Hi Jake, Have you actually tried suggestion from Sean.
I have similar situation. My Foreman AIO server connects to two networks, office & private. I would like to use office network to connect to foreman WebUI and private for foreman-proxy (ISC DHCP, Internal DNS, TFTP). The question would be, at which stage is the best to configure this, during installation or post install by generating new Cert for internal foreman-proxy? NOTE: I am new to Foreman and this group so upfront apologies if I am braking rules of conduct anywhere. On Friday, October 20, 2017 at 2:05:52 PM UTC+2, Sean O'Keeffe wrote: > > Its kind of dependent on what the hostname is.. The following should work: > > Set the hostname to what the foreman server see its on e.g (your 'public' > hostname) > > --foreman-proxy-foreman-base-url=https://<the foreman master hostname> > --foreman-proxy-trusted-hosts=https://<the foreman master hostname> > --puppet-server-foreman-url=https://<the foreman master hostname> > --puppet-dns-alt-names= <private hostname> > > > --foreman-proxy-registered-name & --puppet-server-certname are just names, > they don't actually do anything. > --foreman-proxy-registered-proxy-url will default to ::fqdn > > On Thu, Oct 19, 2017 at 9:10 PM, Rundall, Jacob D <[email protected] > <javascript:>> wrote: > >> I’d like to set up a Smart Proxy with Puppet Master and Puppet CA >> features to serve nodes on a private network. The Smart Proxy would have a >> connection on an external network with a public DNS name; this is how >> Foreman would contact the Smart Proxy. The Smart Proxy would also have a >> connection on the private network with a different, private DNS name; this >> is how the nodes would connect to it for Puppet services. >> >> >> >> I’ve read enough other posts that I am fairly certain this is possible >> but I’m unsure how to actually implement it. In particular, what are the >> parameters I need to pass to foreman-installer to get it configured with >> this dual-hostname setup? I.e., to which installer parameters do I feed the >> public hostname and to which installer parameters do I feed the private >> hostname? Here are the parameters that I think might come into play along >> with assumed values; some may not be necessary and I might be missing >> others: >> >> --foreman-proxy-foreman-base-url=https://<the foreman master hostname> >> >> --foreman-proxy-puppet-url=https://??? >> >> --foreman-proxy-registered-name=<public (short?) hostname of the proxy> >> >> --foreman-proxy-registered-proxy-url=https://<public hostname of the >> proxy> >> >> --foreman-proxy-trusted-hosts=https://<the foreman master hostname> >> >> --puppet-server-ca-proxy=https://<the private hostname of the proxy, >> although maybe this is not needed> >> >> --puppet-server-certname=https://<the private hostname of the proxy> >> >> --puppet-server-foreman-url=https://<the foreman master hostname> >> >> >> >> Again, the idea is to have the Foreman Master contact the Smart Proxy >> using the public hostname but have the clients contact the Smart Proxy as a >> Puppet Master/Puppet CA using its private hostname. A related concern is >> making sure that when I use Foreman to provision a node (e.g., using >> kickstart) that its Puppet Master/Puppet CA URLs will be set correctly to >> the private hostname of the Smart Proxy. >> >> >> >> Any guidance on this would be most welcome. >> >> >> >> Thanks, >> >> >> >> Jake >> >> >> >> P.S. I believe that another part of configuring this successfully would >> be creating an SSL certificate with multiple hostnames for the Smart Proxy >> to use for Puppet as well as communication with the Foreman Master. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
