On 21 December 2012 02:40, Gavin Williams <fatmc...@gmail.com> wrote:
> Afternoon all > > We are starting to look at using Puppet Network device support in anger, > and one of the potential issues that has been raised is around cross-site > access... > > Currently, we have one Puppet master server, which is hosted in location > C. > This server is able to access and manage the appropriate network devices > in location C. > > However there are other devices in locations A and B which we want to be > able to manage through Puppet. However some potential concerns have been > raised around allowing the puppet master server blanket access to locations > A & B... > > Is it possible therefore to run the network devices in effectively a > 'proxy' mode. That is, we create/nominate a suitable node in locations A > and B which would be able to manage network devices in their respective > locations, and these nodes then talk back to the Puppet master. > > Does this sound sensible? > > Any other considerations/ideas as to how the above can achieve? > I have no idea how you are achieving the network device configuration but a setting up a VPN between the master and locations b and c seems like the best way to do it. That would give you centralised management and security as well. I would suggest using some kind of ssl wrapped vpn like openvpn or ipsec or something like that. I did find this module on puppet forge for managing openvpn https://forge.puppetlabs.com/luxflux/openvpn Hope that helps. Pete. > Cheers in advance for any responses. > > Regards > Gavin > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/WQ3ut4DOK9sJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
