Puppet master exposed on internet

660 views
Skip to first unread message

Sky

unread,
Feb 23, 2011, 5:08:30 PM2/23/11
to Puppet Users
I need to use puppet over internet for a distributed scenario. I will
have 100 pops, with around 5 servers per pop. I will use cloud, VPS
and other kind of services, so my servers will change all the time and
number of server propably increase and decrease shortly. I already
see puppet in actions on scenarios like that used some companys, but i
dont know how they do it. My question is:

How they secure puppet? Docs say to dont expose puppet master server/
service direct on internet. But in this case firewall/filter acsl
can't be used.

Whats the best practice on this cases?

greetings
Sky

Adam Gibbins

unread,
Feb 23, 2011, 5:14:02 PM2/23/11
to puppet...@googlegroups.com, Sky

Exposing non-webrick (unsure about webrick) over the net e.g. mongrel
behind apache should be as fine as your standard web application.
Communication between the master and nodes is secured also.

Sky

unread,
Feb 23, 2011, 5:25:42 PM2/23/11
to Puppet Users
Thanks for your fast reply Adam,

I belive that is the way, but I wanted to see what you guys are
doing.
Let's see if we are both right. If someone else share more cases/
option about it.
greetings


On Feb 23, 7:14 pm, Adam Gibbins <a...@adamgibbins.com> wrote:

R.I.Pienaar

unread,
Feb 23, 2011, 5:28:17 PM2/23/11
to puppet...@googlegroups.com

----- Original Message -----
> Thanks for your fast reply Adam,
>
> I belive that is the way, but I wanted to see what you guys are
> doing.
> Let's see if we are both right. If someone else share more cases/
> option about it.
> greetings

I dont believe a formal security audit of the code was done so in my case
where I am also on the internet I ensure I only allow my IPs can talk to
it. Other than that I trust the openssl libs it use.

>
>
> On Feb 23, 7:14 pm, Adam Gibbins <a...@adamgibbins.com> wrote:
> > On 23 February 2011 22:08, Sky <skysh...@gmail.com> wrote:
> >
> > > I need to use puppet over internet for a distributed scenario. I
> > > will
> > > have 100 pops, with around 5 servers per pop. I will use cloud,
> > > VPS
> > > and other kind of services, so my servers will change all the
> > > time and
> > > number of server propably increase and decrease shortly.  I
> > > already
> > > see puppet in actions on scenarios like that used some companys,
> > > but i
> > > dont know how they do it. My question is:
> >
> > >  How they secure puppet? Docs say to dont expose puppet master
> > >  server/
> > > service direct on internet. But in this case firewall/filter acsl
> > > can't be used.
> >
> > > Whats the best practice on this cases?
> >
> > > greetings
> > > Sky
> >
> > Exposing non-webrick (unsure about webrick) over the net e.g.
> > mongrel
> > behind apache should be as fine as your standard web application.
> > Communication between the master and nodes is secured also.
>

> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

--
R.I.Pienaar

Reply all
Reply to author
Forward
0 new messages