Peter Cheers for the response.
Network device management is being achieved using Puppet's new 'Network Device' support as part of 3.0... Site to site connectivity isn't an issue, as we've got a 100Mbps MPLS link between all 3... However it was more about security and the practicality of allowing the Puppet master effectively unlimited access to all sites... Cheers Gavin On 21 December 2012 01:07, Peter Brown <rendhal...@gmail.com> wrote: > On 21 December 2012 02:40, Gavin Williams <fatmc...@gmail.com> wrote: > >> Afternoon all >> >> We are starting to look at using Puppet Network device support in anger, >> and one of the potential issues that has been raised is around cross-site >> access... >> >> Currently, we have one Puppet master server, which is hosted in location >> C. >> This server is able to access and manage the appropriate network devices >> in location C. >> >> However there are other devices in locations A and B which we want to be >> able to manage through Puppet. However some potential concerns have been >> raised around allowing the puppet master server blanket access to locations >> A & B... >> >> Is it possible therefore to run the network devices in effectively a >> 'proxy' mode. That is, we create/nominate a suitable node in locations A >> and B which would be able to manage network devices in their respective >> locations, and these nodes then talk back to the Puppet master. >> >> Does this sound sensible? >> >> Any other considerations/ideas as to how the above can achieve? >> > > I have no idea how you are achieving the network device configuration but > a setting up a VPN between the master and locations b and c seems like the > best way to do it. > That would give you centralised management and security as well. > I would suggest using some kind of ssl wrapped vpn like openvpn or ipsec > or something like that. > > I did find this module on puppet forge for managing openvpn > https://forge.puppetlabs.com/luxflux/openvpn > > Hope that helps. > > Pete. > > >> Cheers in advance for any responses. >> >> Regards >> Gavin >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/WQ3ut4DOK9sJ. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
