I want the puppetmaster can sign the manifest. avoid some guys publish
dangerous manifest to agent. like exec{"foo": command=>"rm / -rf";}
there is a software named samhain. it's a integrity checker and host
intrusion detection system . when compile the source code of the software,
you can configure a cert with it.
when the software running. it's only read the cert signed configure file.
any way, agent use https connect master . the ssl connect just let the
connecting is safe, but not the manifest code .
在 2013年9月16日星期一UTC+8下午8时10分41秒,Dustin J. Mitchell写道:
>
> The security of the puppetmaster is, indeed, important, although to
> varying degrees depending on the details of the implementation.
>
> However, puppet itself does not manage modifications to the manifests
> on the masters - that's up to the implementation.
>
> I don't think it's inherently any safer to create 100's of points that
> must be secured (agents) rather than few (masters), so I disagree with
> the implication that masters should not be used because they are (if
> not properly configured) insecure.
>
> Another thing to consider here is when agents have different trust
> levels. If you send your manifests and secrets to every agent, then
> any agent can impersonate any other agent.
>
> At any rate, since you've brought this to puppet-dev, is there a
> specific change that you're recommending to puppet itself?
>
> Dustin
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-dev.
For more options, visit https://groups.google.com/groups/opt_out.
