I'd like to setup Vagrant to use my current Puppet master as a provisioner. But I don't like the idea of embedding the SSL key pair in the .box file.
What I am currently doing is distributing the ca.pem, public, private, and cert key files for the Puppet agent with the Vagrant file and using this shell script to bootstrap the Puppet agent:
$puppet_ssl = <<SCRIPT
sudo mkdir -p /var/lib/puppet/ssl/{certs,private_keys,public_keys}
sudo chown puppet /var/lib/puppet/ssl/{certs,private_keys,public_keys}
sudo cp /vagrant/puppet/certs/appdev.mydomain.com.pem /vagrant/puppet/certs/ca.pem /var/lib/puppet/ssl/certs/
sudo cp /vagrant/puppet/private_keys/appdev.mydomain.com.pem /var/lib/puppet/ssl/private_keys/
sudo cp /vagrant/puppet/public_keys/appdev.mydomain.com.pem /var/lib/puppet/ssl/public_keys/
SCRIPT
This seems to work OK if the developer has the files and everything is in the correct directories.
My question: Is there a better way to distribute arbitrary files that need to be pre-loaded onto the Vagrant VM without embedding them into the .box file?
The simplest way to approach this would probably be to configure your
Vagrantfileto set up a synced folder on/var/lib/puppet/ssl, and load the keys out of your local Vagrant project directory. Documentation is here:http://docs.vagrantup.com/v2/synced-folders/basic_usage.html
Alternatively, Puppet autosigning might resolve the problem well enough for your needs.