Hello, I really like Craig Dunn''s roles and profiles pattern for more readable puppet config (http://de.slideshare.net/PuppetLabs/roles-talk) but I was wondering how does he deal with cases where let''s say one node is a database server and some unique or specific password needs to be assigned to a MySQL database for an application? Basically what I am doing now is to have a $dbpassword variable in my sites.pp file for a specific node. I then pass this variable to my mysql::db (puppetlabs-mysql module) delcaration in that node. Somehow I have the feeling this is not really best practice and wouldn''t even work with Craig Dunn''s design afaik. Any thoughts or best practices for this case? Regards, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
There is a utility called hiera and an extention called hiera-gpg which you can use to store confidential information such as passwords in there. That way, if someone ever sees the config for the passwords, they will always be encrypted. On Friday, June 7, 2013 4:28:39 AM UTC-4, John Naggets wrote:> > Hello, > > I really like Craig Dunn''s roles and profiles pattern for more readable > puppet config (http://de.slideshare.net/PuppetLabs/roles-talk) but I was > wondering how does he deal with cases where let''s say one node is a > database server and some unique or specific password needs to be assigned > to a MySQL database for an application? > > Basically what I am doing now is to have a $dbpassword variable in my > sites.pp file for a specific node. I then pass this variable to my > mysql::db (puppetlabs-mysql module) delcaration in that node. Somehow I > have the feeling this is not really best practice and wouldn''t even work > with Craig Dunn''s design afaik. Any thoughts or best practices for this > case? > > Regards, > John > > >-- _____________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. © 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Thanks, I will look into Hiera to externalise all my config data. On Friday, June 7, 2013 3:07:05 PM UTC+2, phundisk wrote:> > There is a utility called hiera and an extention called hiera-gpg which > you can use to store confidential information such as passwords in there. > That way, if someone ever sees the config for the passwords, they will > always be encrypted. > > On Friday, June 7, 2013 4:28:39 AM UTC-4, John Naggets wrote: >> >> Hello, >> >> I really like Craig Dunn''s roles and profiles pattern for more readable >> puppet config (http://de.slideshare.net/PuppetLabs/roles-talk) but I was >> wondering how does he deal with cases where let''s say one node is a >> database server and some unique or specific password needs to be assigned >> to a MySQL database for an application? >> >> Basically what I am doing now is to have a $dbpassword variable in my >> sites.pp file for a specific node. I then pass this variable to my >> mysql::db (puppetlabs-mysql module) delcaration in that node. Somehow I >> have the feeling this is not really best practice and wouldn''t even work >> with Craig Dunn''s design afaik. Any thoughts or best practices for this >> case? >> >> Regards, >> John >> >> >> > _____________________________________________________ > This email and any files transmitted with it are confidential and intended > solely for the addressee. If you received this email in error, please do > not disclose the contents to anyone; kindly notify the sender by return > email and delete this email and any attachments from your system. > > © 2011 Currensee Inc. is a member of the National Futures Association > (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) > trading may involve significant risk of loss. It is not suitable for all > investors and you should make sure you understand the risks involved before > trading and seek independent advice if necessary. Performance, strategies > and charts shown are not necessarily predictive of any particular result > and past performance is no indication of future results. Investor returns > may vary from Trade Leader returns based on slippage, fees, broker spreads, > volatility or other market conditions. > > Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.