On Fri, 26 Mar 2010, Daniel Pittman wrote:
> The prospect of putting the secret key into our revision control
> system has ... well, little appeal is probably being fair: we could
> certainly do it, but it suddenly means that a whole bunch of extra
> data has to be treated as high security rather than low security.[2]
I configure puppet to print an error message that explains the
situation:
# util::manually_copied_file -- set permissions on a manually-copied
# file, and print an error message if the file is missing.
#
# usage:
# util::manually_copied_file { "/dirname/filename":
# message => "where to copy it from, or why it's not in puppet",
# owner => root,
# group => bin,
# mode => 0400,
# }
#
define util::manually_copied_file($message, $owner, $group, $mode)
{
# If the file exists and has a size > 0, then do nothing.
# Otherwise, print an error message and fail.
exec { "util::manually_copied_file check $name":
unless => "/bin/test -s $name",
command => "/bin/cat <<'EOF'; /bin/false
Please copy ${name} manually - ${message}
EOF
",
logoutput => true,
before => File[$name],
require => [],
}
# Set the ownership and permissions, but do not modify the content
file { $name:
ensure => file,
replace => false,
owner => $owner,
group => $group,
mode => $mode,
}
}
> So, on the whole my feeling is that an automatic "key distribution
> service" that was accessible to puppet but (mostly) not to people
> would be ideal.
That would be nice.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
