-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace installer-scenario attribute with foreman-installer when possible #2943
base: master
Are you sure you want to change the base?
Replace installer-scenario attribute with foreman-installer when possible #2943
Conversation
. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | ||
* On {Project}, enter the following command: | ||
* On {Project} or {SmartProxy}, enter the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't sure how to write these instructions, but they feel too complex with the simplification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment, rest LGTM. Overall change makes sense to me: After you have installed Foreman Server/Smart Proxy Server, you don't need to specify the scenario anymore.
I am not even sure if changing the scenario is supported.
@@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|||
. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | |||
* On {Project}, enter the following command: | |||
* On {Project} or {SmartProxy}, enter the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* On {Project} or {SmartProxy}, enter the following command: | |
* On your {SmartProxy}, enter the following command: |
Alternative: Adjust your suggestion to "On your {ProjectServer} or {SmartProxyServer}"
No. There is code to do so, but it really isn't tested and pretty much guaranteed to be broken in my experience. Just too many small details you need to think about. The code warns you about it as well: |
@@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|||
. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can delete this line. It just repeats the heading on line 138 and the command name from line 145; neither is necessary.
@@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|||
. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | |||
* On {Project}, enter the following command: | |||
* On {Project} or {SmartProxy}, enter the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add some wording that would briefly describe what the command actually does?
* On {Project} or {SmartProxy}, enter the following command: | |
* Configure your {ProjectServer} or {SmartProxyServer} to manage the DNS service for the domain: |
or
* On {Project} or {SmartProxy}, enter the following command: | |
* On the {ProjectServer} or {SmartProxyServer} you want to use to manage the DNS service for the domain, configure <description of what the command does>: |
or perhaps you'll be able to think of something even better.
Both my suggestions are significantly longer than the original, but my reasoning is that rather than writing "enter this command" (users can see that you're asking them to run a command), it's much more useful to describe what the command does.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought this would cover it:
* On {Project} or {SmartProxy}, enter the following command: | |
* Configure your {ProjectServer} or {SmartProxyServer} to connect to your DNS service: |
But then the header above it is:
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain
IMHO that's too similar.
Taking a step back, we have this situation:
Foreman knows about a Foreman Proxy. In this step we configure the Foreman Proxy DNS module. It does a few things:
--foreman-proxy-dns
enables the DNS module--foreman-proxy-dns-provider
configures the DNS module to use the nsupdate_gss provider--foreman-proxy-dns-managed
tells the installer not to install a DNS service--foreman-proxy-dns-server
tells the DNS module where it can find the DNS server--foreman-proxy-dns-tsig-keytab
&--foreman-proxy-dns-tsig-principal
tells the DNS provider which credentials to use when connecting
I know that's too many details to cover, but I'm hoping it helps you to come up with a good suggestion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think your suggestion would work just fine... if you merge .Configuring the {Project} or {SmartProxyServer} [...]
with .Updating the configuration in the {ProjectWebUI}
. Which is something I wanted to suggest before, but it seemed out of scope of this PR.
I couldn't find words to explain it, so I'm sending a patch (and I can only hope I'm doing this patch thing correctly 🤞).
diff --git a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
index 94fdd8cbd9..3248c40880 100644
--- a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
+++ b/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
@@ -137,8 +137,7 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain
-. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain:
-* On {Project} or {SmartProxy}, enter the following command:
+. Configure your {ProjectServer} or {SmartProxyServer} to connect to your DNS service:
+
[options="nowrap" subs="+quotes,attributes"]
----
@@ -150,17 +149,14 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard
--foreman-proxy-dns-tsig-principal="{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \
--foreman-proxy-dns=true
----
-
-After you run the `{foreman-installer}` command to make any changes to your {SmartProxy} configuration, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}.
-
-.Updating the configuration in the {ProjectWebUI}
-. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*.
-. Configure the domain:
-.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name.
-.. In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
-. Configure the subnet:
-.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name.
-.. In the *Subnet* tab, set *IPAM* to *None*.
-.. In the *Domains* tab, select the domain that you want to manage using the IdM server.
-.. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
-.. Click *Submit* to save the changes.
+. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}:
+.. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*.
+.. Configure the domain:
+... In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name.
+... In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
+.. Configure the subnet:
+... In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name.
+... In the *Subnet* tab, set *IPAM* to *None*.
+... In the *Domains* tab, select the domain that you want to manage using the IdM server.
+... In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
+... Click *Submit* to save the changes.
Now, as is usually the case, this creates a whole new problem, namely procedure steps nested in 3 levels. But I still think this is a cleaner solution, especially since I assume you never want users to just connect to the DNS service, but not update the config in the web UI right after.
WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that's exactly the issue I had and I think your suggestion looks better.
2bcecf9
to
d1590f2
Compare
. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}: | ||
.. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is redundant, but I chose to keep it in to keep to keep the PR focused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Ewoud, diff LGTM; handing over to @asteflova for additional/final ACK.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is just one bullet point (*
) that should in fact be a procedure step (.
). Other than that, all looks good.
guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
Outdated
Show resolved
Hide resolved
d1590f2
to
4e9336f
Compare
From triage: @ekohl Please rebase to "master"; then we'll re-review and merge. |
…ible On existing installations it's preferable to simply use foreman-installer with the options you wish to change. This replaces it where possible.
4e9336f
to
4502f8c
Compare
Rebased |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Ewoud, LGTM.
TODO: cherry-pick to 3.11 too |
On existing installations it's preferable to simply use foreman-installer with the options you wish to change. This replaces it where possible.
Includes #2942.
Please cherry-pick my commits into: