On 15 February 2011 19:21, Kristopher <asciid...@gmail.com> wrote: > I would like to confirm that the following is not possible: > I have servers I would like to manage via puppet in my DMZ, I have my > puppet server in the trusted zone of my network. Due to this > arrangement (which cannot be changed due to other services running on > the puppet master) puppet clients cannot initiate a connection with > the puppet master. So I would like to use puppet on a purely push > basis using puppet kick. > > So I handled the cert signing out of band for a client and set up the > namespaceauth.conf. The problem is that when I start the client with -- > no-client and --listen it still tries to connect to the puppet server, > which fails because of the firewall rules. In addition when I asked on > #puppet I was informed that puppet kick just tells the client to phone > home by creating a new connection to request its configs. > > From all this I came to conclusion that puppet cannot be used on a > purely push basis, is this true? If it is true is it likely to change > at any point? > > Thanks.
That's correct, if you wish to run in "push" its recommended you run a masterless puppet setup and push your manifests to the host which then executes them. I could be wrong, but I can't see it changing due to the way puppet is engineered. Nodes subscribe to puppet updates rather than updates being forced upon them. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
