Hi Matt,
How to accomplish what you describe is going to be highly dependent on
the site''s security policy, since you are dealing with sensitive
information. I didn''t want to put this info in the main git repo that
controls my puppet masters, since it is available to lots of people.
What I ended up doing was setting up an additional "private" repo that
contains a directory matching each hostname that needs private data,
and setting up a private per-host mount point in puppet''s
fileserver.conf:
# Define a "private" mount point unique to each host
[private]
path /etc/puppet/private/%H
allow *
Then my module manifests can contain things like:
file { ''/etc/pki/tls/private/example.key'':
source => ''puppet:///private/example.key''
}
This is just one way of handling this, I''d be interested in hearing
what others are doing.
-Steve
On Oct 4, 3:34 pm, Matt Zagrabelny <mzagr...@d.umn.edu>
wrote:> Hi,
>
> Are people using puppet to store/deploy SSL key/cert info?
>
> My scenario is that I''ve got a bunch of nodes/hosts that are using
> Shibboleth with each host having its own SSL cert and key. I know I
> can ensure the relevant packages are installed and that the configs
> are consistent across said nodes, but I don''t know:
>
> A) If people are using puppet to store the certs/keys for various
> applications (apache, shib, syslog w/ TLS, etc.) within specific hosts
> B) If so, how best to do it with having puppet deploy those certs and
> keys to said hosts
>
> Thanks for any hints or info!
>
> -matt zagrabelny
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.