This should be HTTP, not HTTPS: --foreman-proxy-template-url http://loadbalancer.example.com:8000
Registration is a bit of an odd feature in that it partially relies on templates, but not 100%.
For example, templates are retrieved over HTTP because tooling (such as Anaconda) can’t deal with HTTPS (either not at all or no way to provide HTTPS certificates). Even if modern versions can, we often need to support old versions. I have not checked if EL 9 can provision over HTTPS, but it’d surprise me.
So let’s figure out how the registration command determines the URL:
So that doesn’t have any way to configure it.
It can respect a different URL if it’s sent beyond the first command:
This is generated here:
I recall back when we designed the module I wanted an explicit parameter to configure the endpoint, but IIRC @Marek_Hulan preferred a dynamic endpoint since it saved configuration options. In RFC: Simple & automatic host registration WF - #52 by Marek_Hulan and the following posts we did talk about the case.
So in short: from Foreman there is no reliable way to know the external endpoint for registration in case of a Smart Proxy in a dual homed / load balanced setup.
But I’m going to make it even more complicated. We also have the HTTPBoot module. That exposes the ports it uses, which is then exposed here:
And made available in Foreman here:
And then it’s used in cases like these:
Note that also uses the Smart Proxy hostname.
I’ll still stand by my point that the Smart Proxy can’t be properly load balanced now and anyone pretending we can support it now is fooling themselves. Doing it properly is a massive effort.
What can be done today is with a select number of modules to 100% hide the Smart Proxy behind the load balancer and pretend all hostnames are the loadbalanced hostname. That means Foreman only talks to the load balanced Smart Proxy. However, it implies Pulp is also load balanced (shared storage, shared database).
