Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

2016-10-04 Thread Nathan Jones 
hiera-eyaml-kms  is a good 
solution that uses AWS KMS to manage encryption keys. EC2 instances can be 
provisioned with an IAM instance profile that grants access to the required 
keys.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/261e20fe-604b-484b-b6e9-94b5550b3932%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

2015-10-15 Thread Louis Mayorga 
Wondering if Windows 2015.2 supports it. Of course, in a masterless setup.

On Wednesday, March 11, 2015 at 5:04:53 PM UTC-4, jeff Adams wrote:
>
> We're using a couple of techniques: 
>
> We bake them into our system images, and for ad-hoc we have a Rundeck 
> job that can push the keys onto a host. 
>
> Haven't had to rotate the keys yet, but I presume that we'd either use 
> the ad-hoc technique, or re-spin the system image and re-deploy the 
> hosts. Since we're moving towards ephemeral/immutable hosts, this works 
> for us. 
>
> Hope that helps. 
>
> - Jeff 
>
> On 03/11/2015 03:05 PM, Heinz Kalkhoff wrote: 
> > Jeff, 
> > 
> > I realize you may not want to share the details, but can you share your 
> > strategy on management of the private keys in a masterless setup? 
> > 
> > Thanks for the reply. 
> > 
> > Heinz 
> > 
> > On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote: 
> > 
> > We're using eyaml in our masterless setup as well. We've got our 
> > hiera.yaml in /etc/puppet, so we don't need to specify the 
> > --hiera_config with puppet apply. 
> > 
> > True that distributing the private key(s) was an interesting issue 
> > to solve. 
> > 
> > -  Jeff 
> > 
> > On 03/11/2015 08:30 AM, Alessandro Franceschi wrote: 
> >  > Sure you can, 
> >  > you have to pass the --hiera_config parameter to the puppet apply 
> >  > command (pointing to your hiera.yaml) and you will need the 
> > private key 
> >  > used to encrypt keys on every node (this is maybe the only issue 
> > with 
> >  > hiera-eyaml in masterless mode). 
> >  > al 
> >  > 
> >  > On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff 
> > wrote: 
> >  > 
> >  > Is it possible to use hiera-eyaml with a masterless puppet 
> setup 
> >  > (e.g. puppet apply)?  I want to verify before going down this 
> > path 
> >  > as I have been unable to find examples using puppet 
> > masterless and 
> >  > hiera-eyaml. 
> >  > 
> >  > -- 
> >  > You received this message because you are subscribed to the 
> Google 
> >  > Groups "Puppet Users" group. 
> >  > To unsubscribe from this group and stop receiving emails from it, 
> > send 
> >  > an email to puppet-users...@googlegroups.com  
> >  >  >. 
> >  > To view this discussion on the web visit 
> >  > 
> > 
> https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com>
>  
>
> > 
> >  > 
> > <
> https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email_source=footer
>  
> > <
> https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=email_source=footer>>.
>  
>
> > 
> >  > For more options, visit https://groups.google.com/d/optout 
> > . 
> > 
> >  
> > 
> > This message and any attached files contain confidential information 
> > and is intended only for the individual named. If you are not the 
> > named addressee you should not disseminate, distribute or copy this 
> > e-mail. Please notify the sender immediately by e-mail if you have 
> > received this e-mail by mistake and delete this e-mail from your 
> > system. E-mail transmission cannot be guaranteed to be secure or 
> > without error as information could be intercepted, corrupted, lost, 
> > destroyed, arrive late or incomplete, or contain viruses. The sender 
> > therefore does not accept liability for any errors or omissions in 
> > the contents of this message, which arise as a result of e-mail 
> > transmission. If verification is required please request a hard-copy 
> > version. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to puppet-users...@googlegroups.com  
> > . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com?utm_medium=email_source=footer>.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>  
>
> This message and any attached files contain confidential information and 
> is intended only for the individual named. If you are not the named 
> addressee you should not disseminate, distribute or

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

2015-03-11 Thread Jeff Adams 

We're using a couple of techniques:

We bake them into our system images, and for ad-hoc we have a Rundeck
job that can push the keys onto a host.

Haven't had to rotate the keys yet, but I presume that we'd either use
the ad-hoc technique, or re-spin the system image and re-deploy the
hosts. Since we're moving towards ephemeral/immutable hosts, this works
for us.

Hope that helps.

- Jeff

On 03/11/2015 03:05 PM, Heinz Kalkhoff wrote:

Jeff,

I realize you may not want to share the details, but can you share your
strategy on management of the private keys in a masterless setup?

Thanks for the reply.

Heinz

On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote:

We're using eyaml in our masterless setup as well. We've got our
hiera.yaml in /etc/puppet, so we don't need to specify the
--hiera_config with puppet apply.

True that distributing the private key(s) was an interesting issue
to solve.

-  Jeff

On 03/11/2015 08:30 AM, Alessandro Franceschi wrote:
  Sure you can,
  you have to pass the --hiera_config parameter to the puppet apply
  command (pointing to your hiera.yaml) and you will need the
private key
  used to encrypt keys on every node (this is maybe the only issue
with
  hiera-eyaml in masterless mode).
  al
 
  On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff
wrote:
 
  Is it possible to use hiera-eyaml with a masterless puppet setup
  (e.g. puppet apply)?  I want to verify before going down this
path
  as I have been unable to find examples using puppet
masterless and
  hiera-eyaml.
 
