Replace installer-scenario attribute with foreman-installer when possible #2943
Conversation
| . Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | ||
| * On {Project}, enter the following command: | ||
| * On {Project} or {SmartProxy}, enter the following command: |
There was a problem hiding this comment.
I wasn't sure how to write these instructions, but they feel too complex with the simplification.
| @@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
| .Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|
|||
| . Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | |||
| * On {Project}, enter the following command: | |||
| * On {Project} or {SmartProxy}, enter the following command: | |||
There was a problem hiding this comment.
| * On {Project} or {SmartProxy}, enter the following command: | |
| * On your {SmartProxy}, enter the following command: |
Alternative: Adjust your suggestion to "On your {ProjectServer} or {SmartProxyServer}"
No. There is code to do so, but it really isn't tested and pretty much guaranteed to be broken in my experience. Just too many small details you need to think about. The code warns you about it as well: |
| @@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
| .Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|
|||
| . Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | |||
There was a problem hiding this comment.
You can delete this line. It just repeats the heading on line 138 and the command name from line 145; neither is necessary.
| @@ -138,24 +138,11 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard | |||
| .Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain | |||
|
|
|||
| . Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain: | |||
| * On {Project}, enter the following command: | |||
| * On {Project} or {SmartProxy}, enter the following command: | |||
There was a problem hiding this comment.
Can you add some wording that would briefly describe what the command actually does?
| * On {Project} or {SmartProxy}, enter the following command: | |
| * Configure your {ProjectServer} or {SmartProxyServer} to manage the DNS service for the domain: |
or
| * On {Project} or {SmartProxy}, enter the following command: | |
| * On the {ProjectServer} or {SmartProxyServer} you want to use to manage the DNS service for the domain, configure <description of what the command does>: |
or perhaps you'll be able to think of something even better.
Both my suggestions are significantly longer than the original, but my reasoning is that rather than writing "enter this command" (users can see that you're asking them to run a command), it's much more useful to describe what the command does.
There was a problem hiding this comment.
I thought this would cover it:
| * On {Project} or {SmartProxy}, enter the following command: | |
| * Configure your {ProjectServer} or {SmartProxyServer} to connect to your DNS service: |
But then the header above it is:
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain
IMHO that's too similar.
Taking a step back, we have this situation:
Foreman knows about a Foreman Proxy. In this step we configure the Foreman Proxy DNS module. It does a few things:
--foreman-proxy-dnsenables the DNS module--foreman-proxy-dns-providerconfigures the DNS module to use the nsupdate_gss provider--foreman-proxy-dns-managedtells the installer not to install a DNS service--foreman-proxy-dns-servertells the DNS module where it can find the DNS server--foreman-proxy-dns-tsig-keytab&--foreman-proxy-dns-tsig-principaltells the DNS provider which credentials to use when connecting
I know that's too many details to cover, but I'm hoping it helps you to come up with a good suggestion.
There was a problem hiding this comment.
I think your suggestion would work just fine... if you merge .Configuring the {Project} or {SmartProxyServer} [...] with .Updating the configuration in the {ProjectWebUI}. Which is something I wanted to suggest before, but it seemed out of scope of this PR.
I couldn't find words to explain it, so I'm sending a patch (and I can only hope I'm doing this patch thing correctly 🤞).
diff --git a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc b/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
index 94fdd8cbd9..3248c40880 100644
--- a/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
+++ b/guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
@@ -137,8 +137,7 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard
.Configuring the {Project} or {SmartProxyServer} that manages the DNS service for the domain
-. Use the `{foreman-installer}` command to configure the {Project} or {SmartProxy} that manages the DNS Service for the domain:
-* On {Project} or {SmartProxy}, enter the following command:
+. Configure your {ProjectServer} or {SmartProxyServer} to connect to your DNS service:
+
[options="nowrap" subs="+quotes,attributes"]
----
@@ -150,17 +149,14 @@ grant {smart-proxy-principal}\047__{foreman-example-com}@EXAMPLE.COM__ wildcard
--foreman-proxy-dns-tsig-principal="{smart-proxy-principal}/_{foreman-example-com}@EXAMPLE.COM_" \
--foreman-proxy-dns=true
----
-
-After you run the `{foreman-installer}` command to make any changes to your {SmartProxy} configuration, you must update the configuration of each affected {SmartProxy} in the {ProjectWebUI}.
-
-.Updating the configuration in the {ProjectWebUI}
-. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*.
-. Configure the domain:
-.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name.
-.. In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
-. Configure the subnet:
-.. In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name.
-.. In the *Subnet* tab, set *IPAM* to *None*.
-.. In the *Domains* tab, select the domain that you want to manage using the IdM server.
-.. In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
-.. Click *Submit* to save the changes.
+. For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}:
+.. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*.
+.. Configure the domain:
+... In the {ProjectWebUI}, navigate to *Infrastructure* > *Domains* and select the domain name.
+... In the *Domain* tab, ensure *DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
+.. Configure the subnet:
+... In the {ProjectWebUI}, navigate to *Infrastructure* > *Subnets* and select the subnet name.
+... In the *Subnet* tab, set *IPAM* to *None*.
+... In the *Domains* tab, select the domain that you want to manage using the IdM server.
+... In the *{SmartProxies}* tab, ensure *Reverse DNS {SmartProxy}* is set to the {SmartProxy} where the subnet is connected.
+... Click *Submit* to save the changes.Now, as is usually the case, this creates a whole new problem, namely procedure steps nested in 3 levels. But I still think this is a cleaner solution, especially since I assume you never want users to just connect to the DNS service, but not update the config in the web UI right after.
WDYT?
There was a problem hiding this comment.
Yes, that's exactly the issue I had and I think your suggestion looks better.
ekohl
force-pushed
the
remove-installer-scenario-where-possible
branch
2 times, most recently
from
2bcecf9
to
d1590f2
Compare
| . For each affected {SmartProxy}, update the configuration of that {SmartProxy} in the {ProjectWebUI}: | ||
| .. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*, locate the {ProductName}, and from the list in the *Actions* column, select *Refresh*. |
There was a problem hiding this comment.
This is redundant, but I chose to keep it in to keep to keep the PR focused
There was a problem hiding this comment.
Thanks Ewoud, diff LGTM; handing over to @asteflova for additional/final ACK.
guides/common/modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc
Outdated
Show resolved
Hide resolved
ekohl
force-pushed
the
remove-installer-scenario-where-possible
branch
from
d1590f2
to
4e9336f
Compare
|
From triage: @ekohl Please rebase to "master"; then we'll re-review and merge. |
…ible On existing installations it's preferable to simply use foreman-installer with the options you wish to change. This replaces it where possible.
ekohl
force-pushed
the
remove-installer-scenario-where-possible
branch
from
4e9336f
to
4502f8c
Compare
|
Rebased |
|
TODO: cherry-pick to 3.11 too |
On existing installations it's preferable to simply use foreman-installer with the options you wish to change. This replaces it where possible.
Includes #2942.
Please cherry-pick my commits into: