On Wed, Feb 9, 2011 at 8:19 AM, Nan Liu <n...@puppetlabs.com> wrote: > Another key difference is the agent only receives a catalog in > master/agent mode. In masterless mode you must provide the puppet > manifest/templates to each client system. The catalog is system > specific and does not contain any configuration information about > other systems, the manifests and templates would have all the > configuration data for all systems. > > It would be non trivial to keep the configuration data isolated in > masterless mode if you have a desire to segment and isolate > configuration data by system, or even system roles (i.e. my website > database system should not contain puppet manifest with my financial > database password).
This is a very important point that I'd like to reiterate. In some environments it's simply unacceptable to expose all password hashes for all services to all machines. You can work around this in masterless mode with appropriate ACLs and some custom function work, but you're going to be doing work that a master does for you. For certain patterns of usage, a masterless setup may be the way to go. It's certainly a simpler model for scaling, but you'll probably want to at least submit reports to a central location. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
