Hey guys, I've got an issue, which I think is solvable by using custom
types/provider but I'm not very familiar with ruby yet, so I'm in very much
need of your help.
The problem:
I have a file resource which uses a template:
file { "${config_dir}/foo":
¦ ensure => 'file',
¦ content => template('my_module/properties.erb')
}
The template my_module/properties.erb is iterating the properties:
<%- @props.keys.sort.each { |prop| -%>
<%= prop -%>=<%= @props[prop] %>
<%- } -%>
The props parameter is a hash:
$props = {
¦ 'username' => "${user}",
¦ 'password' => "${password}",
(...)
}
Now what I need to do is to encrypt the password variable before inserting
it into the template. The catch is that the encryption is done by custom
script which HAS to be run on the node (it creates a fingerprint of the
machine).
Also, unfortunately the encryption generates different hash every time it
runs, so it should include a check with a decryption (which the encryption
script provides)
My question is how to achieve my goal so that I can encrypt the password
(at node level) before inserting it into the file?
I have 3 thoughs:
1. Use custom fact (this actually works, but is not my solution of choice -
it's not flexbile, it requires at least one puppet run before it would
insert a proper fact [the first run would create fact, the second populate
it], and facts should not be used to store passwords even in hash form)
2. Add new type (like file_encrypt) with a content provider which would
mimic the behavior of the File resource with just encrypt/decrypt methods
added, but that would be redundant and ugly.
3. Create a custom provider for the File type which could be used with
passing the encrypt => true to the File resource but I don't know how this
could be done.
Please help me, I would appreciate it. :)
Best regards,
Eryk
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/87a66de5-1471-45dc-acf7-095e9647bc93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
