Hi,

I'm setting up a puppetserver that will be shared by multiple projects and 
would like to enforce some control over access to environment resources - 
particularly puppet:///modules/... file server URLs.

The environment name appears at the start of the URL, so with an 
Apache/Passenger setup I could put IP address-based access controls on an 
environment using a <Location> block so nodes in project A's subnet can't 
download files from project B's environment.

I'm looking for ideas to do the same in a puppetserver world. Really what I 
want to do is block access to puppet:///modules/... from nodes with no node 
definition in the current environment, and the IP address access control is 
just an easy way of doing this in Apache/Passenger.

I realize I could still put Apache in front of puppetserver and configure 
access controls there - modulo a couple of bugs like SERVER-213 and 
SERVER-217 - but maybe there's a better way using puppetserver.

Thanks,
Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0a1f7977-5fb4-4df2-b60f-0a7e10bd5a02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to