philipp Hanselmann wrote: > But how can we ensure that the customers are separated? It should NOT > be possible for customer X to choose a environment from customer Y. > > Is there a way to implement this?
You should probably run multiple puppetmasters, one per customer. Because each puppetmaster has its own ssl configuration, you'll be able to choose which puppetmaster a particular client can connect to. The obvious drawback is that each puppetmaster has to listen on a different port. I tried to define $ssldir differently between environments but it didn't worked out. It's likely the same kind of chicken and egg problem found with SSL virtual hosts. The environment name is not known by the server before the SSL handshake finish. François --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
