Hi, On 12/09/2011 07:58 AM, huangming...@gmail.com wrote: > hi,all > this is a tips, when you run puppet in a big data center. you > need run more than one puppet master. this is a trouble. and if the
Yes, scaling is not trivial. > puppet master hacked by hacker. all client will be in danger. how is this not true for your file servers? > but run puppet in client mode , can resolve this two problem. > the first . client just download the puppet manifest from a ftp or > http server with ssl connect. so ,just only one simple puppet manifest > distribute server. the second . use the gpg sign the puppet manifest. Puppet usually authenticates both master and agent, so there is no added security in throwing GPG at it. The catalogue isn't getting any more encrypted or signed than the regular puppet master does. > so the client only run the manifest when the puppet manifest's sign > is right. and the client will import the gpg public key. Again, this is not different from puppet's usual MO. As for the matter of scaling - what you're describing is essentially masterless operation, which is known to have a number of benefits and some drawbacks. Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
