On Wed, Nov 10, 2010 at 6:26 PM, Richard Crowley <r...@rcrowley.org> wrote:
> > got the point, thought that you need one specific key on each server. So
> > that should be even simpler, use file with content and put the key in the
> > content field:
> >
> > $myKey = "-----BEGIN RSA PRIVATE
> >
> KEY-----\nMIICXgIBAAKBgQDTqkVS4/iwKx8LngXQrEShlfSRtcSyOB1IjC5AIGUAJvapq9lz\n..."
> >
> > file {
> > "/path/to/keyFile":
> > content => $myKey;
> > }
> >
> > Put this into your Webserver class and assign the class only to the
> > Webservers.
>
> This works perfectly for PEM-formatted keys because they're ASCII,
> which is a subset of UTF-8. Binary keys are not (usually) valid UTF-8
> and thus can't be crammed into a catalog without some encoding.
>
>
Indeed. I made a mistake in my original post; it's not the key files for
apache (which are PEM-formatted ASCII) , but rather those in Java's JKS
keystore format, that cause problems for me. I could probably create a
workaround by transferring the keys as .PEM format and then converting to
JKS on the client, but it would be a pretty fiddly solution compared to the
option of a binary-safe file() function.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
