Basically, I have a LOT of boxes and I was hoping to avoid having them all VPN'ing in simply to pull config.
As for the paranoid piece. They wouldn't be able to pull anything without being signed already (right?), so unless they intercepted the connection at my datacenter they wouldn't be able to find out. Or maybe I dont understand what is publicly accessible on Puppet server. On Thu, Oct 20, 2011 at 16:53, Jan <[email protected]> wrote: > Hi John, > > On 10/21/2011 12:13 AM Jon Davis wrote: > > I have a numer of hosts in different locations I want to manage with > > puppet. Can I set up my Puppet server to be publicly accessible, or is > > this a horribly bad idea likely to end with a destroyed server? > > what about establishing a VPN connection between your remote gateways > instead of making your puppetmaster available to the outside world? As long > as you don't need native throughput you should be fine using IPSEC. > > <paranoid> > This way you would also take care of DDoS attacks while preventing any sort > of profiling based on made connections to the puppetmaster. So basically > nobody would know about the total number of hosts which might be keeping in > sync with your site manifest ;) > </paranoid> > > - Jan > > -- Jon [[User:ShakataGaNai]] / KJ6FNQ http://snowulf.com/ http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
