|
This has been validated on Ubuntu 14.04 using puppet-agent at SHA 38d6e2b which includes puppet at SHA 9e64c1417
FYI: Reproducing this on puppet 4.9.2 resulted in the following error
Error: Could not run: Lookup of key 'lookup_options' failed: : Unable to find 'lookup_key' function named 'eyaml_lookup_key'
|
Steps to reproduce
Install puppet agent
This was done using the puppet acceptance ci:test:aio rake task
SHA=38d6e2bb8d9c6eb1157e91d813313e7110f3b455 SUITE_VERSION=1.9.2.35.g38d6e2b TEST_TARGET=ubuntu1404-64a OPTIONS='--preserve-hosts=always' be rake ci:test:aio TESTS=tests/lookup
|
Create a global hiera 5 config with an interpolated options value
The hiera-eyaml backend requires values in the options hash. So, the hiera-eyaml backend was used to test this.
cat > /etc/puppetlabs/puppet/hiera.yaml <<EOF
|
version: 5
|
defaults:
|
datadir: data
|
data_hash: yaml_data
|
hierarchy:
|
- name: "Per-OS defaults"
|
path: "os/%{facts.os.family}.yaml"
|
- name: "secret data (encrypted)"
|
lookup_key: eyaml_lookup_key
|
path: "secrets.eyaml"
|
options:
|
pkcs7_private_key: "/etc/puppetlabs/puppet/eyaml/os/%{facts.os.family}/private_key.pkcs7.pem"
|
pkcs7_public_key: "/etc/puppetlabs/puppet/eyaml/os/%{facts.os.family}/public_key.pkcs7.pem"
|
- name: "Other"
|
path: "common.yaml"
|
EOF
|
Configure hiera-eyaml in accordance with the interpolation value
/opt/puppetlabs/puppet/bin/gem install hiera-eyaml
|
/opt/puppetlabs/puppet/bin/eyaml createkeys
|
mkdir -p /etc/puppetlabs/puppet/eyaml/os/$(facter os.family)
|
mv keys/* /etc/puppetlabs/puppet/eyaml/os/$(facter os.family)/
|
cat > /etc/puppetlabs/puppet/data/secrets.eyaml <<EOF
|
---
|
$(/opt/puppetlabs/puppet/bin/eyaml encrypt --pkcs7-private-key=/etc/puppetlabs/puppet/eyaml/os/$(facter os.family)/private_key.pkcs7.pem --pkcs7-public-key=/etc/puppetlabs/puppet/eyaml/os/$(facter os.family)/public_key.pkcs7.pem -o block -l test_7293 -s 'test')
|
EOF
|
Verify that the test value can be retrieved
# puppet lookup test_7293
|
--- test
|
...
|
|
