Or you could run a second puppetmaster in your DMZ and just push the configs to it in some tricky way when they need updating. Well that's my plan for a new setup we have planned that requires a similar security setup.
On 10 September 2012 23:55, jcbollinger <[email protected]> wrote: > > > On Monday, September 10, 2012 5:35:30 AM UTC-5, Stefan Goethals wrote: >> >> # puppet kick >> >> http://docs.puppetlabs.com/man/kick.html > > > > Puppet kick does not solve the problem, as it only signals the agent to > perform a normal run (involving requesting a catalog from the server, which > must be avoided). > > One possible solution would involve pushing the manifests out to the DMZ, > and having machines there periodically run "puppet apply". That's not going > to be satisfactory, however, if the needed manifests (which are not > necessarily all manifests for the organization) include anything that must > not be exposed in the DMZ. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/iftjhXX2-U8J. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
