Security: mongodb

If you don't have auth on mongo servers which are open for all your network hacker could:
— use system commands like: ls (), cat (), removeFile (), fuzzFile ().
— use command: load (), which loads javascript script
— also he could enable auth for your instances and you loose control
— detect if it's a windows or linux host by _isWindows ()

Puppet: apt-get update before Package installation

Obvious way:

1
2
3
4
package {
        'pssh': ensure => 'present',
         require  => Exec['apt-get update']
}

But if you have several package definitions with Exec in each of them — apt-get update will be executed several times.

I found a better way:

1
2
3
4
exec { "apt-update":
        command => "/usr/bin/apt-get update",
    }
Exec["apt-update"] -> Package <| |>

It'll execute apt-get update one time before Packages.