Fedora Infrastructure IRC Meeting Log from 2007-07-26
Jeffrey C. Ollie
jeff at ocjtech.us
Sat Jul 28 02:34:01 UTC 2007
On Fri, 2007-07-27 at 18:15 -0700, David Lutterkort wrote:
> On Thu, 2007-07-26 at 16:01 -0500, Jeffrey C. Ollie wrote:
> > [15:30] mmcgrath: the problem is opening up access but still keeping some of the passwords/keys secure.
> > [15:30] mmcgrath: like the web guys don't need access to the buildserver keys.
> > [15:30] mmcgrath: and the build guys don't need the fedoraproject.org ssl key.
> > [15:30] mmcgrath: that sort of thing
>
> Not sure if you guys know that or not (or if that applies to what you
> guys discussed): puppet lets you define filserver modules that are per
> node by putting something like
>
> [private]
> path /some/path/%h
> allow allow 10.8.34.0/24
>
> in your fileserver.conf [1] for sensitive per-node data.
The problem isn't client-side - the problem is giving people limited
access to modify the puppet manifests and the puppet file server. I
haven't yet thought of a good way to do that - we may just need to take
a "trust but verify" style approach. That however might mean that we
can't open up access as widely as we'd like.
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070727/cf08db90/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list