Skip to content

Review IPv4/IPv6 installation requirements #4213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Sep 9, 2025
Merged

Review IPv4/IPv6 installation requirements #4213

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2eae196
Merge all IPv4/IPv6 requirements into one module
aneta-petrova Sep 4, 2025
a8fb340
Exclude a prereq on content from foreman-el/deb
aneta-petrova Sep 5, 2025
bd87bdc
Apply easy fixes from style review
aneta-petrova Sep 9, 2025
67169b7
Rephrase additional ipv6 requirements to match the others
aneta-petrova Sep 9, 2025
73f5632
Rephrase IPv6 provisioning templates requirement
aneta-petrova Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions guides/common/assembly_planning-project-server-installation.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,8 @@ endif::[]

include::modules/ref_port-and-firewall-requirements.adoc[leveloffset=+1]

ifeval::["{mode}" == "connected"]
include::modules/ref_ipv6-and-ipv4-requirements.adoc[leveloffset=+1]
endif::[]

include::modules/con_aws-requirements.adoc[leveloffset=+1]
10 changes: 0 additions & 10 deletions guides/common/assembly_preparing-environment-for-project-server-installation.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,4 @@ include::modules/proc_enabling-client-connections-to-project-server.adoc[levelof

include::modules/proc_verifying-dns-resolution.adoc[leveloffset=+1]

ifdef::installing-satellite-server-connected[]
include::modules/proc_requirements-for-installation-in-an-ipv4-network.adoc[leveloffset=+1]

include::modules/con_preparing-your-environment-for-project-installation-in-an-ipv6-network.adoc[leveloffset=+1]

include::modules/con_limitations-of-installation-in-an-ipv6-network.adoc[leveloffset=+2]

include::modules/con_requirements-for-installation-in-an-ipv6-network.adoc[leveloffset=+2]
endif::[]

include::modules/proc_preparing-for-using-external-databases.adoc[leveloffset=+1]
15 changes: 0 additions & 15 deletions guides/common/modules/con_limitations-of-installation-in-an-ipv6-network.adoc
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions ...con_preparing-your-environment-for-project-installation-in-an-ipv6-network.adoc
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions guides/common/modules/con_requirements-for-installation-in-an-ipv6-network.adoc
View file
Open in desktop

This file was deleted.

15 changes: 0 additions & 15 deletions guides/common/modules/proc_requirements-for-installation-in-an-ipv4-network.adoc
View file
Open in desktop

This file was deleted.

43 changes: 43 additions & 0 deletions guides/common/modules/ref_ipv6-and-ipv4-requirements.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
[id="ipv6-and-ipv4-requirements"]
= IPv6 and IPv4 requirements

You can install {Project} in an IPv4 network or in an IPv6 network.
ifdef::satellite[]
Dual-stack {Project} installation that uses both IPv4 and IPv6 is not supported.
endif::[]

The following requirements apply to installations in an IPv4 network:

* Ensure an IPv6 loopback is configured on the base system.
Copy link
Member

@ekohl ekohl Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style nit: I don't think you need ensure a requirement

Suggested change
* Ensure an IPv6 loopback is configured on the base system.
* An IPv6 loopback configured on the base system.

Copy link
Member Author

@aneta-petrova aneta-petrova Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll style-nit you back: I'd prefer to keep this a full sentence (verb and all) to make the action item in the requirement clear. An option could be An IPv6 loopback must be configured on the base system. but that would introduce passive voice, which is frowned upon.

The loopback is typically configured by default.
Do not disable it.
* Do not disable IPv6 in kernel by adding the `ipv6.disable=1` kernel parameter.
Comment on lines +13 to +14
Copy link
Member

@ekohl ekohl Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker, but technically the requirement we have is IPv6 loopback. An implication of ipv6.disable=1 is that it disables this IPv6 loopback. You could argue it shouldn't be listed as a separate requirement but maybe more as an example for the "do not disable" line.

Would something like this work?

