oops, nano. In the above code,
creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","/etc/ldap/server.pem"]
On Sat, Aug 7, 2010 at 9:22 AM, mohit chawla
wrote:
> Also, I have something like this for creating the certificates, works just
> about fine, and helps in not being paranoid about draw
Also, I have something like this for creating the certificates, works just
about fine, and helps in not being paranoid about drawbacks of using
puppet's certs:
class certs{
package {"openssl":
ensure=>present,
}
I use Puppet's certs to setup stunnels and do all other private
communication through those. I also reference them directly rather
than copying them around. I haven't gone through the whole firedrill
yet but this at least seems like it won't make moving services between
hosts more painful.
Rich
(
Hi Bob,
Doing the same for LDAP+TLS, it gives me the advantage of not creating
another set of cert/key per machine, besides they are distributed with
puppet, at the beginning I was tempted to use only symlnks to them but later
I decided to make a copy of them and I've started to use like that with
On 8/6/2010 4:47 PM, Bob Belnap wrote:
Is anyone else doing this? Is it a good idea? What are the potential
pitfalls?
me too.
An important consideration is that if you distribute secrets (db
passwords etc) with puppet, every application using puppet's key can
also access them.
Another d
I would also like to know the same, are there any drawbacks of doing this ?
On Fri, Aug 6, 2010 at 8:41 PM, Joe McDonagh wrote:
> On 08/06/2010 10:47 AM, Bob Belnap wrote:
>
>> Hello,
>>
>> As I've been building up my puppet infrastructure, I've started using
>> puppet certs for all of my service
On 08/06/2010 10:47 AM, Bob Belnap wrote:
Hello,
As I've been building up my puppet infrastructure, I've started using
puppet certs for all of my services that require ssl. Usually this is
in the form of links:
Bob, you're absolutely right it's a big win. I didn't even use links, I
just p
Hello,
As I've been building up my puppet infrastructure, I've started using
puppet certs for all of my services that require ssl. Usually this is
in the form of links:
file {
"/opt/syslog-ng/etc/ca.d/b2457b50.0":
require => Package["syslog-ng"],
ensure => li
