70 lines
2.0 KiB
ReStructuredText
70 lines
2.0 KiB
ReStructuredText
``profile::networking``
|
|
============================
|
|
|
|
This module configures most network-related settings, in particular:
|
|
|
|
- DNS resolution (``/etc/resolv.conf``)
|
|
- DNS caching (via :manpage:`nscd(8)`)
|
|
- static host entries
|
|
|
|
Notable exceptions are the firewall and ``/etc/hosts.{allow,deny}``.
|
|
|
|
It also provides information about networks to other modules through the
|
|
variables listed below:
|
|
|
|
- ``profile::networking::zone``
|
|
|
|
The name of network zone. This is used by the :doc:`ntp_client
|
|
<../profiles/ntp_client>` profile, for example, to determine which NTP servers
|
|
to use.
|
|
|
|
- ``profile::networking::use_bastions``
|
|
|
|
This boolean indicates to the :doc:`aaa <../profiles/aaa>` profile whether SSH
|
|
access should be restricted to connections coming from the bastion hosts.
|
|
Override possible with ``aaa::use_bastions``.
|
|
|
|
|
|
Notes:
|
|
|
|
- the above variables are not configured in ``hiera``, but in the
|
|
`Puppet manifest <https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/manifests/networking/params.pp>`_
|
|
|
|
- the DNS cache is configured to be persistent, i.e. the cached data will
|
|
survive restarts of ``nscd.service``. To clear the cache, run ``nscd -i
|
|
hosts`` or ``systemctl reload nscd``.
|
|
|
|
|
|
Parameters
|
|
----------
|
|
|
|
|
|
``dns_servers``
|
|
~~~~~~~~~~~~~~~
|
|
|
|
The list of DNS servers (IP addresses) to be configured. This is only effective
|
|
if the client doesn't use DHCP (see `enable_dhcp`_).
|
|
|
|
|
|
``enable_dhcp``
|
|
~~~~~~~~~~~~~~~
|
|
|
|
If this is true, then settings that are typically configured through DHCP (e.g.
|
|
DNS servers) are not touched by this module.
|
|
|
|
|
|
``enable_dns_caching``
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
This boolean determines whether DNS caching with nscd is enabled (``true``) or
|
|
not (``false``). It is only effective if the client doesn't use DHCP (see
|
|
`enable_dhcp`_).
|
|
|
|
|
|
``static_host_entries``
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
A hash representing static host entries. The keys are the IP addresses, the
|
|
values are expected to be lists of aliases for the given IP address. Special IP
|
|
addresses like 127.0.0.1 are not allowed.
|