On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
- Each node has a copy of the entire repository of modules and classes
which makes it in my opinion a security risk.
Don't put passwords and private keys in your manifests.
Would you call this a general rule? If so, what's the
I use the following plugin :
module Puppet::Parser::Functions
newfunction(:getPassword, :type = :rvalue) do |args|
clientHostname = args[0]
type = args[1]
len = args[2]
filename = /var/lib/puppet/passwords/ + clientHostname + - +
type + .pass
def newpass( len )
On Sat, Jan 30, 2010 at 12:23 AM, Peter Meier peter.me...@immerda.chwrote:
On Wed, Jan 27, 2010 at 05:59:27PM +0100, Thomas Bellman wrote:
- Each node has a copy of the entire repository of modules and classes
which makes it in my opinion a security risk.
Don't put passwords and private
Hi,
Stephen would never mention it himself, he's too modest, but he's done
a great write-up of how he uses Git (or other DVCS) to distribute
manifests instead of using a Puppetmaster. It's quite flexible and
powerful (you can use a post-receive hook on the remote repos to run
Puppet whenever a
Hi John,
I read the blog post and although an interesting approach, I can see several
shortcomings, namely:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
- Anything apart from a DVCS to do deployment (i.e. subversion) would be
madness. And
Atha Kouroussis wrote:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
You would likely use 'node' statements in your manifests.
But I think you can use external_nodes from stand-alone puppet as well.
You would of course need to make sure that
On Wed, Jan 27, 2010 at 7:59 AM, Atha Kouroussis akourous...@gmail.comwrote:
Hi John,
I read the blog post and although an interesting approach, I can see
several shortcomings, namely:
- Lack of external node classifier: how do you control/specify which node
applies which modules?
We don't