So we''re looking at using Puppet. There are three things we''re trying to figure out how to manage -- SSL keys for the webservers, SSH keys for the users, and the user''s passwords (and specific /etc/shadow and / etc/passwd for each box). There''s a ton of concerns with each one of these. Is there some place with a good guide for doing all of this? I came across a very old thread http://groups.google.com/group/puppet-users/browse_thread/thread/da756bb067565ede which implies you shouldn''t put your sensitive data in the files directory of the module. Is that still true? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 8 May 2012 14:28, Jistan Idiot <jistanidiot@gmail.com> wrote:> So we''re looking at using Puppet. There are three things we''re trying > to figure out how to manage -- SSL keys for the webservers, SSH keys > for the users, and the user''s passwords (and specific /etc/shadow and / > etc/passwd for each box). > > There''s a ton of concerns with each one of these. Is there some place > with a good guide for doing all of this? > > I came across a very old thread > http://groups.google.com/group/puppet-users/browse_thread/thread/da756bb067565ede > which implies you shouldn''t put your sensitive data in the files > directory of the module. Is that still true?That still holds true (unless you want to micromanage access permissions). There is however a way to create a directory per host that is only accessible by that host: https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ -- Erik Dalén -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tuesday, May 8, 2012 6:36:02 AM UTC-7, Erik Dalén wrote:> > > That still holds true (unless you want to micromanage access permissions). > > There is however a way to create a directory per host that is only > accessible by that host: > https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ > > -- > Erik Dalén >+1 to using a custom mount point to keep sensitive files out of modules and restricting those mount points. Docs on file serving from custom mounts: http://docs.puppetlabs.com/guides/file_serving.html#serving-files-from-custom-mount-points -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/D1m9BRt7FR0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.