i''m relatively new to puppet and have not found an examples of running without a puppet master. i want to use red hat satellite server to deliver to the clients of puppet an rpm containing puppet content a a few different packages. 1 for base lockdown, in this case STIG 1 for project customization 1 for applications or something along those lines. the idea is to eliminate the need for a puppet master and in a sorts replace that with satellite server. this way we can use satellite in a disconnected configuration and deploy those to isolated networks, shipboard, etc and not need extra infrastructure to manage. does anyone have any examples of a "disconnected" configuration, not using a puppet master? Regards, -- aaron -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jennings, Jared L CTR USAF AFMC 46 SK/CCI
2010-Dec-20 18:41 UTC
RE: [Puppet Users] run without puppet master
> i want to use red hat satellite server to deliver to the clients of > puppet an rpm containing puppet content a a few different packages. > > 1 for base lockdown, in this case STIG > 1 for project customization > 1 for applications > > or something along those lines.Aaron, you should check out CLIP, the Certifiable Linux Integration Platform, from Tresys. <http://oss.tresys.com/projects/clip/> It uses puppet without a puppetmaster, to lock down a RHEL system. I believe the lockdown they do is a superset of what the STIG requires. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Actually CLIP is exactly what i am using and we have stripped out all but the CLIP puppet content and have started modifying that to better adhere to STIG. what i''m trying to understand now is a good way to structure puppet content to now go beyond STIG and add host and application level puppet content in a flexible/scalable way. we host what we are calling SLIM (SPAWAR Linux Installation & Management) at software.forge.mil/DoDBastille and this question of how to structure puppet is about the last major hurdle i have to put slim in operation. thanks for any input. Aaron On Mon, Dec 20, 2010 at 1:41 PM, Jennings, Jared L CTR USAF AFMC 46 SK/CCI < jared.jennings.ctr@eglin.af.mil> wrote:> > i want to use red hat satellite server to deliver to the clients of > > puppet an rpm containing puppet content a a few different packages. > > > > 1 for base lockdown, in this case STIG > > 1 for project customization > > 1 for applications > > > > or something along those lines. > > Aaron, you should check out CLIP, the Certifiable Linux Integration > Platform, from Tresys. <http://oss.tresys.com/projects/clip/> It uses > puppet without a puppetmaster, to lock down a RHEL system. I believe the > lockdown they do is a superset of what the STIG requires. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- aaron@linux.com | (858) 334 3171 | 78 Princeton Rd, Goose Creek, SC 29445 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Dec 20, 6:51 am, aaron prayther <prayt...@gmail.com> wrote:> > does anyone have any examples of a "disconnected" configuration, not using a > puppet master? >Aaron, I know Jordan Sissel[1] runs his deployment very muhc like this. There''s no central puppet master, but packages that install/enforce a particular configuration. As I recall he has a minimal ''base'' set that is responsible for ensuring a sane puppet environment, self updating, etc. Most of the traditional configuration is then managed in a ''content'' set. One immediate difference is that he''s trusting the clients to define which configuration is applied. It sounds like in your instance you''ll have a ''base'' catalog with no per node definitions instead. Matt Robinson also made a very interesting feature[2]. It uses a puppet master to compile the clients catalog, but then packages the catalog and all required resources in to a discrete tar file. The tar is unpacked on the client then applied with a stand alone ''puppet apply'' run. As I recall this feature was actually created for a secure environment where data had to be physically distributed on media. Your use case could certainly package & version these complete catalog sets using RPMs instead of tar. [1] http://www.semicomplete.com/ [2] https://github.com/puppetlabs/puppet-compile-catalog-with-files -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I think i have found the documentation i need for puppet "modules". between that and the suggestions i have received, i should be able operate the way i need and like Matt be able to operate in disconnected secure networks. On Tue, Dec 21, 2010 at 11:56 PM, donavan <donavan@desinc.net> wrote:> On Dec 20, 6:51 am, aaron prayther <prayt...@gmail.com> wrote: > > > > does anyone have any examples of a "disconnected" configuration, not > using a > > puppet master? > > > > > Aaron, > > I know Jordan Sissel[1] runs his deployment very muhc like this. > There''s no central puppet master, but packages that install/enforce a > particular configuration. As I recall he has a minimal ''base'' set that > is responsible for ensuring a sane puppet environment, self updating, > etc. Most of the traditional configuration is then managed in a > ''content'' set. > > One immediate difference is that he''s trusting the clients to define > which configuration is applied. It sounds like in your instance you''ll > have a ''base'' catalog with no per node definitions instead. > > Matt Robinson also made a very interesting feature[2]. It uses a > puppet master to compile the clients catalog, but then packages the > catalog and all required resources in to a discrete tar file. The tar > is unpacked on the client then applied with a stand alone ''puppet > apply'' run. As I recall this feature was actually created for a secure > environment where data had to be physically distributed on media. > > Your use case could certainly package & version these complete catalog > sets using RPMs instead of tar. > > > [1] http://www.semicomplete.com/ > [2] https://github.com/puppetlabs/puppet-compile-catalog-with-files > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Aaron, On Mon, 20 Dec 2010 09:51:33 -0500 aaron prayther <prayther@gmail.com> wrote:> i''m relatively new to puppet and have not found an examples of running > without a puppet master.<SNIP>> does anyone have any examples of a "disconnected" configuration, not using a > puppet master? >I have a repo that you could get some ideas from. https://github.com/aussielunix/puppet-standalone-demo I moved appartment recently so this stalled a little but I will start working back on it this next few weeks. Note: This is still based on puppet 0.25.> Regards, > -- > aaronCheers -- Mick Pollard E-mail: aussielunix at gmail dot com Phone/SMS: +61 488 490 240 twitter: @aussielunix identi.ca: @aussielunix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.