That sounds ideal... Might make sense with general node performance etc aswell...
Any examples on how to do that? Cheers Gavin On Friday, 21 December 2012 15:17:47 UTC, Jason Edgecombe wrote: > > What about running a satellite puppet master at each site? > > On 12/21/2012 03:57 AM, fatmcgav wrote: > > Peter > > > > Cheers for the response. > > > > Network device management is being achieved using Puppet's new 'Network > > Device' support as part of 3.0... > > > > Site to site connectivity isn't an issue, as we've got a 100Mbps MPLS > link > > between all 3... However it was more about security and the practicality > of > > allowing the Puppet master effectively unlimited access to all sites... > > > > Cheers > > Gavin > > > > > > On 21 December 2012 01:07, Peter Brown <rendh...@gmail.com <javascript:>> > wrote: > > > >> On 21 December 2012 02:40, Gavin Williams <fatm...@gmail.com<javascript:>> > wrote: > >> > >>> Afternoon all > >>> > >>> We are starting to look at using Puppet Network device support in > anger, > >>> and one of the potential issues that has been raised is around > cross-site > >>> access... > >>> > >>> Currently, we have one Puppet master server, which is hosted in > location > >>> C. > >>> This server is able to access and manage the appropriate network > devices > >>> in location C. > >>> > >>> However there are other devices in locations A and B which we want to > be > >>> able to manage through Puppet. However some potential concerns have > been > >>> raised around allowing the puppet master server blanket access to > locations > >>> A & B... > >>> > >>> Is it possible therefore to run the network devices in effectively a > >>> 'proxy' mode. That is, we create/nominate a suitable node in locations > A > >>> and B which would be able to manage network devices in their > respective > >>> locations, and these nodes then talk back to the Puppet master. > >>> > >>> Does this sound sensible? > >>> > >>> Any other considerations/ideas as to how the above can achieve? > >>> > >> I have no idea how you are achieving the network device configuration > but > >> a setting up a VPN between the master and locations b and c seems like > the > >> best way to do it. > >> That would give you centralised management and security as well. > >> I would suggest using some kind of ssl wrapped vpn like openvpn or > ipsec > >> or something like that. > >> > >> I did find this module on puppet forge for managing openvpn > >> https://forge.puppetlabs.com/luxflux/openvpn > >> > >> Hope that helps. > >> > >> Pete. > >> > >> > >>> Cheers in advance for any responses. > >>> > >>> Regards > >>> Gavin > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "Puppet Users" group. > >>> To view this discussion on the web visit > >>> https://groups.google.com/d/msg/puppet-users/-/WQ3ut4DOK9sJ. > >>> To post to this group, send email to > >>> puppet...@googlegroups.com<javascript:>. > > >>> To unsubscribe from this group, send email to > >>> puppet-users...@googlegroups.com <javascript:>. > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >>> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to > >> puppet...@googlegroups.com<javascript:>. > > >> To unsubscribe from this group, send email to > >> puppet-users...@googlegroups.com <javascript:>. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/3LbpzFbk2yUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
