On Nov 29, 12:29 pm, Namrata <namratakulka...@gmail.com> wrote:
> Thanks Nan.
>
> So, my puppetmaster should be able to install modules on puppet client
> if the port 8139 is open?

In short, you don't even need 8139 open.

In long:
The puppetmaster does not under any circumstances install modules on
the client, regardless of what ports are open where.  Instead, the
client initiates one or more connections to the server, pulls down
instructions and data, and performs whatever system modifications are
required.  The client does all that either on demand at regular
intervals, depending on how it is set up.  No ports need to be open in
the client's firewall for this to work, but that firewall must not
interfere with traffic on connections that the client initiates.

The puppet agent also has a feature, disabled by default, where it
listens on port 8139 for "kick" messages.  Such messages trigger the
agent to perform the same operations already described above (i.e.
this is a special case of on-demand runs).  Only for that feature to
work does the client need port 8139 to be open.

On the other side, the puppetmaster's firewall must leave the
puppmaster port open for clients to be able to connect.  That port is
8140 by default.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to