On Wednesday, August 22, 2012 2:47:57 PM UTC-5, Jakov Sosic wrote:
>
> Hi.
>
> I have an interesting use case.
>
> OSSEC is security tool based on server-client architecture. Server
> generates keys for agents, and every agent has different key.
>
> Now I want to distribute these keys via puppet. I've come accross hiera
> and installed it, and it works superbly, but how to store per-node key
> in hiera?
>
> This is my idea:
>
> hiera,yaml:
> ---
> :hierarchy:
> - ossec/%{hostname}
> - %{operatingsystem}
> - common
> :backends:
> - yaml
> :yaml:
> :datadir: '/etc/puppet/hieradata'
>
>
> And now in /etc/puppet/hieradata/ossec I have a bunch of hostname.yaml
> files, and all of them has something like this:
>
> ---
> ossec_client_key: 'blablabla'
> ossec_id: '2031'
>
>
>
> Is this the right approach? It sure works :)
>
>
"Right" is a tricky word, but I'm happy to say that your approach is
"reasonable", "good", "acceptable", and perhaps even "standard". There is
at least one hiera-based alternative that I would describe with many of the
same terms, but why mess with success?
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/0FpljMt7XEgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
