Re: [Puppet Users] push config to agent behind firewall
293 views
Skip to first unread message
Stefan Goethals
Sep 10, 2012, 6:35:24 AM9/10/12
to puppet...@googlegroups.com
# puppet kick
Regards,
Stefan.
On Mon, Sep 10, 2012 at 11:30 AM, Alex Greif <al...@greifdesign.net> wrote:
Hi,due to our company security policy, we cannot allow the agents in the DMZ to pull the config catalog from the puppet master, that sits behind the firewall.Is there a possibility that the master pushes the configs to the agents instead of the agents pulling it?thanks,ALex.--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qA9kiBG6txMJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
Sep 10, 2012, 9:55:20 AM9/10/12
to puppet...@googlegroups.com, ste...@zipkid.com
On Monday, September 10, 2012 5:35:30 AM UTC-5, Stefan Goethals wrote:
# puppet kick
Puppet kick does not solve the problem, as it only signals the agent to perform a normal run (involving requesting a catalog from the server, which must be avoided).
One possible solution would involve pushing the manifests out to the DMZ, and having machines there periodically run "puppet apply". That's not going to be satisfactory, however, if the needed manifests (which are not necessarily all manifests for the organization) include anything that must not be exposed in the DMZ.
John
Peter Brown
Sep 10, 2012, 11:02:31 PM9/10/12
to puppet...@googlegroups.com
Or you could run a second puppetmaster in your DMZ and just push the
configs to it in some tricky way when they need updating.
Well that's my plan for a new setup we have planned that requires a
similar security setup.
configs to it in some tricky way when they need updating.
Well that's my plan for a new setup we have planned that requires a
similar security setup.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/iftjhXX2-U8J.
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
Alex Greif
Sep 11, 2012, 3:10:21 AM9/11/12
to puppet...@googlegroups.com
Yes, that is a good idea.
with git we can push the repository to the master in the DMZ.
should be quite simple and secure.
Peter Brown
Sep 11, 2012, 8:00:38 PM9/11/12
to puppet...@googlegroups.com
On 11 September 2012 17:10, Alex Greif <al...@greifdesign.net> wrote:
> Yes, that is a good idea.
> with git we can push the repository to the master in the DMZ.
> should be quite simple and secure.
Your welcome. :)
> Yes, that is a good idea.
> with git we can push the repository to the master in the DMZ.
> should be quite simple and secure.
Let me know how it goes.
Reply all
Reply to author
Forward
0 new messages