On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
>- Each node has a copy of the entire repository of modules and classes
>which makes it in my opinion a security risk.
Don't put passwords and private keys in your manifests.
Would you call this a general rule? If so, what's the best practice for
setting passwords and private keys?
if your setup has a puppetmaster I would use a function to do an
external lookup. hence your manifests contain only the lookup
statement and the passwords are only stored on the master. SOON to
come: a tool doing that for you with puppet integration...
regarding private keys: we have them stored in special module, which
is only stored on the master. It is in a git repo, however we don't
share it outside the master. So if you need add/change a key you have
to do that on the master. However all the manifests describing which
keys go where, is still done in the usual modules.
cheers pete
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
