On 02. juli 2012 17:26, Darryl Wisneski wrote:
modules I can use hiera to call up my hash and create ruby/puppet
functions to do the server host location and functional logic based
on the default facter facts of hostname and operatingsystem reported
by the server host themselves. All the configuration remains in
hiera and the module manifests remain puppet business logic.
Comments?
Off list as I'm too lazy to write in length and explain it all ;-)
Do you care that the node (i.e root on the server) is able to say
anything at all about its role and location? If you place a fact on the
system that says what it is it could lie.
What I'm getting at is security.
I've designed my own hiera setup so that I don't use ANY host-derived
facts, at all. The only thing I can be (relatively) sure of on the
puppetmaster is that clientcert is what it says it is.
In a multi-tenant scenario (or easier even, in a scenario where all your
servers have a common root password) where would you place your source
of truth?
Don't know if you see this or care but still fired this off.
best,
Jan Ivar Beddari
Linux/Mac architect University of Bergen, Norway
--
http://www.uib.no/personer/Jan.Ivar.Beddari
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
