i need to run puppet on nodes which are in IT structures who arent
administrated by me, we just rent out computers to clients and they use
those computers running our software in their infrastructur.
Problem for me is now: i need to manage those nodes remotely and not every
local administrator is happy about opening new ports in their firewall as i
may need them to be.
Question for me is: is it possible to run a client node that is
communicating with my puppetmaster on just port 80/443 or do i need to have
the extra port for the smartproxy?
As i was looking through the apache2 conf files, i've seen vhosts for 443
to communicate via ssl and the 8140 for the smartproxy.
Since puppetmaster runs under passenger by default, you should be able
to configure paths for those two applications (if they are both prefixed
I dunno).
Good luck and share your results with us.
LZ
···
On Thu, Jul 17, 2014 at 12:52:42AM -0700, robert api wrote:
> Hi there,
>
> i need to run puppet on nodes which are in IT structures who arent
> administrated by me, we just rent out computers to clients and they use
> those computers running our software in their infrastructur.
>
> Problem for me is now: i need to manage those nodes remotely and not every
> local administrator is happy about opening new ports in their firewall as i
> may need them to be.
>
> Question for me is: is it possible to run a client node that is
> communicating with my puppetmaster on just port 80/443 or do i need to have
> the extra port for the smartproxy?
>
> As i was looking through the apache2 conf files, i've seen vhosts for 443
> to communicate via ssl and the 8140 for the smartproxy.
>
> can i somehow merge those two together?
>
> greetings
> Robert
>
> --
> You received this message because you are subscribed to the Google Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
thanks for the tipp,but i have made a mistake. i did try what you proposed,
but it didnt have the effect i expected it to have, basicly i needed to
change the puppetmaster port not the smartproxy, since the smartproxy is
only doing its think on my end, where i have control over what goes where.
i'm sorry for wasting your time.
iptables redirect on the puppetmaster (443=>8140) and a changed masterport
(mp=443) setting on the client node did the trick.
