Eugene Sapozhnikov
2014-Aug-20 17:07 UTC
[Puppet Users] Encrypting /var/lib/puppet directory on clients
I have been given a project to secure our client hosts. One of the requirements was to setup an encrypted volume and mount it over /var/puppet/lib . the other requirement was to have the encryption key reside only on the puppet master. I have been able to use cryptsetup to have puppet configure and mount the encrypted volume successfully. But I am running into a roadblock when the client server reboots and the volume is unmounted. I can't use puppet to mount the volume as the puppet agent will not connect successfully without the /var/lib/puppet being mounted so it can use original SSl cert. Wanted to see if anyone here have tried any similar setups to what i am trying to achieve. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a532006d-e3cd-4c1b-bd6f-91a388e68fb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.