On 10/24/14 12:01 PM, Tim Skirvin wrote:
I've started investigating hiera-eyaml as a tool for managing secrets within our puppet repository. It looks pretty promising, especially in connection with 'show_diff => false'. For those that haven't seen it:http://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml That said, I'm not sure what its performance implications are, and how many decryption calls we can afford. Has anybody played with this enough to be able to know how how these decryption calls will affect performance problems? More concretely: I'm currently supporting ~1250 nodes with two fairly-hefty puppet servers, but we're not managing much in the way of secrets. If I were to, say, start managing the root password on all of our nodes using this tool, should I expect our entirely environment to melt down? - Tim Skirvin (tskir...@fnal.gov)
My experience is the same as Christopher's though our frontend servers pull 50+ encrypted keys for everything from db credentials to third party shared secrets per environment. I didn't notice a change when we switched to eyaml, but I also coupled it with a upgrade to Ruby 1.9.3 from 1.8.7. Also we have only 150 nodes.
I'd say start slowly or on your stage master, but don't be surprised if adding a few keys fails to impact performance.
Ramin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/544AA729.4070804%40badapple.net. For more options, visit https://groups.google.com/d/optout.
