Thank you John. I think I understand the limitation. I should be able to create a work-around by scripting a puppetdb query to build "resources" manually or simply fetching the files I need from the partitioned puppetmaster.
On Fri, Oct 31, 2014 at 6:44 AM, jcbollinger <john.bollin...@stjude.org> wrote: > > > On Thursday, October 30, 2014 11:36:32 AM UTC-5, Atom Powers wrote: >> >> Is it possible, and how, to collect exported resources from multiple >> puppetdb sources? >> >> I have a network which, for policy reasons, can not connect back into >> the main network but the main network can connect into the partitioned >> network. >> >> I have a stand-alone puppet master in the partitioned network that >> generates stored resources for Nagios in exactly the same way as the >> main network. >> >> Is there a way for the puppet master on the main network to collect >> the stored resources from the partitioned network and the stored >> resources from the main network to build a Nagios server that checks >> both networks? >> > > > I understand what you want to do, but I don't think it's a good idea. A > puppetmaster defines the scope of the resources it exports (among many other > things). A resource exported by one master is logically unrelated to > resources exported by unrelated masters. For two masters to be "related", > they need at least the following: > > They must rely on the same CA. > They must share the same (logical) puppetdb. > If they ever do or can build catalogs for any of the same nodes, they must > use the same manifests and data to do so. > > Those requirements are met in a load-balancing scenario, but rarely > otherwise. > > >> >> Putting a single puppet master in the partitioned network isn't an >> option for the same reason that the network is a partitioned one. >> > > > Could you possibly make your master dual-homed, so that it resides on both > networks? > > Alternatively, the biggest hurdle for establishing related masters in > separate networks may be the shared CA. If you can solve that, then you > could perhaps address the other issues with some form of replication between > the two environments, but replicating the CA is not appropriate. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d24f3ecd-5387-44f8-b09b-3b926ecec059%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOnnWOaiGWBCZ9c2j%2B4fLH3ats9h4DiA4NKgOjRtO5BN7w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
