On Thu, Oct 20, 2011 at 12:46 PM, Geoff Galitz <[email protected]> wrote: > > We're thinking of ways to get our DMZ nodes managed by puppet, and in > the absence of a full-fledged push model we are thinking about > pointing puppets in our DMZ network at a bastion host running squid to > proxy back to our puppet master. > > In this scenario, the single bastion host would have an ACL allowing > access through our inner firewall to the master, but the various nodes > would have no direct access. That would give us a nice choke point > that we can monitor and isolate if needed. We'd still get all of our > reporting functions, too. > > > Has anyone tried something along these lines? Any opinions? >
We have this kind of setup in production, basically all managed objects are only allowed to connect through a squid proxy. This works without any problems at all. -- Grtz, Jörgen Maas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
