Help need to setup scalable foreman setup

Problem: We are required to setup 2 foreman instances behind the load balancer with external puppet master and puppet CA. Puppet CA should be the certificate provider for all i.e foreman instances and puppet masters

Expected outcome: All proxy status should be in green with SSL communication.

Foreman and Proxy versions: foreman 1.20 , Puppet 5

Foreman and Proxy plugin versions: Discovery

Other relevant data: Could you please share the steps command options as below.

  1. Ganerate certificates for foreman instances
  2. External database server
  3. external puppet CA
  4. external puppet masters.

what will be the commands / options need to tun on these individual servers?

[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)


Hey @kverma

We have 18 puppetmasters behind loadbalancer, along with 12 Foreman “Front-End” Servers behind another. The one item that we didn’t do HA was the CA, but it is dedicated, due to the trade-offs there. I’m hopeful that puppet 6 when supported will make that easier - along with allowing me to integrate my puppet certs into a private PKI infrastructure.

Check out this guide - we used it and it’s pretty comprehensive:

Hi Lang,

Thanks for your reply. I have followed the given doc but our scenario is little different.

We have 2 servers frm-server01 and frm-server02 that are behind the hardware load balancer with virtual common name “

I have built the puppet CA on a separate servers by following the document that serving certificates for both foreman instances. Smart proxy is not installed on it.

I have successfully installed the forman setup with below options on “frm-server01”

foreman-installer --foreman-db-type=mysql --foreman-db-manage=false --foreman-db-database=foreman --foreman-db-username=foreman --foreman-db-password=XXXXXX --no-enable-puppet --foreman-proxy-puppetca=false --enable-foreman-plugin-ansible --enable-foreman-plugin-discovery --enable-foreman-plugin-docker --enable-foreman-plugin-expire-hosts --enable-foreman-plugin-hooks --foreman-admin-password=cadence --foreman-admin-username=admin

but when i am trying to install foreman on second node “frm-server02” with the same options than its getting failed with below error:

/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to:""

we are using external mysql database for both instances.

I would be really very thankful if you can help me on this.