VMware Cloud Community
jacksonecac
Enthusiast
Enthusiast
‎08-04-2016 11:34 AM

vRO + Puppet Security

Hello,

We are implementing puppet on top of the vm deployments using vRO. Since puppet runs as root on the client and puppet runs as root on the puppet master. How do we protect the integrity of root permissions as a Linux team? My thought process was to build the vm, run a workflow to install the agent on the new server, then run a command on the puppet master to accept the cert. However, to do this vRO needs to maintain root permissions on both the client and the master. Therefore, how do we protect these permissions from the VMware team while at the same time completing our objectives?

Tags (3)
Reply
0 Kudos
2 Replies
carl1
Expert
Expert
‎08-04-2016 06:05 PM

One technique that has been used for decades on Linux is to create a 2nd account with UID=0.  That way, you essentially have 2 root accounts.  Not as secure but might solve your problem.


Carl L.

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot
‎08-05-2016 01:02 AM

You could use foreman + autosign.. it's another layer but removes the need for you to log in to the puppet master as root.

Reply
0 Kudos