Thank you John. I think I understand the limitation. I should be able to create a work-around by scripting a puppetdb query to build "resources" manually or simply fetching the files I need from the partitioned puppetmaster.
On Fri, Oct 31, 2014 at 6:44 AM, jcbollinger <[email protected]> wrote: > > > On Thursday, October 30, 2014 11:36:32 AM UTC-5, Atom Powers wrote: >> >> Is it possible, and how, to collect exported resources from multiple >> puppetdb sources? >> >> I have a network which, for policy reasons, can not connect back into >> the main network but the main network can connect into the partitioned >> network. >> >> I have a stand-alone puppet master in the partitioned network that >> generates stored resources for Nagios in exactly the same way as the >> main network. >> >> Is there a way for the puppet master on the main network to collect >> the stored resources from the partitioned network and the stored >> resources from the main network to build a Nagios server that checks >> both networks? >> > > > I understand what you want to do, but I don't think it's a good idea. A > puppetmaster defines the scope of the resources it exports (among many other > things). A resource exported by one master is logically unrelated to > resources exported by unrelated masters. For two masters to be "related", > they need at least the following: > > They must rely on the same CA. > They must share the same (logical) puppetdb. > If they ever do or can build catalogs for any of the same nodes, they must > use the same manifests and data to do so. > > Those requirements are met in a load-balancing scenario, but rarely > otherwise. > > >> >> Putting a single puppet master in the partitioned network isn't an >> option for the same reason that the network is a partitioned one. >> > > > Could you possibly make your master dual-homed, so that it resides on both > networks? > > Alternatively, the biggest hurdle for establishing related masters in > separate networks may be the shared CA. If you can solve that, then you > could perhaps address the other issues with some form of replication between > the two environments, but replicating the CA is not appropriate. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d24f3ecd-5387-44f8-b09b-3b926ecec059%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOnnWOaiGWBCZ9c2j%2B4fLH3ats9h4DiA4NKgOjRtO5BN7w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
