Atha Kouroussis wrote:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
You would likely use 'node' statements in your manifests.
But I think you can use external_nodes from stand-alone puppet as well.
You would of course need to make sure that the external nodes script
and whatever data files it needs are part of the repository you send out
to the nodes.
- Each node has a copy of the entire repository of modules and classes
which makes it in my opinion a security risk.
Don't put passwords and private keys in your manifests.
If you have secrets due to NDAs or other commercial concerns, then it might
be a bad idea to manage such things with Puppet and distribute your manifests
this way. If it is a secret that you are using product X in department Y,
then you night not want that information on a laptop belonging to department
Z that might be stolen. But there are many organisations that don't need to
keep that information secret (and if they think they do due to security
concerns, they likely have problems anyway). Some organisations do have
such secrets, though, and they need to evaluate the risks before doing it.
/Bellman
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
