On Sat, Jan 30, 2010 at 12:23 AM, Peter Meier wrote:
> On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
>>
>>> >- Each node has a copy of the entire repository of modules and classes
>>> >which makes it in my opinion a security risk.
>>>
>>> Don't put passwords and private keys in y
I use the following plugin :
module Puppet::Parser::Functions
newfunction(:getPassword, :type => :rvalue) do |args|
clientHostname = args[0]
type = args[1]
len = args[2]
filename = "/var/lib/puppet/passwords/" + clientHostname + "-" +
type + ".pass"
def newpass( le
Eric Gerlach wrote:
On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
Don't put passwords and private keys in your manifests.
Would you call this a general rule? If so, what's the best practice for
setting passwords and private keys?
Yes, I think that is a very good genera
On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
>- Each node has a copy of the entire repository of modules and classes
>which makes it in my opinion a security risk.
Don't put passwords and private keys in your manifests.
Would you call this a general rule? If so, what's the
On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
> >- Each node has a copy of the entire repository of modules and classes
> >which makes it in my opinion a security risk.
>
> Don't put passwords and private keys in your manifests.
Would you call this a general rule? If so, what's
On Wed, Jan 27, 2010 at 7:59 AM, Atha Kouroussis wrote:
> Hi John,
> I read the blog post and although an interesting approach, I can see
> several shortcomings, namely:
> - Lack of external node classifier: how do you control/specify which node
> applies which modules?
>
We don't do things this
Atha Kouroussis wrote:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
You would likely use 'node' statements in your manifests.
But I think you can use external_nodes from stand-alone puppet as well.
You would of course need to make sure that
Hi John,
I read the blog post and although an interesting approach, I can see several
shortcomings, namely:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
- Anything apart from a DVCS to do deployment (i.e. subversion) would be
madness. And even
