On 11/21/2012 11:09 AM, David Schmitt wrote:
> This will put the passphrase onto the node every time puppet runs. I do
> not see how that will make it any more secure.
I do not think it will. Exec will run only if /tmp/mykey does not exist,
and in my case it does exist all the time until you delete it manually.
Take a look:
# cat test.pp
exec {'first':
command => '/bin/echo "something" > /tmp/mykey',
creates => '/tmp/mykey',
}
# puppet apply test.pp
/Stage[main]//Exec[first]/returns: executed successfully
Finished catalog run in 0.16 seconds
# cat test2.pp
exec {'second':
command => '/bin/echo "" > /tmp/mykey | /usr/bin/tee -a /tmp/mykey2',
creates => '/tmp/mykey2',
}
# puppet apply test2.pp
/Stage[main]//Exec[second]/returns: executed successfully
Finished catalog run in 0.30 seconds
# cat /tmp/mykey
# cat /tmp/mykey2
#
# puppet apply test.pp
Finished catalog run in 0.10 seconds
# cat /tmp/mykey
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
