Following up to my own post... Without changing my manifest data, I managed to get this to work by changing my rpm packages around, from this, which didn't work:
hiera-eyaml 2.0 trollop 2.0 highline 1.6.19 To this, which did: hiera-eyaml 1.3.4 trollop 1.16 highline 1.6.20 This didn't work either: hiera-eyaml 2.0 trollop 2.0 highline 1.6.20 I don't have the ruby or packaging expertise to see why this worked, but now things function similarly with /usr/bin/hiera and inside the puppet master. On Thu, Feb 27, 2014 at 09:44:02AM -0500, Christopher Wood wrote: > Here's a sample value. Apart from the length it looks much like yours. (But > your encrypted value appears on a separate line, but possibly word wrap.) > > testing::cwood::param: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEARs4upyGGGEl1Q3HJdh1Rov+IkQO07isMqKWBQiEpC0bT0mreeYAvWtkFZLfYJXQDxeE/kKA5yNa+IiqocOE2fKJG0qFy7l1ShnQt7Z0iS2JUML9bjSayWFMkxiJWtCF4MbM258R/uJe4Km4QtC+iQEh3HMMCO6QSKOrBPvCkTQzr0070XavFrv7H4QgilB0eqG4/FVH+UGGuzYiJ5Rf7u2l1pURbmWrMdMUNS8VoBsRQGspyhE7i2YK2cCsdsFzbKbemLvVv1Df6Lw8LUIhLyRxNyNswhR3s8pxOTP/0CfQiA6pH8A97YfkTxwVUv1XHOIXysTz4LRCXepBWnVttSTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC7hz22XWHaPfVcljFewx4bgCC6jSuzWINAecGO7dw2tGZrBBEGjxhRA922MR9XbarprQ==] > > In the editor (eyaml edit) that looks like: > > testing::cwood::param: DEC(1)::PKCS7[value from hiera, encrypted]! > > (The keys are throwaway, proof of concept keys, available if anybody thinks > they'll help.) > > My eyaml files are all suffixed ".eyaml". I tried ":extension: 'yaml'" but > oddly that didn't work for me, the puppet debug log showed the hiera routine > looking for .eyaml files. > > On Wed, Feb 26, 2014 at 06:51:11PM -0800, William Leese wrote: > > What does the actual yaml containing the encrypted value look like? I've > > had some trouble simply copy & pasting eyaml output into yaml files. I > > found using something like this works best: > > mysql::server::root_password: > > > > ENC[PKCS7,MxxxxxxxxxxxxxxxxxxxxxxxxxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] > > (just incase wordwrap kicks in, that's all on one line). > > Are your yaml files named *.eyaml? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > > > [1]https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. > > For more options, visit [2]https://groups.google.com/groups/opt_out. > > > > References > > > > Visible links > > 1. > > https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com > > 2. https://groups.google.com/groups/opt_out > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/20140227144402.GA1051%40iniquitous.heresiarch.ca. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227175041.GA2880%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
