Update security key generation command for DHCP config

[Lennonka]

What changes are you introducing?

Replacing dnssec-keygen with tsig-keygen. The HMAC-MD5 algorithm is not supported by dnssec-keygen on EL 9, but the algorithm is required for Foreman.

The tsig-keygen command also works on EL 8.

Why are you introducing these changes? (Explanation, links to references, issues, etc.)

Because of EL 9 support. The tsig-keygen command should be preferred on EL 8 as well.

https://issues.redhat.com/browse/SAT-27986

Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)

I have tested that the tsig-keygen command is available on both RHEL 9 and 8, and gives the required output.

Unlike dnssec-keygen, which generates files, tsig-keygen only outputs text on the console and doesn't create any files. Therefore, no files have to be deleted afterwards.

Checklists

• [x] I am okay with my commits getting squashed when you merge this PR.
• [x] I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

• [x] Foreman 3.12/Katello 4.14 (Satellite 6.16)
• [x] Foreman 3.11/Katello 4.13
• [x] Foreman 3.10/Katello 4.12
• [x] Foreman 3.9/Katello 4.11 (Satellite 6.15; orcharhino 6.8/6.9/6.10)
• [x] Foreman 3.8/Katello 4.10
• [x] Foreman 3.7/Katello 4.9 (Satellite 6.14)
• [x] Foreman 3.6/Katello 4.8
• [x] Foreman 3.5/Katello 4.7 (Satellite 6.13; orcharhino 6.6/6.7)
• We do not accept PRs for Foreman older than 3.5.

[github-actions[bot]]

The PR preview for 4bbc64a3fe1f8bc5add3b6b5615b1be553ebbfab is available at theforeman-foreman-documentation-preview-pr-3303.surge.sh

The following output files are affected by this PR:

• Installing_Proxy/index-foreman-el.html
• Installing_Proxy/index-katello.html
• Installing_Proxy/index-orcharhino.html
• Installing_Proxy/index-satellite.html
• Installing_Server/index-foreman-deb.html
• Installing_Server/index-foreman-el.html
• Installing_Server/index-katello.html
• Installing_Server/index-orcharhino.html
• Installing_Server/index-satellite.html
• Installing_Server_Disconnected/index-satellite.html

show diff

show diff as HTML

[Lennonka]

@evgeni Technical ack, please? Is the verification sufficient as mentioned in the description?

[evgeni]

The diff matches what we discussed, yes.

I'd prefer if someone could actually setup an external DHCP using this procedure and verify it works, because I did not.

[Lennonka]

I've requested QE testing on my team.

[shubhamsg199]

Hello, tsig-keygen works. Tested configuring the external DHCP server with it, I didn't see any issues with RHEL8/9

[Lennonka]

@asteflova Can you please give me a formal ack on the style so that I can merge it?

[Lennonka]

After careful consideration, I've decided not to make further changes regarding the key name. I don't think we have to document every option. Providing just the key name that works out of the box seems sufficient.

[Lennonka]

Cherry-picked:

• 3d5e5d4295..b4097cfa40 3.12 -> 3.12
• 0ddfeaa68d..977bcad362 3.11 -> 3.11
• 858cc14a08..9b2c98d222 3.10 -> 3.10
• b6faa93d1b..2c53c6e9f2 3.9 -> 3.9
• 05257b8211..3afdb52b6d 3.8 -> 3.8
• e855f380fb..6ac92302d5 3.7 -> 3.7
• 3bea1ac680..e45349c0be 3.6 -> 3.6
• 5f5c6de9b8..caa6138878 3.5 -> 3.5