Thanks Ken. It get your point and it totally makes sense.
On 15 February 2013 15:36, Ken Barber wrote:
> >> > My biggest concern is that nodes can access other nodes resources
> stored
> >> > in
> >> > PuppetDB, which effectively means that parameters like passwords and
> >> > other
> >> > sens
>> > My biggest concern is that nodes can access other nodes resources stored
>> > in
>> > PuppetDB, which effectively means that parameters like passwords and
>> > other
>> > sensitive information is exposed.
>>
>> If the data is not exported this shouldn't be the case ordinarily.
>
>
> It actuall
On Thursday, 14 February 2013 16:37:01 UTC, Ken Barber wrote:
>
> > My biggest concern is that nodes can access other nodes resources stored
> in
> > PuppetDB, which effectively means that parameters like passwords and
> other
> > sensitive information is exposed.
>
> If the data is not expor
> My biggest concern is that nodes can access other nodes resources stored in
> PuppetDB, which effectively means that parameters like passwords and other
> sensitive information is exposed.
If the data is not exported this shouldn't be the case ordinarily.
Obviously though if your content is unco
You can specify a whitelist for which nodes are allowed to contact puppetdb
at all (and restrict it to only your puppetmaster), and then just send the
rest of the read queries through the proxy. If you only allow the /v2/nodes
& /v2/facts endpoints through the proxy clients can't read for example f
Hi Nick,
My biggest concern is that nodes can access other nodes resources stored in
PuppetDB, which effectively means that parameters like passwords and other
sensitive information is exposed.
I also wonder if PuppetDB has any sense of environments? What I mean, does
it separate data in envir
We're still just getting familiar with PuppetDB, so at this point it's too
early to say how fine grained we need this feature to be. We've already set
up a proxy (as you recommended) and this solution suites us for now.
On Friday, October 26, 2012 8:56:26 PM UTC+2, Nick Lewis wrote:
>
> On Frida
On Friday, October 26, 2012 7:24:18 AM UTC-7, ak0ska wrote:
> Hello,
>
> Is it possible to control from which nodes is it allowed to execute
> commands like "replace catalog" and "replace facts", and which nodes can
> only do queries (but no changes)? It seems like once someone could access
> t
