On 11/01/17 02:50, John Gelnaw wrote:
On Tuesday, January 10, 2017 at 3:19:45 PM UTC-5, Eric Sorenson wrote:
I'd like to point out that this ntp module is also deliberately a
test case for *all* of the puppet 4 language features, and as such
is kind of a "reference module", so it ce
On Tuesday, January 10, 2017 at 3:19:45 PM UTC-5, Eric Sorenson wrote:
>
>
> I'd like to point out that this ntp module is also deliberately a test
> case for *all* of the puppet 4 language features, and as such is kind of a
> "reference module", so it certainly could be simpler but is intended t
On Monday, January 9, 2017 at 6:56:34 AM UTC-8, John Gelnaw wrote:
>
> On Sunday, January 8, 2017 at 2:31:33 PM UTC-5, Rob Nelson wrote:
>>
>> There are a lot of very valid issues and concerns you bring up here. I do
>> want to start by saying, however, that puppet 4 is more than 6 months old -
"puppet can just do it for us"
This * 1000
On Tue, Jan 10, 2017 at 9:42 AM, R.I.Pienaar wrote:
>
>
> - Original Message -
> > From: "Rob Nelson"
> > To: "puppet-users"
> > Sent: Tuesday, 10 January, 2017 15:28:07
> >
> And anyone who has their puppet server name on their laptop set to "puppet"
> is not allowed to yell about security. EVER.
The scenario I showed was default how puppet works by design. You can be sure
that most people deploy it that way. They certainly cannot make informed
decisions about t
On Tuesday, January 10, 2017 at 12:37:14 AM UTC-5, R.I. Pienaar wrote:
> > So how many times have you verified you didn't talk to an evil CA when
> you
> > originally connected an agent?
>
> Every time? I logged into my known CA using a non Puppet means, I know
> it's
> the known CA because
- Original Message -
> From: "Rob Nelson"
> To: "puppet-users"
> Sent: Tuesday, 10 January, 2017 15:28:07
> Subject: Re: [Puppet Users] Over-engineering rant
> I would argue that it's when you break steps 1-3 down into implementation
> det
I would argue that it's when you break steps 1-3 down into implementation
details that it becomes confusing for many. If you've done it before, it's
trivial; if it's your first time, it can be hairy.
Rob Nelson
rnels...@gmail.com
On Tue, Jan 10, 2017 at 9:16 AM, Trevor Vaughan
wrote:
> Actuall
Actually, from an automation point of view, this is pretty trivial.
Step 1) Create new CA (preserving old CA trust) X number of days prior to
expiration
Step 2) Pass out both CA trust roots to all systems
Step 3) Start a re-signing party using the fact that you already have a
bi-directional trust
- Original Message -
> From: "John Gelnaw"
> To: "puppet-users"
> Sent: Tuesday, 10 January, 2017 01:17:58
> Subject: Re: [Puppet Users] Over-engineering rant
> On Monday, January 9, 2017 at 2:39:38 PM UTC-5, R.I. Pienaar wrote:
>>
>&
I think certificate handling is a valid critique of puppet's security
implementation. Running a public key infrastructure of any sort is
difficult. Things like expired CAs and a lack of intermediate signing CAs
does expose puppet administrators who are lacking those fairly rare skill
sets to some d
On Monday, January 9, 2017 at 2:39:38 PM UTC-5, R.I. Pienaar wrote:
>
>
> Because if i can convince your client to connect to $evil_ca, then what?
> How's it to know its a new legit ca and not a new bad ca?
>
The same way it "knew" when you originally provisioned it-- It didn't. In
fact, the a
- Original Message -
> From: "John Gelnaw"
> To: "puppet-users"
> Sent: Monday, 9 January, 2017 20:14:00
> Subject: Re: [Puppet Users] Over-engineering rant
> On Monday, January 9, 2017 at 10:10:08 AM UTC-5, R.I. Pienaar wrote:
>>
>>
>
On Monday, January 9, 2017 at 10:10:08 AM UTC-5, R.I. Pienaar wrote:
>
>
> so we're on the same page are you just saying in general the NTP module
> has too much
> going on and its too huge for a "simple" piece of software?
>
Mostly, it was the unexpected syntax. Somehow, I completely missed a
- Original Message -
> From: "John Gelnaw"
> To: "puppet-users"
> Sent: Monday, 9 January, 2017 15:56:34
> Subject: Re: [Puppet Users] Over-engineering rant
> On Sunday, January 8, 2017 at 2:31:33 PM UTC-5, Rob Nelson wrote:
>>
>> There
On Sunday, January 8, 2017 at 2:31:33 PM UTC-5, Rob Nelson wrote:
>
> There are a lot of very valid issues and concerns you bring up here. I do
> want to start by saying, however, that puppet 4 is more than 6 months old -
> about 20 months to be precise - and most of the significant language
> c
Am 08.01.2017 um 11:04 schrieb Fabrice Bacchella:
>> And, on the other hand - all this complexity to manage a NTP?
> And that's for something that for a given environment never change,
> have no options. So dropping a standard file that is hand made once in
> a lifetime is enough for the vast maj
On 1/8/2017 5:54 AM, Jakov Sosic wrote:
On 01/08/2017 11:04 AM, Fabrice Bacchella wrote:
And that's for something that for a given environment
never change, have no options. So dropping a standard
file that is hand made once in a lifetime is enough for
the vast majority of people.
Exactly my
There are a lot of very valid issues and concerns you bring up here. I do
want to start by saying, however, that puppet 4 is more than 6 months old -
about 20 months to be precise - and most of the significant language
changes were introduced somewhat earlier in the future parser in puppet 3.
These
IMHO, the changes made to the language in 4.x allows for better and more
complete modeling of systems. Yes you have more 'things' to learn, the
types/lookup systems for example but they are relatively simple to
understand. Look at your ntp example, I image it was the specification of
Types that loo
On 8 January 2017 at 02:00, Jakov Sosic wrote:
> Hi guys,
>
> this is maybe a topic better suited for -dev list, but, well, here goes.
>
> I've been using puppet heavily for 3-4 years, up until version 4, now I'm
> mostly maintaining my own open source modules.
>
> What stumped me lately is the am
> Le 8 janv. 2017 à 14:54, Jakov Sosic a écrit :
>
> On 01/08/2017 11:04 AM, Fabrice Bacchella wrote:
>
>> And that's for something that for a given environment
> > never change, have no options. So dropping a standard
> > file that is hand made once in a lifetime is enough for
> > the vast maj
On 01/08/2017 11:04 AM, Fabrice Bacchella wrote:
And that's for something that for a given environment
> never change, have no options. So dropping a standard
> file that is hand made once in a lifetime is enough for
> the vast majority of people.
Exactly my point...
I never really understood
- Original Message -
> From: "Fabrice Bacchella"
> To: "puppet-users"
> Sent: Sunday, 8 January, 2017 11:04:18
> Subject: Re: [Puppet Users] Over-engineering rant
>> Le 8 janv. 2017 à 03:00, Jakov Sosic a écrit :
>>
>> Hi guys,
&
> Le 8 janv. 2017 à 03:00, Jakov Sosic a écrit :
>
> Hi guys,
>
> this is maybe a topic better suited for -dev list, but, well, here goes.
>
> I've been using puppet heavily for 3-4 years, up until version 4, now I'm
> mostly maintaining my own open source modules.
>
> What stumped me lately
25 matches
Mail list logo
