integration with agent-side password management tool
21 views
Skip to first unread message
Thomas Müller
Aug 8, 2014, 1:47:47 AM8/8/14
to puppet...@googlegroups.com
Hi
We have some requirement to integrated with a password management tool.
We only have access to the credentials on the agent-side and we may not
put them into a fact.
two possible solutions come to mind:
- we could create ruby functions to query the credentials. If they could
be used in erb templates and if they could be evaluated on agent-side. But
I think the whole ERB template is parsed on the master-side - is this
assumption correct?
- create a "postrun_command framework" which takes configuration
templates generated by puppet, replaces password place-holders, restarts
services, ...
Somehow the first variant is more appealing to me or maybe there is even
a more easy solution for such a problem? :)
- Thomas
We have some requirement to integrated with a password management tool.
We only have access to the credentials on the agent-side and we may not
put them into a fact.
two possible solutions come to mind:
- we could create ruby functions to query the credentials. If they could
be used in erb templates and if they could be evaluated on agent-side. But
I think the whole ERB template is parsed on the master-side - is this
assumption correct?
- create a "postrun_command framework" which takes configuration
templates generated by puppet, replaces password place-holders, restarts
services, ...
Somehow the first variant is more appealing to me or maybe there is even
a more easy solution for such a problem? :)
- Thomas
Nan Liu
Aug 9, 2014, 11:22:38 AM8/9/14
to puppet...@googlegroups.com
On Thu, Aug 7, 2014 at 10:47 PM, Thomas Müller <tho...@chaschperli.ch> wrote:
We have some requirement to integrated with a password management tool.
We only have access to the credentials on the agent-side and we may not
put them into a fact.
two possible solutions come to mind:
- we could create ruby functions to query the credentials. If they could
be used in erb templates and if they could be evaluated on agent-side. But
I think the whole ERB template is parsed on the master-side - is this
assumption correct?
The built in template function processes the ERB on the master. However you can use something like datacat if you want client side templates:
HTH,
Nan
Reply all
Reply to author
Forward
0 new messages