Using Puppet to modify files on remote server

Question

We have a class which installs and configures OpenVPN. However, in order for the server to authenticate users, we need to create an entry in a configuration file on our radius authentication servers (which are not currently managed by Puppet but could be if neccessary to resolve this issue).

Would the best solution to automate this when a new OpenVPN server is provisioned be to use an exec resource to script an SSH connection to the authentication servers? The exec would use the 'creates' parameter to ensure the exec is idempotent. Or is there a better solution in terms of simplicity and security that anyone might suggest?

Answer 1

The best approach I think would be to use exported resources. This allows you to manage resources on the OpenVPN server, export those resources to the Puppet master and then collect and use them on the Radias servers.