Hi.
I have an interesting use case.
OSSEC is security tool based on server-client architecture. Server
generates keys for agents, and every agent has different key.
Now I want to distribute these keys via puppet. I''ve come accross hiera
and installed it, and it works superbly, but how to store per-node key
in hiera?
This is my idea:
hiera,yaml:
---
:hierarchy:
- ossec/%{hostname}
- %{operatingsystem}
- common
:backends:
- yaml
:yaml:
:datadir: ''/etc/puppet/hieradata''
And now in /etc/puppet/hieradata/ossec I have a bunch of hostname.yaml
files, and all of them has something like this:
---
ossec_client_key: ''blablabla''
ossec_id: ''2031''
Is this the right approach? It sure works :)
--
Jakov Sosic
www.srce.unizg.hr
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Wednesday, August 22, 2012 2:47:57 PM UTC-5, Jakov Sosic wrote:> > Hi. > > I have an interesting use case. > > OSSEC is security tool based on server-client architecture. Server > generates keys for agents, and every agent has different key. > > Now I want to distribute these keys via puppet. I''ve come accross hiera > and installed it, and it works superbly, but how to store per-node key > in hiera? > > This is my idea: > > hiera,yaml: > --- > :hierarchy: > - ossec/%{hostname} > - %{operatingsystem} > - common > :backends: > - yaml > :yaml: > :datadir: ''/etc/puppet/hieradata'' > > > And now in /etc/puppet/hieradata/ossec I have a bunch of hostname.yaml > files, and all of them has something like this: > > --- > ossec_client_key: ''blablabla'' > ossec_id: ''2031'' > > > > Is this the right approach? It sure works :) > >"Right" is a tricky word, but I''m happy to say that your approach is "reasonable", "good", "acceptable", and perhaps even "standard". There is at least one hiera-based alternative that I would describe with many of the same terms, but why mess with success? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0FpljMt7XEgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 08/27/2012 08:45 PM, jcbollinger wrote:> "Right" is a tricky word, but I''m happy to say that your approach is > "reasonable", "good", "acceptable", and perhaps even "standard". There > is at least one hiera-based alternative that I would describe with many > of the same terms, but why mess with success?Well this is my first hiera rollout, so I just wanted to be sure I''m using it as reasonable as possible :) You are welcome to pinpoint another example of similar config offcourse. Anyway thank you for your response. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.