FAQ
So we're looking at using Puppet. There are three things we're trying
to figure out how to manage -- SSL keys for the webservers, SSH keys
for the users, and the user's passwords (and specific /etc/shadow and /
etc/passwd for each box).

There's a ton of concerns with each one of these. Is there some place
with a good guide for doing all of this?

I came across a very old thread
http://groups.google.com/group/puppet-users/browse_thread/thread/da756bb067565ede
which implies you shouldn't put your sensitive data in the files
directory of the module. Is that still true?



--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Erik Dalén at May 8, 2012 at 1:39 pm

    On 8 May 2012 14:28, Jistan Idiot wrote:
    So we're looking at using Puppet.  There are three things we're trying
    to figure out how to manage -- SSL keys for the webservers, SSH keys
    for the users, and the user's passwords (and specific /etc/shadow and /
    etc/passwd for each box).

    There's a ton of concerns with each one of these.  Is there some place
    with a good guide for doing all of this?

    I came across a very old thread
    http://groups.google.com/group/puppet-users/browse_thread/thread/da756bb067565ede
    which implies you shouldn't put your sensitive data in the files
    directory of the module.  Is that still true?
    That still holds true (unless you want to micromanage access permissions).

    There is however a way to create a directory per host that is only
    accessible by that host:
    https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ

    --
    Erik Dalén

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Ryan Coleman at May 9, 2012 at 12:19 am

    On Tuesday, May 8, 2012 6:36:02 AM UTC-7, Erik Dalén wrote:

    That still holds true (unless you want to micromanage access permissions).

    There is however a way to create a directory per host that is only
    accessible by that host:
    https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ

    --
    Erik Dalén
    +1 to using a custom mount point to keep sensitive files out of modules and
    restricting those mount points.

    Docs on file serving from custom
    mounts: http://docs.puppetlabs.com/guides/file_serving.html#serving-files-from-custom-mount-points

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/D1m9BRt7FR0J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedMay 8, '12 at 12:56p
activeMay 9, '12 at 12:19a
posts3
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase