I've started investigating hiera-eyaml as a tool for managing
secrets within our puppet repository. It looks pretty promising,
especially in connection with 'show_diff => false'. For those that
haven't seen it:
http://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml
That said, I'm not sure what its performance implications are, and
how many decryption calls we can afford. Has anybody played with this
enough to be able to know how how these decryption calls will affect
performance problems?
More concretely: I'm currently supporting ~1250 nodes with two
fairly-hefty puppet servers, but we're not managing much in the way of
secrets. If I were to, say, start managing the root password on all of
our nodes using this tool, should I expect our entirely environment to
melt down?
- Tim Skirvin (tskirvin@fnal.gov)
--
HPC Systems Administrator / Developer http://www.linkedin.com/in/tskirvin
USCMS-T1 Collaboration Fermilab Scientific Computing