I have been given a project to secure our client hosts. One of the requirements was to setup an encrypted volume and mount it over /var/puppet/lib .
the other requirement was to have the encryption key reside only on the puppet master. I have been able to use cryptsetup to have puppet configure and mount the encrypted volume successfully. But I am running into a roadblock when the client server reboots and the volume is unmounted. I can't use puppet to mount the volume as the puppet agent will not connect successfully without the /var/lib/puppet being mounted so it can use original SSl cert. Wanted to see if anyone here have tried any similar setups to what i am trying to achieve. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a532006d-e3cd-4c1b-bd6f-91a388e68fb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
