On Tuesday 08 April 2008, huangmingyou wrote:
> in the client side ,you can set the sertname to private name. in the
> server side, you can set the bindaddress to private network address.
Exactly. certname is spelled with a 'c' in front though.
Formore Information, look at the
http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference
Regards, DavidS
>
> On Apr 8, 7:43 am, Larry Ludwig <larry...@gmail.com> wrote:
> > Hi we are getting ready to deploy Puppet on our network. Our managed
> > servers/VPSes are multi-homed (ie a public and private network) the
> > uname -a of the server is associated with public name (in our case
> > empoweringmedia.net) and not the private network name. This causes a
> > host name mismatch with puppet.
> >
> > My question can puppet clients create certs for the internal network
> > side and then send this to the puppetmaster, which only listens on the
> > private network?
> >
> > I would prefer NOT to have puppetd and puppetmasterd on the public
> > side of our network. Even though SSL is pretty security there is no
> > reason in our case to keep it on the public side.
> >
> > If this feature isn't possible, can I suggest this in a future
> > version.
> >
> > Thanks..
> >
> > --
> > Larry Ludwig
> > HostCube - Managed and Unmanaged Xen VPeshttp://www.hostcube.com/
>
>
- --
The primary freedom of open source is not the freedom from cost, but the free-
dom to shape software to do what you want. This freedom is /never/ exercised
without cost, but is available /at all/ only by accepting the very different
costs associated with open source, costs not in money, but in time and effort.
- -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH+xDw/Pp1N6Uzh0URAgL5AJ9z3pP7u+5Wd1z3c2Ypq4DhUKBX1gCdGqCC
1v+JxCDwxoGMBU3/r3ZPusk=
=YWok
-----END PGP SIGNATURE-----
Just bind your Xen interfaces to the appropriate VLAN and away you go.
Not out of band, but technically private.
Trevor