

Secure Puppet client-server connections? - xtraclass

Hi :-)<p>When we use 'plain' Puppet to configure our VMs, the Puppet agent connects to the Puppet master, maybe controlled by cron.<p>Security officers I know say this is not a good idea. It should only be allowed that the server starts a connection to the client, but not the other way round.<p>Do you agree? Is it such a bad idea that Puppet clients connect to the server via a typical, secure port? There are credentials and whatever.<p>And what were the alternatives? MCollective. I'm a little bit scared of it, because ActiveMQ can be hard to configure sometimes.<p>Would be great to read you ideas...
======
SEJeff
Puppet uses client RSA certificates and SSL/TLS. That is industry standard
technology that you use for things like online banking. It is built to be
difficult to man in the middle. Client certificate auth will not work if you
intercept or impersonate the master. If your security officer thinks this is
insecure, he is either ignorant of what puppet is doing or is incompetent.

Also, in scaling large distributed systems (what I do for $day_job) pull model
is much more robust than a push. What they are telling you is pretty much the
opposite of my professional experience

