On Tue, Feb 15, 2011 at 11:21 AM, Kristopher <asciid...@gmail.com> wrote: > I would like to confirm that the following is not possible: > I have servers I would like to manage via puppet in my DMZ, I have my > puppet server in the trusted zone of my network. Due to this > arrangement (which cannot be changed due to other services running on > the puppet master) puppet clients cannot initiate a connection with > the puppet master. So I would like to use puppet on a purely push > basis using puppet kick. > > So I handled the cert signing out of band for a client and set up the > namespaceauth.conf. The problem is that when I start the client with -- > no-client and --listen it still tries to connect to the puppet server, > which fails because of the firewall rules. In addition when I asked on > #puppet I was informed that puppet kick just tells the client to phone > home by creating a new connection to request its configs. > > From all this I came to conclusion that puppet cannot be used on a > purely push basis, is this true? If it is true is it likely to change > at any point?
If you do not want the puppet agent to initiate any network connection to the puppet master, compile the catalog on the master, ship the catalog and dependent files to the agent, then apply the catalog on the agent. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
