Here is a document for running multiple puppet masters:
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html
Have you confirmed that the network device management only runs from the
puppet master? As I understand most of the puppet
actions are performed by the puppet agent, which runs on all machines,
including the pupper master. The puppet master compiles manifests,
handles certificates, serves files and receives reports. The rest
usually happens on the agent side.
Jason
On 12/21/2012 10:20 AM, Gavin Williams wrote:
That sounds ideal... Might make sense with general node performance etc
aswell...
Any examples on how to do that?
Cheers
Gavin
On Friday, 21 December 2012 15:17:47 UTC, Jason Edgecombe wrote:
What about running a satellite puppet master at each site?
On 12/21/2012 03:57 AM, fatmcgav wrote:
Peter
Cheers for the response.
Network device management is being achieved using Puppet's new 'Network
Device' support as part of 3.0...
Site to site connectivity isn't an issue, as we've got a 100Mbps MPLS
link
between all 3... However it was more about security and the practicality
of
allowing the Puppet master effectively unlimited access to all sites...
Cheers
Gavin
On 21 December 2012 01:07, Peter Brown <rendh...@gmail.com <javascript:>>
wrote:
On 21 December 2012 02:40, Gavin Williams <fatm...@gmail.com<javascript:>>
wrote:
Afternoon all
We are starting to look at using Puppet Network device support in
anger,
and one of the potential issues that has been raised is around
cross-site
access...
Currently, we have one Puppet master server, which is hosted in
location
C.
This server is able to access and manage the appropriate network
devices
in location C.
However there are other devices in locations A and B which we want to
be
able to manage through Puppet. However some potential concerns have
been
raised around allowing the puppet master server blanket access to
locations
A & B...
Is it possible therefore to run the network devices in effectively a
'proxy' mode. That is, we create/nominate a suitable node in locations
A
and B which would be able to manage network devices in their
respective
locations, and these nodes then talk back to the Puppet master.
Does this sound sensible?
Any other considerations/ideas as to how the above can achieve?
I have no idea how you are achieving the network device configuration
but
a setting up a VPN between the master and locations b and c seems like
the
best way to do it.
That would give you centralised management and security as well.
I would suggest using some kind of ssl wrapped vpn like openvpn or
ipsec
or something like that.
I did find this module on puppet forge for managing openvpn
https://forge.puppetlabs.com/luxflux/openvpn
Hope that helps.
Pete.
Cheers in advance for any responses.
Regards
Gavin
--
You received this message because you are subscribed to the Google
Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/WQ3ut4DOK9sJ.
To post to this group, send email to puppet...@googlegroups.com<javascript:>.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com <javascript:>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups
"Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com<javascript:>.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com <javascript:>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
