-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi
>> I think about whats the best solution to have puppet-proxys for >> systems without direct connection to the puppetmaster. >> >> - Route all the trafic with iptable forwarding to one puppetmaster. >> - Build puppetmaster-proxy vm's installed from a puppetmaster. >> - Using http-proxy services. >> >> Are there any experience or best practices for systems with indirect >> access to a puppetmaster? > > You can setup a nginx (or apache) as a front-end and then forward > requests to upstream server(s). right, but then the traffic would have to be unencrypted to the upstream servers or how would you implement the man in the middle that would be needed for such a proxy-setup? iptables: - --------- might be the simplest setup puppetmaster-proxy vms: - ----------------------- do you mean something like various puppetmasters synced from your "true"-master? that would also be feasible. You would then have many puppetmasters synced from one place. http-proxy services: - -------------------- I see some difficulties as reverse-http-proxies usually terminate ssl-traffic and play man in the middle. What would be easy is if you could setup a proxy that it doesn't terminate the ssl connection. But then at the end it would be easier and you would have less overhead to setup an iptable rule to forward traffic on port 8140. anything else: - -------------- not that I'm personally really aware of. But I assume that other people so far also had to somehow get systems connected without direct connection to the puppetmaster. cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvnslMACgkQbwltcAfKi38rKgCfcf2d2+/Zf7WbzcNbrjQHChTb ZeQAniK5dP0nPVU3duWI7WFJBNT/m2X+ =BZL5 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
