Book Image

Puppet 5 Beginner's Guide - Third Edition

By : John Arundel
Book Image

Puppet 5 Beginner's Guide - Third Edition

By: John Arundel

Overview of this book

Puppet 5 Beginner’s Guide, Third Edition gets you up and running with the very latest features of Puppet 5, including Docker containers, Hiera data, and Amazon AWS cloud orchestration. Go from beginner to confident Puppet user with a series of clear, practical examples to help you manage every aspect of your server setup. Whether you’re a developer, a system administrator, or you are simply curious about Puppet, you’ll learn Puppet skills that you can put into practice right away. With practical steps giving you the key concepts you need, this book teaches you how to install packages and config files, create users, set up scheduled jobs, provision cloud instances, build containers, and so much more. Every example in this book deals with something real and practical that you’re likely to need in your work, and you’ll see the complete Puppet code that makes it happen, along with step-by-step instructions for what to type and what output you’ll see. All the examples are available in a GitHub repo for you to download and adapt for your own server setup.
Table of Contents (21 chapters)
Puppet 5 Beginner's Guide Third Edition
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
Index

Managing secret data


Puppet often needs to know your secrets; for example, passwords, private keys, and other credentials need to be configured on the node, and Puppet must have access to this information. The problem is how to make sure that no-one else does. If you are checking this data into a Git repo, it will be available to anybody who has access to the repo, and if it's a public GitHub repo, everybody in the world can see it.

Clearly, it's essential to be able to encrypt secret data in such a way that Puppet can decrypt it on individual nodes where it's needed, but it's indecipherable to anybody who does not have the key. The popular GnuPG encryption tool is a good choice for this. It lets you encrypt data using a public key which can be distributed widely, but only someone with the corresponding private key can decrypt the information.

Hiera has a pluggable backend system which allows it to support various different ways of storing data. One such backend is called hiera-eyaml-gpg,...