Hi. I have an interesting use case. OSSEC is security tool based on server-client architecture. Server generates keys for agents, and every agent has different key. Now I want to distribute these keys via puppet. I''ve come accross hiera and installed it, and it works superbly, but how to store per-node key in hiera? This is my idea: hiera,yaml: --- :hierarchy: - ossec/%{hostname} - %{operatingsystem} - common :backends: - yaml :yaml: :datadir: ''/etc/puppet/hieradata'' And now in /etc/puppet/hieradata/ossec I have a bunch of hostname.yaml files, and all of them has something like this: --- ossec_client_key: ''blablabla'' ossec_id: ''2031'' Is this the right approach? It sure works :) -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Wednesday, August 22, 2012 2:47:57 PM UTC-5, Jakov Sosic wrote:> > Hi. > > I have an interesting use case. > > OSSEC is security tool based on server-client architecture. Server > generates keys for agents, and every agent has different key. > > Now I want to distribute these keys via puppet. I''ve come accross hiera > and installed it, and it works superbly, but how to store per-node key > in hiera? > > This is my idea: > > hiera,yaml: > --- > :hierarchy: > - ossec/%{hostname} > - %{operatingsystem} > - common > :backends: > - yaml > :yaml: > :datadir: ''/etc/puppet/hieradata'' > > > And now in /etc/puppet/hieradata/ossec I have a bunch of hostname.yaml > files, and all of them has something like this: > > --- > ossec_client_key: ''blablabla'' > ossec_id: ''2031'' > > > > Is this the right approach? It sure works :) > >"Right" is a tricky word, but I''m happy to say that your approach is "reasonable", "good", "acceptable", and perhaps even "standard". There is at least one hiera-based alternative that I would describe with many of the same terms, but why mess with success? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0FpljMt7XEgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 08/27/2012 08:45 PM, jcbollinger wrote:> "Right" is a tricky word, but I''m happy to say that your approach is > "reasonable", "good", "acceptable", and perhaps even "standard". There > is at least one hiera-based alternative that I would describe with many > of the same terms, but why mess with success?Well this is my first hiera rollout, so I just wanted to be sure I''m using it as reasonable as possible :) You are welcome to pinpoint another example of similar config offcourse. Anyway thank you for your response. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.