Hi Alex, I attempted to set this up a while ago but never got to finish my module. I still have it somewhere and I will likely need to finish it soon as I need to do a similar setup soon for a PCI setup.
Another option would be to put all your puppet code into a git repo and setup each master to pull from a central repo over ssh. That _Should_ be secure enough. I am also curious why you need this sort of setup. Is it for PCI compliance or something similar? Pete. On 26 September 2012 18:14, Alex Harvey <[email protected]> wrote: > Hi all, > > I am interested to hear from anyone who might have deployed Puppet in a > large organisation with a lot of subnets firewalled off from each other. > > I am considering to have, if possible, a 'master' Puppet Master controlling > 'client' Puppet Masters that live on the firewalled subnets. I would like > to allow the client Puppet Masters communicate with the master Puppet Master > only for the purpose of obtaining their manifests for the local subnet. The > Master Puppet Master in turn would talk to a single git/code server. Then > of course all the Puppet clients on each subnet would only know about the > local Puppet Masters. > > Has anyone done this before or have any advice on whether or not this is a > good idea? > > Best wishes, > Alex Harvey > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
