On Fri, Oct 24, 2014 at 02:01:27PM -0500, Tim Skirvin wrote: > I've started investigating hiera-eyaml as a tool for managing > secrets within our puppet repository. It looks pretty promising, > especially in connection with 'show_diff => false'. For those that > haven't seen it: > > http://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml > > That said, I'm not sure what its performance implications are, and > how many decryption calls we can afford. Has anybody played with this > enough to be able to know how how these decryption calls will affect > performance problems?
I haven't noticed any performance issues. On the other hand, maybe I would if I didn't have so many classes, resources, and hiera lookups. > More concretely: I'm currently supporting ~1250 nodes with two > fairly-hefty puppet servers, but we're not managing much in the way of > secrets. If I were to, say, start managing the root password on all of > our nodes using this tool, should I expect our entirely environment to > melt down? Since you can revert the password-managing commit quite quickly, perhaps you could tell us how it goes? :D > - Tim Skirvin ([email protected]) > -- > HPC Systems Administrator / Developer http://www.linkedin.com/in/tskirvin > USCMS-T1 Collaboration Fermilab Scientific Computing -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20141024191149.GA1404%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
