summaryrefslogtreecommitdiff
path: root/README.md
blob: c7b05122a1ea39547b0f3302ad78c838ff86d247 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# CAcert Puppet

This repository contains Puppet code (manifests, templates, files, configuration data) to configure the
[CAcert infrastructure systems](https://infradocs.cacert.org).

The private key used to decrypt the Hiera data in [the hierdata subdirectory](hieradata) is stored on the
[Puppet server](https://infradocs.cacert.org/systems/puppet.html) in
`/etc/puppetlabs/code/environments/production/keys`

All future infrastructure changes should be made via this repository.

## Why Puppet?

We use [Puppet](https://puppet.com/docs/puppet/6/puppet_index.html) with
[Hiera](https://puppet.com/docs/puppet/6/hiera.html) in combination with
[PuppetDB](https://puppet.com/docs/puppet/6/puppetdb_overview.html) to have a proper audit trail for changes to our
infrastructure systems.

Alternatives like Ansible might be easier to learn, but do not provide the desired audit trail without more custom
tooling.