Hi.
We're thinking of ways to get our DMZ nodes managed by puppet, and in the absence of a full-fledged push model we are thinking about pointing puppets in our DMZ network at a bastion host running squid to proxy back to our puppet master. In this scenario, the single bastion host would have an ACL allowing access through our inner firewall to the master, but the various nodes would have no direct access. That would give us a nice choke point that we can monitor and isolate if needed. We'd still get all of our reporting functions, too. Has anyone tried something along these lines? Any opinions? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
