On Feb 10, 2011, at 10:25 PM, John Warburton wrote: > Curse GW Bush and his 'Axis of Evil' - my google searches are contaminated > with hits to Korea, and other such fun... > > Does anyone have any experiences with puppet in the DMZ they can share? > > At my puppet master training (Hi Hunter), it was mentioned some people > compile their catalogs inside, then ship them out to servers in the DMZ to be > applied. > > I understand that fine, but we use facts quite a bit to get state > information, so the traditional part of the client server/model where facts > are shipped back from the client to the puppet server is missing. > > How do people get around the "common" rule that DMZ servers should not > initiate network connections back to the internal network? Should we have a > puppet server in the DMZ?
Just in case you didn't think of these already: If you do ship out catalogs manually, you can't use the "puppet:///modules/module..." style file serving. Everything done with "content" should still work. Next keep in mind that for "Package" to work, you need to be able to see the package repository. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
