We're using a couple of techniques: We bake them into our system images, and for ad-hoc we have a Rundeck job that can push the keys onto a host.
Haven't had to rotate the keys yet, but I presume that we'd either use the ad-hoc technique, or re-spin the system image and re-deploy the hosts. Since we're moving towards ephemeral/immutable hosts, this works for us. Hope that helps. - Jeff On 03/11/2015 03:05 PM, Heinz Kalkhoff wrote:
Jeff, I realize you may not want to share the details, but can you share your strategy on management of the private keys in a masterless setup? Thanks for the reply. Heinz On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote: We're using eyaml in our masterless setup as well. We've got our hiera.yaml in /etc/puppet, so we don't need to specify the --hiera_config with puppet apply. True that distributing the private key(s) was an interesting issue to solve. - Jeff On 03/11/2015 08:30 AM, Alessandro Franceschi wrote: > Sure you can, > you have to pass the --hiera_config parameter to the puppet apply > command (pointing to your hiera.yaml) and you will need the private key > used to encrypt keys on every node (this is maybe the only issue with > hiera-eyaml in masterless mode). > al > > On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff wrote: > > Is it possible to use hiera-eyaml with a masterless puppet setup > (e.g. puppet apply)? I want to verify before going down this path > as I have been unable to find examples using puppet masterless and > hiera-eyaml. > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users...@googlegroups.com <javascript:> > <mailto:puppet-users+unsubscr...@googlegroups.com <javascript:>>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com <https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com> > <https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email&utm_source=footer <https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email&utm_source=footer>>. > For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>. ________________________________ This message and any attached files contain confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or without error as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com <mailto:puppet-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com <https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/d/optout.
________________________________ This message and any attached files contain confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or without error as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5500ADE1.80604%40bancvue.com. For more options, visit https://groups.google.com/d/optout.