On Thu, Sep 16, 2010 at 1:15 AM, Bruce Richardson <itsbr...@workshy.org> wrote: > On Wed, Sep 15, 2010 at 09:31:19PM +0200, Alan Barrett wrote: >> I use an external node classifier purely for the purpose of setting >> the environment (and a parameter called $error_message or something, >> but not any classes). There are minor problems when the master and >> client disagree, but so far the problems have not been enough to prevent >> installing a puppet.conf from a template, to make the client specify the >> correct environment on the next run. > > You're still trusting the client. It's the wrong approach (I'm not > criticising you personally, Puppet doesn't leave you much choice if you > want to use environments), it's vulnerable to error, fragile and > potentially insecure.
The client is the only component that can be authoritative over the environment unfortunately. However we set it via a fact, and that hasn't been fragile for us. YMMV. > > -- > Bruce > > I unfortunately do not know how to turn cheese into gold. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
