I am trying to write a module for tripwire. I need to push out the
twcfg.txt and twpol.txt files only if the tw.cfg and tw.pol files do
not currently exist.
How can do I this with File{}? I'm can't seem to find a way to do it.
In general times, how can you deploy file A only when file B does not
exist?
And... tripwire... what a mess. I am trying to use push out the site
key, then use several Exec{}'s to generate the local key, and encrypt
tw.cfg from twcfg.txt and tw.pol from twpol.txt. Hence the need to
only deploy the source files only if the encrypted files are gone.
No matter what approach I take, they all seem to be ugly. If I want to
make it as automated as possible, and run several Exec{} statements on
the client, you need to pass the pass phrases on the command line to
twadmin. This obviously isn't good. I don't think twadmin lets you
pass pass phrases from a file.
On the other hand, if the local key generation is done on the puppet
master, then it has to be a manual process that's done whenever a new
system is deployed. Not scalable. Since the client key is also
generated on the master, it means that the tw.cfg and tw.pol files
need to be encrypted on the master as well. Also not scalable.
Ugh. my head hurts. Stupid friggin PCI compliance.
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
