I’d like to set up a Smart Proxy with Puppet Master and Puppet CA features to serve nodes on a private network. The Smart Proxy would have a connection on an external network with a public DNS name; this is how Foreman would contact the Smart Proxy. The Smart Proxy would also have a connection on the private network with a different, private DNS name; this is how the nodes would connect to it for Puppet services.
I’ve read enough other posts that I am fairly certain this is possible but I’m unsure how to actually implement it. In particular, what are the parameters I need to pass to foreman-installer to get it configured with this dual-hostname setup? I.e., to which installer parameters do I feed the public hostname and to which installer parameters do I feed the private hostname? Here are the parameters that I think might come into play along with assumed values; some may not be necessary and I might be missing others: --foreman-proxy-foreman-base-url=https://<the foreman master hostname> --foreman-proxy-puppet-url=https://??? --foreman-proxy-registered-name=<public (short?) hostname of the proxy> --foreman-proxy-registered-proxy-url=https://<public hostname of the proxy> --foreman-proxy-trusted-hosts=https://<the foreman master hostname> --puppet-server-ca-proxy=https://<the private hostname of the proxy, although maybe this is not needed> --puppet-server-certname=https://<the private hostname of the proxy> --puppet-server-foreman-url=https://<the foreman master hostname> Again, the idea is to have the Foreman Master contact the Smart Proxy using the public hostname but have the clients contact the Smart Proxy as a Puppet Master/Puppet CA using its private hostname. A related concern is making sure that when I use Foreman to provision a node (e.g., using kickstart) that its Puppet Master/Puppet CA URLs will be set correctly to the private hostname of the Smart Proxy. Any guidance on this would be most welcome. Thanks, Jake P.S. I believe that another part of configuring this successfully would be creating an SSL certificate with multiple hostnames for the Smart Proxy to use for Puppet as well as communication with the Foreman Master. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
