Configuring proxies
You can work around limited internet access by configuring proxies at various points in your infrastructure, depending on your connectivity limitations.
The examples provided here assume an unauthenticated proxy running at
proxy.example.vlan
on port
8080.
Downloading agent installation packages through a proxy
If your Puppet Enterprise (PE) primary server is
airgapped, it can't download agent installation packages. If you want to use package management
to install agents, set up a proxy and specify its connection details in the
pe_repo
class.
You must specify pe_repo::http_proxy_host
and
pe_repo::http_proxy_port
in the PE Master node
group's pe_repo
class. You can do this in the PE console, the primary server's pe.conf
file,
or Hiera.
To do this in the console, go to pe_repo
class, and set the
pe_repo::http_proxy_host
and pe_repo::http_proxy_port
parameters.
pe.conf
file,
add the following lines to the primary server's pe.conf
file.
Make sure to use values specific to your
proxy."pe_repo::http_proxy_host": "proxy.example.vlan",
"pe_repo::http_proxy_port": 8080
pe_repo
,
run:proxy_uri='http://<HTTP_PROXY_HOST>:<HTTP_PROXY_PORT>'
uri='https://pm.puppetlabs.com'
curl --proxy "$proxy_uri" --head "$uri"
For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.
Setting a proxy for agent traffic
General proxy settings in puppet.conf
manage HTTP
connections directly initiated by the agent node.
http_proxy_host
and http_proxy_port
settings in the agent node's puppet.conf
file.- On the agent node, open the
puppet.conf
file at/etc/puppetlabs/puppet/puppet.conf
. - Add these lines to the file, making sure to use values specific to your
proxy:
http_proxy_host = proxy.example.vlan http_proxy_port = 8080
For more information about HTTP proxy host options, including no_proxy
, go to the http_proxy_host
entry
in the Puppet
Configuration Reference.
Setting a proxy for Code Manager traffic
Code Manager has its own set of proxy configuration options
you can use to set a proxy for connections to the Git server
or the Forge. These settings are unaffected by the proxy
settings in puppet.conf
because Code Manager is run by Puppet Server.
You can set a proxy for all HTTP connections (including Git and the Forge) when configuring Code Manager. For detailed information about configuring proxies for Code Manager traffic, go to Managing code with Code Manager.
yaml
file. Replace the example with your proxy's HTTP
URL.puppet_enterprise::profile::master::r10k_proxy: "http://proxy.example.vlan:8080"
proxy_uri='http://proxy.example.vlan:8080'
uri='https://github.com'
curl --proxy "$proxy_uri" --head "$uri"
proxy_uri='http://proxy.example.vlan:8080'
uri='https://forgeapi.puppet.com'
curl --proxy "$proxy_uri" --head "$uri"
For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.