Suggested change
Do not disable it.
* Do not disable IPv6 in kernel by adding the `ipv6.disable=1` kernel parameter.
Do not disable it.
Use of the `ipv6.disable=1` kernel parameter or the `net.ipv6.conf.lo.disable_ipv6 = 1` sysctl option will break.

I tried to avoid the duplicate "do not" on 2 lines just below each other.

Copy link
Member Author

@aneta-petrova aneta-petrova Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#4224


The following requirements apply to installations in an IPv6 network:

ifdef::satellite[]
* Deploy an external HTTP proxy server that supports both IPv4 and IPv6.
This is required because Red Hat Content Delivery Network distributes content only over IPv4 networks, therefore you must use this HTTP proxy to pull content into the {Project} on your IPv6 network.
You must configure {Project} to use this dual-stack (supporting both IPv4 and IPv6) HTTP proxy as the default HTTP proxy.
endif::[]
ifndef::foreman-deb,foreman-el,satellite[]
* If you rely on content from IPv4-only networks, use an external dual-stack HTTP proxy.
Configure {Project} to use this dual-stack (supporting both IPv4 and IPv6) HTTP proxy as the default HTTP proxy.
endif::[]
* {Project} does not support configuring an HTTP proxy using a direct IPv6 address.
Instead, configure the HTTP proxy with a FQDN that resolves to the IPv6 address.
Comment on lines +27 to +28
Copy link
Member

@ekohl ekohl Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure this was a Katello-only limitation.

Suggested change
* {Project} does not support configuring an HTTP proxy using a direct IPv6 address.
Instead, configure the HTTP proxy with a FQDN that resolves to the IPv6 address.
ifdef::katello,orcharhino,satellite[]
* {Project} does not support configuring an HTTP proxy using a direct IPv6 address.
Instead, configure the HTTP proxy with a FQDN that resolves to the IPv6 address.
endif::[]

Copy link
Member Author

@aneta-petrova aneta-petrova Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#4224

Using an IPv6 address as the HTTP proxy URL causes it to fail.
Copy link
Member

@ekohl ekohl Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Katello/katello#11432 removes 1 bug in this area. I just don't know for sure if there aren't more lurking. I'd like to discuss this in the team to see if we can drop this text.

Copy link
Member Author

@aneta-petrova aneta-petrova Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll keep this in for now, then, and please let me know if you find out it's safe to remove.

Copy link
Member

@ekohl ekohl Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can verify this works and resolve the bug then we can drop it for Foreman 3.16 and newer.

Copy link
Member Author

@aneta-petrova aneta-petrova Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ianballou, I see you approved the linked Katello PR. Do you know if it's safe to remove this bullet point?


If you also intend to provision hosts in an IPv6 network, consider the following requirements:

* Deploy an external DHCPv6 server and configure it manually to communicate with the network boot process and to manage IP address assignment because {Project} cannot integrate with a DHCPv6 server and manage its configuration.
For more information about DHCPv6 server configuration, see {ProvisioningDocURL}options-in-unmanaged-dhcpv6[Options in unmanaged DHCPv6] in _{ProvisioningDocTitle}_.
* Although {Project} provisioning templates include IPv6 support for PXE and HTTP (iPXE) provisioning, the only tested and certified provisioning workflow is the UEFI HTTP Boot provisioning.
* After installing {Project}, you must also configure {Project} for the UEFI HTTP boot provisioning.
For more information, see xref:common/modules/proc_configuring-for-uefi-http-boot-ipv6-provisioning.adoc#configuring-for-uefi-http-boot-provisioning-in-an-ipv6-network_{context}[].

.Additional resources
ifdef::satellite[]
* link:https://access.redhat.com/solutions/5045841[_How do I disable the IPv6 protocol on Red Hat Satellite and/or Red Hat Capsule server?_ in Red Hat Knowledgebase]
endif::[]
* xref:common/modules/proc_adding-a-default-http-proxy.adoc#adding-a-default-http-proxy_{context}[]