This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2TGIWHDCRHNCWCXIATNRP Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Since the dawn of the rebirth of ovirt.org (Sep-ish 2011), I have kept all the passwords and secret stuff in /root/passwords on linode01.ovirt.o= rg. Any of the Infra maintainers _should_ be able to shell in to that machine and view those passwords with 'sudo'. (I bet that may not be the case, something to not bother fixing but rather migrate away from.) I sort-of like this idea ongoing, that is, having the one file of all our truly secret-secrets in /root/ so anyone with full-root sudo can get at it to do their work. What I'm thinking is that it would be cool to duplicate this file across all the hosts, either all VMs, or at least the top-level hypervisor hosts at *{01,02}.ovirt.org. Doesn't sound like something for Puppet, since the data can't be shown. Another option is to encrypt it, and use a shared GPG key to decrypt the file? (I have a small util[1] that does that, so not terribly painful.) OTOH, I could write a bash script that uses rsync over ssh (and a common root sshkey used on all our hosts) to push out a new copy of the file whenever we saved it; cf. running 'newaliases' when making changes to /etc/aliases. Of course, we could go in an entirely different direction. Thoughts? - Karsten [1] sezme --=20 Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 ------enig2TGIWHDCRHNCWCXIATNRP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" ------enig2TGIWHDCRHNCWCXIATNRP--