On Nov 29, 12:29 pm, Namrata <namratakulka...@gmail.com> wrote: > Thanks Nan. > > So, my puppetmaster should be able to install modules on puppet client > if the port 8139 is open?
In short, you don't even need 8139 open. In long: The puppetmaster does not under any circumstances install modules on the client, regardless of what ports are open where. Instead, the client initiates one or more connections to the server, pulls down instructions and data, and performs whatever system modifications are required. The client does all that either on demand at regular intervals, depending on how it is set up. No ports need to be open in the client's firewall for this to work, but that firewall must not interfere with traffic on connections that the client initiates. The puppet agent also has a feature, disabled by default, where it listens on port 8139 for "kick" messages. Such messages trigger the agent to perform the same operations already described above (i.e. this is a special case of on-demand runs). Only for that feature to work does the client need port 8139 to be open. On the other side, the puppetmaster's firewall must leave the puppmaster port open for clients to be able to connect. That port is 8140 by default. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.