serving per-node private data in puppet 5

[Matt Zagrabelny]

Greetings!

I'm working on migrating my puppet 3.7 environment to puppet 5.5 (Debian testing.)

How are folks serving private per-node data in puppet 5? (i.e. ssh keys, apache cert and key, etc.)

In both puppet 2.7 and 3.7 I've used:

$ cat /etc/puppet/fileserver.conf

# This file consists of arbitrarily named sections/modules

# defining where files are served from and to whom

[private]

    path /etc/puppet/environments/production/private/%H

    allow *

Have things changed since then? Are there better (or more idiomatic) ways of serving up private per-node files?

Ideally I would also be able to use the environment to adjust the mount point. Hand-wavy magic:

    path /etc/puppet/environments/%E/private/%H

Hiera has support for top level variables. Our ENC exposes the environmentt:

"environments/%{::environment}/node/%{clientcert}"

Thanks for any hints, help, or discussion!

-m

[David Schmitt]

Hi Matt,

I've not tried it myself, but https://puppet.com/docs/puppetserver/5.3/config_file_auth.html#hocon-example with a `match-request` selecting the hostname and a backreference in the `allow` section seems the new way to do this.

Cheers, David

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3V1Ff9%3DQo%2BAUO72_UEvJE%2BakR6eKgTmW_PVr021Y8zcvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

Cheers, David

https://twitter.com/dev_el_ops