Its kind of dependent on what the hostname is.. The following should work: Set the hostname to what the foreman server see its on e.g (your 'public' hostname)
--foreman-proxy-foreman-base-url=https://<the foreman master hostname> --foreman-proxy-trusted-hosts=https://<the foreman master hostname> --puppet-server-foreman-url=https://<the foreman master hostname> --puppet-dns-alt-names= <private hostname> --foreman-proxy-registered-name & --puppet-server-certname are just names, they don't actually do anything. --foreman-proxy-registered-proxy-url will default to ::fqdn On Thu, Oct 19, 2017 at 9:10 PM, Rundall, Jacob D <[email protected]> wrote: > I’d like to set up a Smart Proxy with Puppet Master and Puppet CA features > to serve nodes on a private network. The Smart Proxy would have a > connection on an external network with a public DNS name; this is how > Foreman would contact the Smart Proxy. The Smart Proxy would also have a > connection on the private network with a different, private DNS name; this > is how the nodes would connect to it for Puppet services. > > > > I’ve read enough other posts that I am fairly certain this is possible but > I’m unsure how to actually implement it. In particular, what are the > parameters I need to pass to foreman-installer to get it configured with > this dual-hostname setup? I.e., to which installer parameters do I feed the > public hostname and to which installer parameters do I feed the private > hostname? Here are the parameters that I think might come into play along > with assumed values; some may not be necessary and I might be missing > others: > > --foreman-proxy-foreman-base-url=https://<the foreman master hostname> > > --foreman-proxy-puppet-url=https://??? > > --foreman-proxy-registered-name=<public (short?) hostname of the proxy> > > --foreman-proxy-registered-proxy-url=https://<public hostname of the > proxy> > > --foreman-proxy-trusted-hosts=https://<the foreman master hostname> > > --puppet-server-ca-proxy=https://<the private hostname of the proxy, > although maybe this is not needed> > > --puppet-server-certname=https://<the private hostname of the proxy> > > --puppet-server-foreman-url=https://<the foreman master hostname> > > > > Again, the idea is to have the Foreman Master contact the Smart Proxy > using the public hostname but have the clients contact the Smart Proxy as a > Puppet Master/Puppet CA using its private hostname. A related concern is > making sure that when I use Foreman to provision a node (e.g., using > kickstart) that its Puppet Master/Puppet CA URLs will be set correctly to > the private hostname of the Smart Proxy. > > > > Any guidance on this would be most welcome. > > > > Thanks, > > > > Jake > > > > P.S. I believe that another part of configuring this successfully would be > creating an SSL certificate with multiple hostnames for the Smart Proxy to > use for Puppet as well as communication with the Foreman Master. > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
