How to manage nodes in different networks?

I'd like to get my puppet master to manage nodes in a different vlan.

Due to firewall restrictions, I can't do this easily. I'm thinking of adding a 2nd NIC to the master server configured with an IP on the 2nd vlan.

Will this work? Can Puppet be configured to listen on 2 IPs?

Can it talk to nodes in the same vlan on the primary interface and to nodes in the 2nd vlan through the 2nd interface?

Yes, puppet can listen on both interfaces and handle request. The only restriction I can think of is that nodes in both VLANs should be able to use the same DNS name when connecting to the master.

If that is not the case (e.g. nodes on VLAN1 speak to and nodes on VLAN2 speak to, your puppetmaster needs a certificate with both names. Have a look at dnsaltnames.

In Puppet Enterprise, it looks like the config that controls the interface is just a standard apache style config in /etc/puppetlabs/httpd/conf.d/puppetmaster.conf. If you're ...(more)

How do I configure the Master to listen on the 2nd interface and to communicate to nodes on the 2nd VLAN via the 2nd interface? Which config files should I look at?

@Kingpin, Since this isn't a solution, it should really be a comment on Stefan's proposed answer, or you should edit your original question. I left a comment on ...(more)

