Smart Proxies

The smart proxies page can be accessed via the infrastructure menu:

Infrastructure > Smart proxies

We refer to orcharhino and orcharhino proxies throughout the documentation. These terms describe the machines running your orcharhino (FQDN e.g. orcharhino.example.com) and their attached orcharhino proxies (FQDN e.g. orcharhino-proxy.example.com). Both the orcharhino as well as the orcharhino proxy may incorporate smart proxy functionality depending on their configuration.

An orcharhino proxy allows you to deliver content and manage hosts in additional networks. It may be configured to either mirror synced content from your orcharhino or pass-through content using Squid from your orcharhino to its hosts. This is called smart proxy functionality and includes DNS, DHCP, TFTP and CA capabilities.

The term smart proxy is used throughout the management UI. It describes the smart proxy functionality present on both your orcharhino as well as any attached orcharhino proxies.

When looking at the upstream documentation for Foreman and Katello, you might come across the terms smart proxy, Foreman proxy, and Katello proxy. These terms are used ambiguously to describe the software component or the attached host with smart proxy functionality in different variations. By contrast, Red Hat named their Foreman downstream product Satellite and any attached smart proxies Capsules.

Additionally, there are HTTP proxies as a way of relaying network traffic from one machine to another. They are often part of more advanced internal network architectures.

orcharhino proxies are autonomous orcharhino components that run on separate hosts from your orcharhino. A given orcharhino proxy will handle the communication between orcharhino and one or more network services external to orcharhino (for example with VMware’s vSphere virtualization solution).

Since orcharhino proxies are autonomous, they can be used by orcharhino to communicate with network services in other networks. In such a scenario, the orcharhino proxy would be located in the same network as the network services in question.

The communication between orcharhino and its proxies is encrypted and uses very few ports. This way orcharhino can connect to services within a DMZ without constituting a threat to IT security. When proxies are placed close to the relevant services, this can also help with latency within large distributed networks.

The orcharhino will always come bundled with integrated smart proxy functionality, such that the orcharhino can function as the sole orcharhino instance for many use cases.

Synchronizing content to an orcharhino proxy running Pulp is always based on lifecycle environments. Therefore, it makes sense to create different lifecycle environment paths for different operating systems if only specific operating systems are deployed by the orcharhino proxy.


The smart proxies page contains a Create Smart Proxy button and a list of orcharhino proxies known to orcharhino. As mentioned above, this list will always include the orcharhino itself:

List of known orcharhino proxies
  • Clicking on the name of a smart proxy in the Name column (3) of the list (2) will take you to the smart proxy overview page for that smart proxy.

  • Clicking on the Create Smart Proxy button (1) will open the create smart proxy page.

  • Selecting Edit from the Actions column (4) will take you to the edit smart proxy page for that smart proxy.

  • Selecting Delete from the Actions column (4) will delete the smart proxy entry from the list of smart proxies.

  • Selecting Refresh from the Actions column (4) will refresh the list of Features supported by the smart proxy. This is useful when additional features are installed.

  • Selecting Certificates from the Actions column (4) will take you to the Certificates tab on the Puppet CA tab of the smart proxy overview page for that smart proxy.

  • Selecting Autosign from the Actions column (4) will take you to the Autosign entries tab on the Puppet CA tab of the smart proxy overview page for that smart proxy.

  • Selecting Import IPv4 subnets from the Actions column (4) will automatically try to import any subnets available.

  • Selecting Expire logs from the Actions column (4) will delete any logs up to this point.

Creating a Smart Proxy

The create smart proxy page can be accessed via the Create Smart Proxy button:

Infrastructure > Smart proxies >> Create Smart Proxy

Clicking the Create Smart Proxy button does not actually create an orcharhino proxy, rather it serves to add a preexisting orcharhino proxy to the list of orcharhino proxies known to your orcharhino.

There are two variants of orcharhino proxies on how to deliver content from the orcharhino proxy to its hosts. An orcharhino proxy can either have the synced content mirrored or be set up as a cached content proxy: The latter is achieved by using Squid as a caching and forwarding proxy. Pulp on the other hand mirrors the synced content from the orcharhino to the orcharhino proxy.

Refer to the orcharhino proxy installation guide for more information.

When adding an orcharhino proxy to your orcharhino, you must provide a name and the URL where the orcharhino proxy resides. This URL must be resolvable on the orcharhino:

Adding a smart proxy
  • In the Name (1) field, enter the FQDN of the orcharhino proxy host, for example orcharhino-proxy.example.com.

