It depends on how you organize/protect your repos. If you use something like Gitolite, you can restrict branches to specific users which would let you enforce central isolation.
However, a mistake on a branch or permissions could indeed lead to sensitive information leaks. Trevor On Thu, Sep 18, 2014 at 4:26 PM, Julien Deloubes <[email protected]> wrote: > Old topic but i was wondering how secure is the git masterless setup. > Do you have to separate each node configuration in a git branch or sub > directory? > I mean if you git clone the whole repo isn't a bit dangerous to have all > the configuration on the node? > In a master/agent configuration the configuration code is never locally on > the node. > Thanks. > > Le mercredi 26 février 2014 16:59:54 UTC+1, Julien Deloubes a écrit : >> >> Very interesting , thanks for your feedbacks. >> >> Le mardi 25 février 2014 15:09:43 UTC+1, Ken Barber a écrit : >>> >>> > This is the approach we are currently taking and it allows you to use >>> > virtual resources. This is the only thing which should drive you to >>> this >>> > setup - the other is much simpler in my opinion. Of course there might >>> > be a way to use a central PuppetDB service in masterless setup but at >>> > least I am unaware of how to do this. >>> >>> It is possible: >>> >>> http://docs.puppetlabs.com/puppetdb/1.6/connect_puppet_apply.html >>> >>> ken. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d7eb43a3-0a17-4192-98e8-4de7ae73b140%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/d7eb43a3-0a17-4192-98e8-4de7ae73b140%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoU3chQBQyC%3DVbKpK3tAxa1Uprbc6ToWnkcF0uvY2PkAyA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
