Multi proxy setup for puppet over different networks

Hello, newb here, I would like to ask if its posible with foreman the use of múltiple proxy in order to manage hosts over different networks.
Because of security policías I cannot place the puppet máster with vlans extended over all hosts, so we have one vlan or networks for every chunk of the whole infraestructure, I would like to use a centralized puppet máster for all the hosts, with a proxy for every networks that makes the bridging with the puppet Master, Ive read a little bit about foreman proxy but Im still not sure if this approach is posible with foreman

Hi and welcome to the forum :slight_smile:

Foreman Smart-Proxies are designed for the use-case you are describing, but they do not work like a classical proxy. The architecture with smart-proxy is essentially the following:

  • You have your Foreman Server as a central management instance, where you assign things like Puppet environment, classes and parameters to send via Puppet ENC, etc.
  • On each separated subnet you deploy a smart-proxy server. For Puppet functionality, this server acts as a standalone puppet-master. It communicates with the central Foreman for ENC information, but is otherwise it’s own, standalone Puppetserver.
  • Some Foreman Smart-Proxy features act differently, more in the way you would assume by the name of “proxy” (essentially routing the requests through to Foreman), but for Puppet that is not the case.

I hope this clears your questions.
Regards

1 Like

Yes, thanks, I think thats what I was looking for