Export file resource created with exec
On a node I use a command to generate a file which then should be exported to a PuppetDB and therefore be available for all clients. In this particular case it's a private key of installed openvpn server. I tried a naive approach:
define tunnel($id, $mode = 'server') {
exec { "generateKey$id" :
command => "/usr/sbin/openvpn --genkey --secret /etc/openvpn/$id.key",
creates => "/etc/openvpn/$id.key",
require => Package['openvpn']
}
file { "/etc/openvpn/tunnel_${id}_${mode}.conf":
content => "$id $mode",
ensure => present
}
}
node 'test.example.com' {
@@tunnel { 'tap6' : id => 6 }
...
}
But exec ran each time I collect the resource on a client notwithstanding it's exported. So each client ended up generating server's private key instead of pulling a real one. How can I solve this problem? The only solution I see is to precompile private keys and use "pupet:///" or hiera.