Problem: We are required to setup 2 foreman instances behind the load balancer with external puppet master and puppet CA. Puppet CA should be the certificate provider for all i.e foreman instances and puppet masters
Expected outcome: All proxy status should be in green with SSL communication.
Foreman and Proxy versions: foreman 1.20 , Puppet 5
Foreman and Proxy plugin versions: Discovery
Other relevant data: Could you please share the steps command options as below.
Ganerate certificates for foreman instances
External database server
external puppet CA
external puppet masters.
what will be the commands / options need to tun on these individual servers?
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)
We have 18 puppetmasters behind loadbalancer, along with 12 Foreman “Front-End” Servers behind another. The one item that we didn’t do HA was the CA, but it is dedicated, due to the trade-offs there. I’m hopeful that puppet 6 when supported will make that easier - along with allowing me to integrate my puppet certs into a private PKI infrastructure.
Thanks for your reply. I have followed the given doc but our scenario is little different.
We have 2 servers frm-server01 and frm-server02 that are behind the hardware load balancer with virtual common name “foreman-poc.example.com”
I have built the puppet CA on a separate servers by following the document that serving certificates for both foreman instances. Smart proxy is not installed on it.
I have successfully installed the forman setup with below options on “frm-server01”
