One thing to add to this - if you have set autosign.conf to autosign
anything
then it is possible for a remote client to get a certificate remotely
then retrieve
files... Of course this will take a few requests, but its possible...
Greg
On Aug 10, 7:47 am, James Turnbull wrote:
> -BEGIN PGP
Matt,
That worked fine - thanks for that... (Finally managed to actually
test
it this morning...)
So long as it always takes less than 5 seconds to restart, this looks
like
it will work nicely...
thanks,
Greg
On Jul 24, 10:03 pm, Matthew Hyclak wrote:
> On Thu, Jul 23, 2009 at 11:33 PM, Greg
2009/8/10 Daniel Pittman :
> My best guess, right now, is that I need to write a function, or a fact, that
> determines if we are the active or passive machine for a specific service[1],
> and then only configure those features when we are active.
I'd probably write a set of facts, one for each H
G'day. I have a problem that I don't know the best way to mesh with Puppet.
Specifically, we have a database active/passive fail-over cluster. Access to
the database is *only* possible on the active machine, not on the passive
machine.
I would like to manage various database resources, includi
Hi all,
Am starting to look at managing some of the extended Solaris
authorisations starting with /etc/user_attr. Has anyone looked at this
before?
File is similar in format to a passwd file. Heres a couple of examples
from a default file:
admprofiles=Log Management
lpprofiles=Printer M
ssah_authorized_keys bug is fixed on 0.25rc1
http://projects.reductivelabs.com/issues/2487
Cheers
On Aug 4, 4:36 pm, Mike Harding wrote:
> I have about 30 dev. and operation users on my machines, is there a
> recipe anywhere for doing this? The best practices doc on the wiki is
> incomplete an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Simon Strange wrote:
> Hi,
>
> This might be a silly question but if I have a fileserver configured like
> this:
>
> [files]
> path = /etc/puppet/files
> allow *
>
> Does that mean:
>
> 1. Anybody in the world (who can reach my puppet master)
Hi,
This might be a silly question but if I have a fileserver configured like this:
[files]
path = /etc/puppet/files
allow *
Does that mean:
1. Anybody in the world (who can reach my puppet master) can view/pull files?
2. Only the clients who've been signed via the "puppetca --sign"
proc
Hi there,
I setup my Puppet manifests before modules really took off. Recently
I read the best practice info (nice work!) and saw that a convention
has emerged with the 'site' module. Great. I'm delighted to keep all
my secrets in there and open up any other modules I might write. But
before
