Problem:
We are trying to setup a multi-homed smart-proxy server to bridge management of hosts between two otherwise seperated networks.
On network A we have the hosts that should be managed, on network B we have the Foreman/Katello Server. The smart-proxy server would be the only connection between the two networks.
In the past, we had a dedicated management network for these use-cases, but for design reasons our network team wants to get rid of that network.
We have fiddled quite a lot with getting this setup to work, but ran into problems each time. We either failed to register the smart-proxy to the Katello Server or failed to get hosts to register with the smart-proxy. I was also not able to find any hints on how to get this to work, neither in the “current” nor the new documentation, and a search in the forum and RedHat KB also did not yield any helpful results.
Can anyone help us with some tips or existing experience on how to get such a setup to work?
Foreman and Proxy versions:
Foreman 2.0 / Katello 3.15
Then you have foreman.mgmt.example.com (192.0.2.100 as well as machine.client-a.example.com (198.51.100.10). To connect these two, there should be a smart-proxy. All client services should be on smart-proxy.client-a.example.com (198.51.100.5) and Foreman only talks to smart-proxy.mgmt.example.com (192.0.2.5).
Sadly, today this isn’t really possible. Katello has a very strong tendency to link things to the system hostname and treat things single homed. I hope to get rid of this some day. For example, with Pulp 3 we expose the content URL so Katello can know mgmt != client-a. I haven’t verified this yet, but the design is getting there. However, we have yet to start with the RHSM part. These all require changes both on the platform side as well as the actual application code.
Thank you for the quick and comprehensive answer.
I feared this would be the case, since no matter what we tried, we could not get it to work. I found a mention of a similar scenario described in RedHats “Satellite on AWS” guide as a side-not with the “solution” to “contact RedHat support”, so I thought there might still be a way. Maybe I misunderstood the scenario they were describing there, though…
Do you (or anyone stumbling over this thread) know of any way to do a setup that helps us connect these two networks? I can hardly imagine we are the only ones who try to get such a setup to work.
It may work to treat the smart proxy as smart-proxy.client-a.example.com. It will be dual homed, but only for the IP. Then on foreman.mgmt.example.com you add a static route to 198.51.100.5 via 192.0.2.5. Another might be to use DNS views (which are ugly) to make smart-proxy.client-a.example.com resolve to 192.0.2.5 for 192.0.2.0/24.
Alright, I will see if we can get anything to work with such a “hack”. In case we find a way, I will get back with how we solved it.
Until then, I will leave this thread as unsolved, in the hope to finde someone else who has done this before
Thank you one again
