We're still using Puppet 2.7, but looking at our puppet-gpg config the
only major difference I see is we use :key_dir for the gpg key's instead
of the puppet users home directory. So our hiera.yaml file looks like:
# Hiera configuration file
---
:backends:
- yaml
- gpg
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
:key_dir: /srv/keyrings
:hierarchy:
- hosts/%{fqdn}
- %{environment}/hostgroups/%{hostgroup}
- hostgroups/%{hostgroup}
- %{environment}/servicegroups/%{servicegroup}
- servicegroups/%{servicegroup}
- %{environment}/%{calling_module}
- %{calling_module}
- %{environment}
- global
Of course you have to have the gpgme rpm and the gpgme ruby gem
installed on all your puppet masters. We install the same password-less
gpg private key on all the puppet masters and encrypt the yaml files
with the corresponding public key. .
JMN
On 9/3/2013 5:57 PM, Worker Bee wrote:
Has anyone been able to get this working?
For some reason, I am unable to get values decrypted via a puppet run,
despite being able to decrpyt via command line....
I am starting to wonder if there is a bug or something I am missing??
I SO appreciate ANY help!
__________________________________________
/etc/puppet/hiera.yaml
---
:backends: - gpg
- yaml
:logger: console
:hierarchy: - %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
________________________________________________
Here is my init.pp file
# Class: testdecry
#
# [Remember: No empty lines between comments and class definition]
class testdecry {
$env = 'live'
$pass = hiera("rootpwd")
notify{"The value is: ${pass}":}
}
________________________________________________________
My encrypted file is in:
/etc/puppet/hieradata/live
[root@me]# ls
testdecry.gpg
_______________________________________________
Command line works:
[root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=testdecry env=live
rootpass
________________________________________________
Running via puppet fails
[root@me]# puppet agent --test
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: can't convert nil into String at
/etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net
<http://me.net>
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I am totally at a loss here....
Thanks!
Bee
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
