Same, all files here are eyaml.
On Fri, Jul 08, 2016 at 11:04:11AM -0700, Andrew Grimberg wrote:
> Our team completely dropped the yaml backend as we always ended up with
> weird issues of hiera not always finding the yaml. Doesn't matter if we
> don't actually have anything encrypted in the eyaml file, all files for
> us are eyaml now.
>
> -Andy-
>
> On 07/08/2016 10:37 AM, dkoleary wrote:
> > I'll be damned.. that was it. Well, I don't feel so bad about that one.
> >
> > Thank you very much!
> >
> > On Friday, July 8, 2016 at 12:33:02 PM UTC-5, Michael Watters wrote:
> >
> > I think I ran into a similar issue before. Try putting "eyaml" as
> > the first backend to see if that helps.
> >
> > Here's a copy of our hiera.yaml file which works.
> >
> > |
> > ---
> > :backends:
> > -eyaml
> > -yaml
> >
> >
> > :hierarchy:
> > -"nodes/%{::trusted.certname}"
> > -common
> >
> >
> > :yaml:
> > # datadir is empty here, so hiera uses its defaults:
> > # # - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
> > # # -
> > %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata on
> > Windows
> > # # When specifying a datadir, make sure the directory exists.
> > # :datadir:
> >
> >
> > :eyaml:
> > :extension:'yaml'
> >
> > :pkcs7_private_key:'/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem'
> >
> > :pkcs7_public_key: '/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem'
> > |
> >
> >
> >
> > On Friday, July 8, 2016 at 1:09:02 PM UTC-4, dkoleary wrote:
> >
> > Hi;
> >
> > I have hiera.eyaml installed and functional from the CLI;
> > however, when I attempt to use it in a module, the encrypted
> > string is being used rather than the decrypted value.
> >
> > I have to be missing something mind numbingly simple; but, I've
> > been through the doc
> > at https://github.com/TomPoulton/hiera-eyaml
> > <https://github.com/TomPoulton/hiera-eyaml> so many times it's
> > starting to blur. Can someone tell me waht I messed up?
> >
> > From the CLI:
> >
> > |
> > -bash-4.1$ cat nap1d030.yaml
> > ---
> > # mpintp::source: 'ntp.conf.dmz'
> > # mpisyslog::el6::source: 'mpi-custom.conf'
> > mpisshd::enabled:false
> > mpiroot::pwd:>
> >
> >
> > ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
> > DQYJKoZIhvcNAQEBBQAEggEAANy7eyKzeNLVeNqF3h4qM5pEw38G8yWJOezA
> > SQ72MugY8FgwIWNsE2TmS3W2jBe1/zTAggd5p79RBubIdfL5DDPjjNTimzgV
> > k0qppx3EefolMSzphfvVv5JOz8ue13OvpzFV/MM5qZLhOeUFAIUY3NM9RqHN
> > PVM/woxhpnjMStlKXGakJYxLrf8ucMLh5WrW7JpN0jvjjVlVJjGsLaqygUsC
> > alJ3zQkgxtaR0SCCgvvsJ2wYCs82fVnuFf6d0g4cPPCGnT3CtNFFffQMlwTt
> > uEErGyKswxMPnKWybFNLYj+cVOhbLf946CMzCUcpWUIdHBnT3BcAi4qiryJF
> > 6O91WzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA5QFyFpSmqqxUlAByZ
> > qFWsgBDY6tjQ9Pbb4nRHCvkI29ve]
> >
> >
> > -bash-4.1$ eyaml decrypt -f ./nap1d030.yaml
> > [hiera-eyaml-core]Loadedconfig
> > from/opt/puppetlabs/server/data/puppetserver/.eyaml/config.yaml
> > ---
> > # mpintp::source: 'ntp.conf.dmz'
> > # mpisyslog::el6::source: 'mpi-custom.conf'
> > mpisshd::enabled:false
> > mpiroot::pwd:snipped
> > |
> >
> > The test module just does a notify:
> >
> > |
> > classmpiroot (
> > $pwd,
> > ){
> >
> > notify {"Password: ${pwd}":}
> > }
> > |
> >
> >
> > And the run shows the encrypted string:
> >
> > |
> > $ sudo puppet agent -t
> > Notice:Localenvironment:'production'doesn't match server
> > specified node environment 'dkoleary', switching agent to
> > 'dkoleary'.
> > Info: Retrieving pluginfacts
> > Info: Retrieving plugin
> > Info: Loading facts
> > Info: Caching catalog for nap1d030.multiplan.com
> > <http://nap1d030.multiplan.com>
> > Info: Applying configuration version '1467996521'
> > Notice: Password:
> >
> > ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
> > DQYJKoZIhvcNAQEBBQAEggEAANy7eyKzeNLVeNqF3h4qM5pEw38G8yWJOezA
> > SQ72MugY8FgwIWNsE2TmS3W2jBe1/zTAggd5p79RBubIdfL5DDPjjNTimzgV
> > k0qppx3EefolMSzphfvVv5JOz8ue13OvpzFV/MM5qZLhOeUFAIUY3NM9RqHN
> > PVM/woxhpnjMStlKXGakJYxLrf8ucMLh5WrW7JpN0jvjjVlVJjGsLaqygUsC
> > alJ3zQkgxtaR0SCCgvvsJ2wYCs82fVnuFf6d0g4cPPCGnT3CtNFFffQMlwTt
> > uEErGyKswxMPnKWybFNLYj+cVOhbLf946CMzCUcpWUIdHBnT3BcAi4qiryJF
> > 6O91WzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA5QFyFpSmqqxUlAByZ
> > qFWsgBDY6tjQ9Pbb4nRHCvkI29ve]
> > [[snip]]
> >
> > |
> >
> > The hiera.yaml file and keys:
> >
> > |
> > ---
> > :backends:
> > -yaml
> > -eyaml
> > :hierarchy:
> > -"hosts/%{facts.hostname}"
> > -"environments/%{facts.environment}"
> > -"host_env/%{facts.env}"
> > -"dc/%{facts.dc}"
> > -"os/%{facts.operatingsystemmajrelease}"
> > -common
> > :yaml:
> > :datadir:/etc/puppetlabs/code/hieradata
> > :eyaml:
> > :extension:'yaml'
> > :datadir:/etc/puppetlabs/code/hieradata
> >
> > :pkcs7_private_key:/etc/puppetlabs/secure/keys/private_key.pkcs7.pem
> > :pkcs7_public_key:/etc/puppetlabs/secure/keys/public_key.pkcs7.pem
> >
> >
> > -bash-4.1$ ls -ld
> > /etc/puppetlabs/secure/keys/{public,private}_key*.pem
> > -r--------.1puppet puppet
> > 1675Jul 811:28/etc/puppetlabs/secure/keys/private_key.pkcs7.pem
> > -r--------.1puppet puppet
> > 1050Jul 811:28/etc/puppetlabs/secure/keys/public_key.pkcs7.pem
> > |
> >
> > Any hints/tips, etc gratefully accepted.
> >
> > Thanks
> >
> > Doug
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to puppet-users+unsubscr...@googlegroups.com
> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/puppet-users/dfb92848-7713-4643-9690-1680c3e62348%40googlegroups.com
> > <https://groups.google.com/d/msgid/puppet-users/dfb92848-7713-4643-9690-1680c3e62348%40googlegroups.com?utm_medium=email&utm_source=footer>.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/577FEB1B.5060001%40bardicgrove.org.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20160708191530.GA31510%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.
