On Thu, May 27, 2010 at 10:33 AM, Gabriel - IP Guys <gabr...@impactteachers.com> wrote: > I would suggest to make your puppet master available on the net or via a > firewall forwarding, and then configure your puppetmaster/firewall to > only accept connections from those IPs that belong to your clients. > > I assume your clients all have static IP's otherwise you would not have > floated the internal DNS idea. This works very well for me for a number > of services that I have internally, like my email servers.
Probably ok with firewalling. I'd also make sure you turn autosign off, just in case, because otherwise you run a risk of someone connecting and getting the "default" configuration applied to them, even if they don't deserve access to those files. Similar to the "if one node compromised" issue. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
