Puppet Remediate connects to security providers to discover hosts with vulnerabilities. To take action and fix the vulnerabilities, the system needs to connect directly to the hosts. If the host you want to fix is deployed in different network segments that are not directly accessible from where you installed Remediate, you can setup a multi-network deployment.
In a multi-network deployment, an edge service is deployed inside each network segment. Remediate instructs the edge to connect to the hosts when executing tasks, and then leverages Docker swarm to deploy an edge service on each swarm worker. Workers must have direct connectivity to the manager — the main node where you installed Remediate. For more information on workers and managers, see the Docker documentation.
For more information on installing Remediate on nodes that are not connected to the internet, see instructions on how to Install Remediate on offline nodes.
Set up a Docker swarm
On the node you want to be the manager, run:
docker swarm init
To add a manager to the swarm, run the following command and follow the
docker swarm join-token manager
- On the node you want to be the manager, run:
- Using the key output from the above command as the token, run the following command on each of the workers:
docker swarm join --token
This command adds a worker to each network segment.
- On the manager node, follow the normal installation instructions for Remediate. The swarm automatically deploys the edge on the workers.
- After the installation is complete, verify the expected number of edges is
running with the following command:
docker service ps remediate_remote-edge