, i.e. the cached data will - survive restarts of ``nscd.service``. To clear the cache, run ``nscd -i - hosts`` or ``systemctl reload nscd``. - - -Parameters ----------- - - -``dns_servers`` -~~~~~~~~~~~~~~~ - -The list of DNS servers (IP addresses) to be configured. This is only effective -if the client doesn't use DHCP (see `enable_dhcp`_). - - -``enable_dhcp`` -~~~~~~~~~~~~~~~ - -If this is true, then settings that are typically configured through DHCP (e.g. -DNS servers) are not touched by this module. - - -``enable_dns_caching`` -~~~~~~~~~~~~~~~~~~~~~~ - -This boolean determines whether DNS caching with nscd is enabled (``true``) or -not (``false``). It is only effective if the client doesn't use DHCP (see -`enable_dhcp`_). - - -``static_host_entries`` -~~~~~~~~~~~~~~~~~~~~~~~ - -A hash representing static host entries. The keys are the IP addresses, the -values are expected to be lists of aliases for the given IP address. Special IP -addresses like 127.0.0.1 are not allowed.