configuration

Sharing secrets with Puppet, secretly.

If you've used Puppet for anything non-trivial, you've almost certainly used it to configure something secret. Perhaps you've configured an application with a database password. Perhaps you've configured a local maintenance user account with a private SSH key. Something that might seem obvious in retrospect is that these secrets exist in the catalog--and by extension all reports and any other tooling that uses them. Anyone with access to the catalog or raw reports also has access to your secrets. All your secrets.

Oh, the fun things we can write!

boring text

So now we've used Puppet to manage a file on our computer. The /etc/motd file is now owned by root and has a fun little sentence in it. We can write all we want out to that file. But sooner or later, we're going to want to put something a little more interesting. Perhaps we'll want the hostname or operating system installed?

We'll take a little side trip first, though, and learn about $variables.

Puppet Zero

Puppet Zero

Configuration management with tools like Puppet can make your life a lot easier. It can make configuring newly provisioned servers more repeatable and reliable and it can make disaster recovery nearly trivial. Learning to use the tool isn't trivial by any means, though. There are 200 configurable options, give or take depending on the version you're running, and the number of things you can do with it is nearly infinite.

So what is this Puppet thing anyway?

Puppet Zero

So you keep hearing about this Puppet thing and how it's going to solve all of your DevOpsy configuration management problems. But what is it? How do you write a Puppet script? Well, as it turns out, the key concept is unlearning the habit of thinking about scripts. But all in good time. We'll get there. First, let's write some code.

Let's start out with something easy. You all know what the /etc/motd file is. It's the message of the day file that's dumped to your screen every time you log in.