User Story: * Subnet level parameters to define Outbound HTTP/HTTPS proxy *

Deploy Foreman/Puppet to broad network with multiple public and private RFC1918 subnets. Designated secure subnets require use of local outbound squid proxy or host specific firewall rules in order to gain access to other subnets, including Internet.

E.G. Subnet 1 (192.168.1.0/24), for PCI compliance, requires use of 192.168.1.5 squid proxy, plus proxy auth. Subnet 2 (192.168.2.0/24), for HIPAA compliance, requires use of 192.168.2.5 squid proxy, no proxy auth. Subnet 3 (192.168.3.0/24), for organization compliance, requires use of <public ip> squid proxy, no proxy auth. Subnet 4 (192.168.4.0/24), does not require proxy. Subnet 5 (172.18.0.0/16), for DoD classified research, requires use of 172.18.0.5 squid proxy, plus proxy auth. Subnet 6 <public DMZ ip>, requires use of <public ip> squid proxy, plus proxy auth.

DNS domains cross subnet boundaries, so parameters applied through DNS domains may not be appropriate for hosts in some subnets. Likewise, HostGroup organization may not follow domain or subnet architecture, so parameter inheritance may not be appropriate.

Parameter inheritance: Global -> Domain -> Subnet -> HostGroup -> Host, would allow for a default proxy parameter to be set at the domain level, and overidden at the subnet level as needed. User defined Boolean params like proxy_required and proxy_auth_required, along with string params like proxy_url, proxy_host and proxy_port could then be applied through numerous templates for things like yum.conf, wgetrc, puppet.conf, etc.