On Thursday, May 10, 2012 9:53:15 AM UTC-7, Kelsey Hightower wrote: > > On Thu, May 10, 2012 at 12:44 PM, Daniel Sauble > <djsau...@puppetlabs.com>wrote: > >> Hey all, >> >> I've been designing a new feature for Puppet, and wanted to get some >> kick-back from the community to see if you think this is needed or not. The >> feature is called Puppet Sites, and meets some specific goals by means of a >> few tasks. >> >> - Securely add nodes to your deployment without manually signing >> certificates on the CA... >> - ...so that you can have the advantages of autosigning without >> its security problems. >> >> >> - Get a list of all the nodes in your deployment... >> - ...so that a single command can give you what previously you had >> to trawl multiple services (ENCs, CAs, etc...) on each Puppet master >> in >> your deployment to retrieve. >> >> How does this work with ENCs? Will the ENC need to talk to Puppet sites > for node information such as environment settings? When nodes are added and > removed from Puppet sites will they be updated in the ENC and vice-versa. >
Puppet Sites includes three services: a node registry, a service registry, and an authentication service. The *node registry* in the MVP for Puppet Sites is a slightly-modified CA (the sole difference being that certificates cannot be revoked from the node registry without the node itself leaving the site). So no, there isn't any communication between the node registry and the ENC. However, the ENC can use the *service registry* to discover where the node registry lives, and do polling to update its own classification data. > >> - Store connection information for Puppet services in a central >> location (accessible from manifests, puppet.conf, and defaults.rb)... >> - ...so that you don't have to manage puppet.conf files on each >> node in your population >> - ...so that agent/master/CA configuration stays consistent across >> your deployment >> - ...so that you can update your config and fetch a new catalog in >> a single operation. >> >> So will each node then need to be configured with the location to Puppet > sites? > > Yes. The goal is that each agent only require a single configuration parameter (site_server, perhaps), and the agent be able to automatically connect to all Puppet services specified in the Site's service registry. > > >> Thanks in advance for the feedback! >> - Daniel >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/cdG9GFFqvYEJ. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Kelsey Hightower > Developer > Puppet Labs > (678) 4719501 > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Rqarv7FGCDMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
