The Foreman Proxy is a core component that we rely on for various features. This issue is scoped to only deploying the Foreman Proxy service on the same machine as Foreman to provide services that otherwise couldn't be provided. That means provisioning, but also Remote Execution.

This will need the container to be built. Some work is already done in https://github.com/theforeman/foreman-oci-images/tree/master/images/foreman-proxy.

HTTP is needed for some provisioning features, but since Foreman itself is present we don't need to.

Networking wise we need to determine what to listen on. HTTPS is a hard requirement, but which port? Upstream Foreman uses port 8443 while Katello listens on port 9090. Candlepin used to listen on port 8443, which is partially why 9090 is used for Katello. However, it was changed to 23443. The other reason was a reverse proxy on Capsules, but that has been dropped with 6.17. Containerization may be a good chance to align it on a single port.

This story is only about the service itself, no additional modules. You need at least one module to register, but the logs module should suffice for that.

Acceptance criteria:

• A container is built
• The service is configured (including certificates) and registered to Foreman
• There is automated testing that the service is registered

Open questions:

• Which HTTPS port do we use?
• Do we deploy the Foreman Proxy by default? We don't need it for most functionality, but Katello and RH Cloud depend on Remote Execution. Should we only deploy it when desired?
• Which features do we deploy out of the box for new users? This may be a bigger discussion broader than this individual story.
• How do we deal with multiple proxies on the same host? Pulp also identifies itself as a proxy. They probably both need their own identity. Both having them with the same hostname can lead to undefined behavior.
• Is this the Installation component or Foreman Proxy component? Which team owns the testing?