forked from Controls/gitea-pages
update networking documentation
This commit is contained in:
@@ -1,69 +0,0 @@
|
||||
``profile::networking``
|
||||
============================
|
||||
|
||||
This module configures most network-related settings, in particular:
|
||||
|
||||
- DNS resolution (``/etc/resolv.conf``)
|
||||
- DNS caching (via :manpage:`nscd(8)`)
|
||||
- static host entries
|
||||
|
||||
Notable exceptions are the firewall and ``/etc/hosts.{allow,deny}``.
|
||||
|
||||
It also provides information about networks to other modules through the
|
||||
variables listed below:
|
||||
|
||||
- ``profile::networking::zone``
|
||||
|
||||
The name of network zone. This is used by the :doc:`ntp_client
|
||||
<../profiles/ntp_client>` profile, for example, to determine which NTP servers
|
||||
to use.
|
||||
|
||||
- ``profile::networking::use_bastions``
|
||||
|
||||
This boolean indicates to the :doc:`aaa <../profiles/aaa>` profile whether SSH
|
||||
access should be restricted to connections coming from the bastion hosts.
|
||||
Override possible with ``aaa::use_bastions``.
|
||||
|
||||
|
||||
Notes:
|
||||
|
||||
- the above variables are not configured in ``hiera``, but in the
|
||||
`Puppet manifest <https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/manifests/networking/params.pp>`_
|
||||
|
||||
- the DNS cache is configured to be persistent, i.e. the cached data will
|
||||
survive restarts of ``nscd.service``. To clear the cache, run ``nscd -i
|
||||
hosts`` or ``systemctl reload nscd``.
|
||||
|
||||
|
||||
Parameters
|
||||
----------
|
||||
|
||||
|
||||
``dns_servers``
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
The list of DNS servers (IP addresses) to be configured. This is only effective
|
||||
if the client doesn't use DHCP (see `enable_dhcp`_).
|
||||
|
||||
|
||||
``enable_dhcp``
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
If this is true, then settings that are typically configured through DHCP (e.g.
|
||||
DNS servers) are not touched by this module.
|
||||
|
||||
|
||||
``enable_dns_caching``
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
This boolean determines whether DNS caching with nscd is enabled (``true``) or
|
||||
not (``false``). It is only effective if the client doesn't use DHCP (see
|
||||
`enable_dhcp`_).
|
||||
|
||||
|
||||
``static_host_entries``
|
||||
~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
A hash representing static host entries. The keys are the IP addresses, the
|
||||
values are expected to be lists of aliases for the given IP address. Special IP
|
||||
addresses like 127.0.0.1 are not allowed.
|
||||
Reference in New Issue
Block a user