I've started investigating hiera-eyaml as a tool for managing secrets within our puppet repository. It looks pretty promising, especially in connection with 'show_diff => false'. For those that haven't seen it:
http://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml
That said, I'm not sure what its performance implications are, and
how many decryption calls we can afford. Has anybody played with this
enough to be able to know how how these decryption calls will affect
performance problems?
More concretely: I'm currently supporting ~1250 nodes with two
fairly-hefty puppet servers, but we're not managing much in the way of
secrets. If I were to, say, start managing the root password on all of
our nodes using this tool, should I expect our entirely environment to
melt down?
- Tim Skirvin ([email protected])
--
HPC Systems Administrator / Developer http://www.linkedin.com/in/tskirvin
USCMS-T1 Collaboration Fermilab Scientific Computing
pgpagPT0qfbq2.pgp
Description: PGP signature
