On 12/16/2010 05:06 PM, Richard Crowley wrote: >> Is it possible to have the fileserving subset of puppetmasters running >> without any SSL support? That's throwing security out of the windows of >> course, so the proxy should be able to determine (say, by IP rule?) what >> clients are allowed and which aren't. > > This seems like a job for a new file provider. If memory serves, this > is more involved than just adding a provider because of something > about files not working like other resource types. Bueller? > > I think it'd be very valuable to be able to pick file providers that > grabbed file content from arbitrary HTTP servers, from tarballs, from > stdout of an arbitrary command, etc. >
Ah, misunderstanding. The client does use SSL. It is terminated at the HTTP proxy (that runs on the master host). The trick is to make the puppetmaster swallow up unencrypted (and thus unauthenticated) traffic from the proxy. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
