Hi People, I would like some insight from you on how to easily manage SSL certs/keys.
My puppet infrastructure is pretty straight forward: puppet3+puppetdb+hiera+hiera-gpg. I am in the process of writing tons of modules, which are pretty general modules with no hardcoded dependencies between them. As I am going forward with building modules and stuff I came across an issue how to manage SSL certs. Let me give you an example scenario: I have a node named "node.example.com" which gets some apps configured by puppet by 3 different modules, let's call them app1, app2 and app3. Those application require SSL certificates to function properly. The CN of the cert needs to reflect the hostname of the node. What options do I have here? From my opinion I could: 1. Use hiera text blocks and store certs/keys in hiera/hiera-gpg in a variable something like: "ssl_cert_node.example.com" and "ssl_key_node.example.com" and then reference this variable inside a module using variables so nothing is hardcoded. 2. Build an SSL module which would distribute certs/keys taken from hiera/hiera-gpg. Any other ideas? I do not want to use module dependencies and I hate hardcoding stuff into modules. Thanks, Vaidas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Eu4HaYd8-AQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
