On Aug 26, 2010, at 10:04 PM, bonobo wrote:
It appears that running a puppet server is essential. In his book "Pulling Strings with Puppet", James Turnbull says: "... the node will request whatever configuration is specified for that node. The master server will then compile and deliver that configuration." [p. 25] Our firewall environment is very restrictive, and there's no way a server on our publicly accessible network will be allowed to initiate a connection to a puppet server on our internal network. (Of course, I could run the puppet server on the publicly accessible network, but you have no idea what a hassle that would be.) Since the configuration is compiled on the server, is it impossible to run puppet without allowing clients to initiate connection to the puppet server?
We are running puppet in standalone mode on nodes in a setup that does not require punching holes in the firewall. We use rsync to push configuration information to nodes. Our Puppet configurations live on a server running gitosis. As changes are committed by sys admins, gitosis hook scripts move the data along and run rsync.
---------------------- Charles Yeomans Senior Software Engineer Dakim, Inc. char...@dakim.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