  --
  You received this message because you are subscribed to the Google
  Groups Puppet Users group.
  To unsubscribe from this group and stop receiving emails from it,
send
  an email to puppet-users...@googlegroups.com javascript:
  mailto:puppet-users+unsubscr...@googlegroups.com javascript:.
  To view this discussion on the web visit
 

https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com

https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com

 

https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=emailutm_source=footer

https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=emailutm_source=footer.

  For more options, visit https://groups.google.com/d/optout
https://groups.google.com/d/optout.



This message and any attached files contain confidential information
and is intended only for the individual named. If you are not the
named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your
system. E-mail transmission cannot be guaranteed to be secure or
without error as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in
the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.




This message and any attached files contain confidential information and is 
intended only for the individual named. If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail. Please notify the 
sender immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. E-mail transmission cannot be guaranteed 
to be secure or without error as information could be intercepted, corrupted, 
lost, destroyed, arrive late or incomplete, or contain viruses. The sender 
therefore does not accept liability for any errors or omissions in the contents 
of this message, which arise as a result of e-mail transmission. If 
verification is required please request a hard-copy version.

--
You received this message because you are subscribed to the Google Groups Puppet

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

2015-03-11 Thread Heinz Kalkhoff 
Jeff,

I realize you may not want to share the details, but can you share your 
strategy on management of the private keys in a masterless setup?

Thanks for the reply.

Heinz

On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote:

 We're using eyaml in our masterless setup as well. We've got our 
 hiera.yaml in /etc/puppet, so we don't need to specify the 
 --hiera_config with puppet apply. 

 True that distributing the private key(s) was an interesting issue to 
 solve. 

 -  Jeff 

 On 03/11/2015 08:30 AM, Alessandro Franceschi wrote: 
  Sure you can, 
  you have to pass the --hiera_config parameter to the puppet apply 
  command (pointing to your hiera.yaml) and you will need the private key 
  used to encrypt keys on every node (this is maybe the only issue with 
  hiera-eyaml in masterless mode). 
  al 
  
  On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff wrote: 
  
  Is it possible to use hiera-eyaml with a masterless puppet setup 
  (e.g. puppet apply)?  I want to verify before going down this path 
  as I have been unable to find examples using puppet masterless and 
  hiera-eyaml. 
  
  -- 
  You received this message because you are subscribed to the Google 
  Groups Puppet Users group. 
  To unsubscribe from this group and stop receiving emails from it, send 
  an email to puppet-users...@googlegroups.com javascript: 
  mailto:puppet-users+unsubscr...@googlegroups.com javascript:. 
  To view this discussion on the web visit 
  
 https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com
  
  
 https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=emailutm_source=footer.
  

  For more options, visit https://groups.google.com/d/optout. 

  

 This message and any attached files contain confidential information and 
 is intended only for the individual named. If you are not the named 
 addressee you should not disseminate, distribute or copy this e-mail. 
 Please notify the sender immediately by e-mail if you have received this 
 e-mail by mistake and delete this e-mail from your system. E-mail 
 transmission cannot be guaranteed to be secure or without error as 
 information could be intercepted, corrupted, lost, destroyed, arrive late 
 or incomplete, or contain viruses. The sender therefore does not accept 
 liability for any errors or omissions in the contents of this message, 
 which arise as a result of e-mail transmission. If verification is required 
 please request a hard-copy version. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00971302-01db-475f-945e-9c08763b6b46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: hiera-eyaml - masterless puppet

2015-03-11 Thread Alessandro Franceschi 
Sure you can, 
you have to pass the --hiera_config parameter to the puppet apply command 
(pointing to your hiera.yaml) and you will need the private key used to 
encrypt keys on every node (this is maybe the only issue with hiera-eyaml 
in masterless mode).
al

On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff wrote:

 Is it possible to use hiera-eyaml with a masterless puppet setup (e.g. 
 puppet apply)?  I want to verify before going down this path as I have been 
 unable to find examples using puppet masterless and hiera-eyaml.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

2015-03-11 Thread Jeff Adams 

We're using eyaml in our masterless setup as well. We've got our
hiera.yaml in /etc/puppet, so we don't need to specify the
--hiera_config with puppet apply.

True that distributing the private key(s) was an interesting issue to solve.

-  Jeff

On 03/11/2015 08:30 AM, Alessandro Franceschi wrote:

Sure you can,
you have to pass the --hiera_config parameter to the puppet apply
command (pointing to your hiera.yaml) and you will need the private key
used to encrypt keys on every node (this is maybe the only issue with
hiera-eyaml in masterless mode).
al

On Tuesday, March 10, 2015 at 10:37:30 PM UTC+1, Heinz Kalkhoff wrote:

Is it possible to use hiera-eyaml with a masterless puppet setup
(e.g. puppet apply)?  I want to verify before going down this path
as I have been unable to find examples using puppet masterless and
hiera-eyaml.

--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/f888b737-7789-4e4b-a72c-1b655a130c87%40googlegroups.com?utm_medium=emailutm_source=footer.
For more options, visit https://groups.google.com/d/optout.




This message and any attached files contain confidential information and is 
intended only for the individual named. If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail. Please notify the 
sender immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. E-mail transmission cannot be guaranteed 
to be secure or without error as information could be intercepted, corrupted, 
lost, destroyed, arrive late or incomplete, or contain viruses. The sender 
therefore does not accept liability for any errors or omissions in the contents 
of this message, which arise as a result of e-mail transmission. If 
verification is required please request a hard-copy version.

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5500465F.10308%40bancvue.com.
For more options, visit https://groups.google.com/d/optout.