security - Will the agent or master be compromised.
Dear Friends, This is my first post in puppet. I am trying to propose implementing Puppet in a medium size environment of 400 Servers. This will be the first automation task of this kind here. I know its a sea out there to look at with respect to implementation and designing but i would like the first few steps to be done to proceed with. Basically the security. After my first few slides the client and myself has concerns over security. some of the concerns looked too much for me to get an answer. So I appreciate any good explanations and suggestions of the documents available in puppet forge so that i can mention the same in the security slides I will be presenting after a week. Urgency is something i would love to mention but i know i have to wait :) Concern: 1. Is the communication SSL or TLS/SSL. Which algorithm is being used for cryptography. 2. Is the communication done by root ID of agent to root ID of master ? 3. What are the different ID's created in agent and master if the master has puppet+puppetdb, agent has puppet agent only. 4. Does the ID's created require shell login, can we disable shell login. 5. Will the agent or master demon listening for connections be compromised, if compromised what are the implications. 6. Is there a possibility to implement without using root ID for communication?
I would like to produce puppet document with page number as an artifact in my document. Kindly help.