  • The Url field (2) is usually the FQDN and 9090 as its port. Refer to the orcharhino proxy guide for more information on setting up orcharhino proxies.

  • Remember to click Submit (3) to save your changes.

  • Assign a context to your orcharhino proxy using the Locations and Organizations tabs (4).

Editing a Smart Proxy

The smart proxy editing page can be accessed via the list of smart proxies:

Infrastructure > Smart proxies >> list of smart proxies > Actions column > Edit

This page is essentially the same as the create smart proxy page, with the difference that fields will be prefilled with the settings of the smart proxy being edited:

Editing a smart proxy
  • The Smart Proxy tab (1) lists basic information about the smart proxy in question.

  • The Name field (2) is the internal name that can be seen when deploying hosts via a smart proxy. Choose a meaningful name, for example orcharhino-proxy.example.com.

  • The Url field (3) is usually the FQDN and 9090 as its port.

  • The Download Policy drop down menu (4) lists options on how to download content to smart proxies running Pulp:

    • On demand indicates that packages are only synchronized when actually requested by hosts. Metadata is always synced automatically. This is not advised for smart proxies which deploy hosts, as there would be various delays during the installation process for required software packages.

    • Background indicates that metadata is synchronized and packages are downloaded in the background. The download process is similar to immediate but rate limited.

    • Immediate indicates that content will be downloaded as soon as it’s available.

    • Inherit from repository indicates that settings will be inherited from the individual repositories.

  • Remember to click Submit (5) to save your changes.


Editing a smart proxy lifecycle environments tab
  • The Lifecycle Environments tab (1) lets you assign lifecycle environments to content which will be synced to the smart proxy.

    Content synchronization is based on lifecycle environments. Considering a smart proxy is only serving content for one single operating system whereas the orcharhino might deploy multiple operating systems, not all content available on the orcharhino needs to be synchronized to the smart proxy.

    The solution is to create operating system specific lifecycle environment paths, i.e. single lifecycle environments for single operating systems. This allows for a much more granular assignment for synchronization to the smart proxy: For example only RHEL content might be synced to a smart proxy which only serves content for RHEL hosts, whereas the orcharhino might deploy Debian, SLES, CentOS, and RHEL hosts at the same time. Content for Debian, CentOS, and SLES in dev, test, and prod lifecycle environment paths doesn’t have to be synchronized to the smart proxy, but only RHEL content.

  • The list of lifecycle environments (2) lets you pick them by clicking on their name.

  • Click Submit (3) to save your changes.

Assign a context to your orcharhino proxy via the Locations and Organizations tabs.

Synced content will not be deleted automatically once the corresponding lifecycle environments have been deleted.

Viewing a Smart Proxy

The smart proxy overview page can be accessed via the list of smart proxies:

Infrastructure > Smart proxies >> list of smart proxies > name of a smart proxy

The smart proxy overview page displays various information about the selected smart proxy and the host it is running on. (Including but not limited to, the full list of services/features enabled on the smart proxy, log messages, Puppet information, and Pulp storage information). It also includes a Back button, an Actions drop down menu, an Edit button, and a Delete button:

Structure of the smart proxy page
  • The Back button (1) will take you back to the smart proxies page.

  • The Actions drop down menu, the Edit button, and the Delete button collectively (2) cover most of the actions available through the actions column of the list of smart proxies on the smart proxies page.

  • Note that there are several tabs (3) on the smart proxy overview page.


The Overview tab of the smart proxy overview page looks as follows:

Overview of a configured smart proxy
  • The Overview tab lists details about the smart proxy, like its URL (with port), version, and active features.

  • The Overview tab also lists Pulp storage information.


The Services tab of the smart proxy overview page looks as follows:

Services provided by a smart proxy
  • The Services tab lists details (like version information) on each service supported by the smart proxy.


The Logs tab of the smart proxy overview page looks as follows:

Logs of a smart proxy
  • The Logs tab shows a list of logs for the smart proxy.

  • Logs can be filtered by filter level (via drop-down menu) or via the search bar provided.

  • The Refresh button will refresh the list of logs to include all the most recent logs.

  • Note that selecting Expire logs from the Actions drop down menu, will hide all logs older than the current time. (After selecting Expire logs the logs list displays exactly one log, since the expire logs action, will itself launch a loggable event).