[Lsb-messages] /var/www/bzr/lsb/devel/puppet-lsb r93: Add necessary references to the new puppet-secret area.

Jeff Licquia licquia at linuxfoundation.org
Sun Jan 29 00:09:20 UTC 2012 

------------------------------------------------------------
revno: 93
committer: Jeff Licquia <licquia at linuxfoundation.org>
branch nick: puppet-lsb
timestamp: Sat 2012-01-28 19:09:20 -0500
message:
  Add necessary references to the new puppet-secret area.
modified:
  README
  modules/puppet/manifests/server.pp
  puppet.conf
-------------- next part --------------
=== modified file 'README'
--- a/README	2012-01-26 20:40:38 +0000
+++ b/README	2012-01-29 00:09:20 +0000
@@ -80,6 +80,27 @@
 can force the current configuration to apply immediately without
 waiting for the normal agent update interval.
 
+The puppet-secret modules
+-------------------------
+
+In a few cases, this configuration refers to modules that don't seem
+to exist.  These are from the "puppet-secret" area, and contain
+information that shouldn't be accessible to the public: passwords,
+secret keys, and so on.
+
+In all cases, puppet-secret contains modules which either expose
+variables to Puppet, or install files.  Someone with experience in
+Puppet should be able to recreate puppet-secret with nothing more than
+the information contained here, and thus create an independent
+working implementation.  Of course, the passwords, keys, etc. will be
+different than on the live production copy.
+
+It might be worth asking whether a "blank" public copy of
+puppet-secrets could be provided.  The worry is that the blank copy
+would get stale, and implementors would be forced to reverse-engineer
+the missing bits from this repository anyway.  Suggestions for fixing
+this problem are welcome.
+
 Jeff Licquia
 licquia at linuxfoundation.org
-2012-01-18
+2012-01-28

=== modified file 'modules/puppet/manifests/server.pp'
--- a/modules/puppet/manifests/server.pp	2012-01-22 22:40:29 +0000
+++ b/modules/puppet/manifests/server.pp	2012-01-29 00:09:20 +0000
@@ -20,4 +20,14 @@
         recipient => '|/usr/local/bin/puppet-email-notify',
     }
 
+    # Update the secrets repository as well.  This is assumed to be
+    # checked out to /etc/puppet-secret; this is a manual step
+    # for setting up a puppet master.
+
+    cron { 'update-puppet-secret':
+        command => 'cd /etc/puppet-secret && bzr up -q',
+        user    => 'root',
+        minute  => '*/5',
+    }
+
 }

=== modified file 'puppet.conf'
--- a/puppet.conf	2012-01-18 15:12:34 +0000
+++ b/puppet.conf	2012-01-29 00:09:20 +0000
@@ -28,4 +28,4 @@
     localconfig = $vardir/localconfig
 
 [master]
-    modulepath = /etc/puppet/modules
+    modulepath = /etc/puppet/modules:/etc/puppet-secret/modules

More information about the lsb-messages mailing list