We're using a couple of techniques:
We bake them into our system images, and for ad-hoc we have a Rundeck
job that can push the keys onto a host.
Haven't had to rotate the keys yet, but I presume that we'd either use
the ad-hoc technique, or re-spin the system image and re-deploy the
hosts. Since we're moving towards ephemeral/immutable hosts, this works
for us.
Hope that helps.
- Jeff
On 03/11/2015 03:05 PM, Heinz Kalkhoff wrote:
Jeff,
I realize you may not want to share the details, but can you share your
strategy on management of the private keys in a masterless setup?
Thanks for the reply.
Heinz
On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote:
We're using eyaml in our masterless setup as well. We've got our
hiera.yaml in /etc/puppet, so we don't need to specify the
--hiera_config with puppet apply.
True that distributing the private key(s) was an interesting issue
to solve.
- Jeff
On 03/11/2015 08:30 AM, Alessandro Franceschi wrote:
> Sure you can,
> you have to pass the --hiera_config parameter to the puppet apply
> command (pointing to your hiera.yaml) and you will need the
private key
> used to encrypt keys on every node (this is maybe the only issue
with
> hiera-eyaml in masterless mode).
> al
>
> On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff
wrote:
>
> Is it possible to use hiera-eyaml with a masterless puppet setup
> (e.g. puppet apply)? I want to verify before going down this
path
> as I have been unable to find examples using puppet
masterless and
> hiera-eyaml.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
send
> an email to puppet-users...@googlegroups.com <javascript:>
> <mailto:puppet-users+unsubscr...@googlegroups.com <javascript:>>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com>
>
<https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email&utm_source=footer
<https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
________________________________
This message and any attached files contain confidential information
and is intended only for the individual named. If you are not the
named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your
system. E-mail transmission cannot be guaranteed to be secure or
without error as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in
the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
________________________________
This message and any attached files contain confidential information and is
intended only for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please notify the
sender immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be guaranteed
to be secure or without error as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the contents
of this message, which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5500ADE1.80604%40bancvue.com.
For more options, visit https://groups.google.com/d/optout.
