Re: [Puppet Users] Re: debugging puppet/hiera-eyaml decryption problems?
Following up to my own post... Without changing my manifest data, I managed to get this to work by changing my rpm packages around, from this, which didn't work: hiera-eyaml 2.0 trollop 2.0 highline 1.6.19 To this, which did: hiera-eyaml 1.3.4 trollop 1.16 highline 1.6.20 This didn't work either: hiera-eyaml 2.0 trollop 2.0 highline 1.6.20 I don't have the ruby or packaging expertise to see why this worked, but now things function similarly with /usr/bin/hiera and inside the puppet master. On Thu, Feb 27, 2014 at 09:44:02AM -0500, Christopher Wood wrote: > Here's a sample value. Apart from the length it looks much like yours. (But > your encrypted value appears on a separate line, but possibly word wrap.) > > testing::cwood::param: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEARs4upyGGGEl1Q3HJdh1Rov+IkQO07isMqKWBQiEpC0bT0mreeYAvWtkFZLfYJXQDxeE/kKA5yNa+IiqocOE2fKJG0qFy7l1ShnQt7Z0iS2JUML9bjSayWFMkxiJWtCF4MbM258R/uJe4Km4QtC+iQEh3HMMCO6QSKOrBPvCkTQzr0070XavFrv7H4QgilB0eqG4/FVH+UGGuzYiJ5Rf7u2l1pURbmWrMdMUNS8VoBsRQGspyhE7i2YK2cCsdsFzbKbemLvVv1Df6Lw8LUIhLyRxNyNswhR3s8pxOTP/0CfQiA6pH8A97YfkTxwVUv1XHOIXysTz4LRCXepBWnVttSTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC7hz22XWHaPfVcljFewx4bgCC6jSuzWINAecGO7dw2tGZrBBEGjxhRA922MR9XbarprQ==] > > In the editor (eyaml edit) that looks like: > > testing::cwood::param: DEC(1)::PKCS7[value from hiera, encrypted]! > > (The keys are throwaway, proof of concept keys, available if anybody thinks > they'll help.) > > My eyaml files are all suffixed ".eyaml". I tried ":extension: 'yaml'" but > oddly that didn't work for me, the puppet debug log showed the hiera routine > looking for .eyaml files. > > On Wed, Feb 26, 2014 at 06:51:11PM -0800, William Leese wrote: > >What does the actual yaml containing the encrypted value look like? I've > >had some trouble simply copy & pasting eyaml output into yaml files. I > >found using something like this works best: > >mysql::server::root_password: > > > > ENC[PKCS7,MxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] > >(just incase wordwrap kicks in, that's all on one line). > >Are your yaml files named *.eyaml? > > > >-- > >You received this message because you are subscribed to the Google Groups > >"Puppet Users" group. > >To unsubscribe from this group and stop receiving emails from it, send an > >email to puppet-users+unsubscr...@googlegroups.com. > >To view this discussion on the web visit > > > > [1]https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. > >For more options, visit [2]https://groups.google.com/groups/opt_out. > > > > References > > > >Visible links > >1. > > https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com > >2. https://groups.google.com/groups/opt_out > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/20140227144402.GA1051%40iniquitous.heresiarch.ca. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227175041.GA2880%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: debugging puppet/hiera-eyaml decryption problems?
Here's a sample value. Apart from the length it looks much like yours. (But your encrypted value appears on a separate line, but possibly word wrap.) testing::cwood::param: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEARs4upyGGGEl1Q3HJdh1Rov+IkQO07isMqKWBQiEpC0bT0mreeYAvWtkFZLfYJXQDxeE/kKA5yNa+IiqocOE2fKJG0qFy7l1ShnQt7Z0iS2JUML9bjSayWFMkxiJWtCF4MbM258R/uJe4Km4QtC+iQEh3HMMCO6QSKOrBPvCkTQzr0070XavFrv7H4QgilB0eqG4/FVH+UGGuzYiJ5Rf7u2l1pURbmWrMdMUNS8VoBsRQGspyhE7i2YK2cCsdsFzbKbemLvVv1Df6Lw8LUIhLyRxNyNswhR3s8pxOTP/0CfQiA6pH8A97YfkTxwVUv1XHOIXysTz4LRCXepBWnVttSTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC7hz22XWHaPfVcljFewx4bgCC6jSuzWINAecGO7dw2tGZrBBEGjxhRA922MR9XbarprQ==] In the editor (eyaml edit) that looks like: testing::cwood::param: DEC(1)::PKCS7[value from hiera, encrypted]! (The keys are throwaway, proof of concept keys, available if anybody thinks they'll help.) My eyaml files are all suffixed ".eyaml". I tried ":extension: 'yaml'" but oddly that didn't work for me, the puppet debug log showed the hiera routine looking for .eyaml files. On Wed, Feb 26, 2014 at 06:51:11PM -0800, William Leese wrote: >What does the actual yaml containing the encrypted value look like? I've >had some trouble simply copy & pasting eyaml output into yaml files. I >found using something like this works best: >mysql::server::root_password: > > ENC[PKCS7,MxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] >(just incase wordwrap kicks in, that's all on one line). >Are your yaml files named *.eyaml? > >-- >You received this message because you are subscribed to the Google Groups >"Puppet Users" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to puppet-users+unsubscr...@googlegroups.com. >To view this discussion on the web visit > > [1]https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. >For more options, visit [2]https://groups.google.com/groups/opt_out. > > References > >Visible links >1. > https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com >2. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227144402.GA1051%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: debugging puppet/hiera-eyaml decryption problems?
What does the actual yaml containing the encrypted value look like? I've had some trouble simply copy & pasting eyaml output into yaml files. I found using something like this works best: mysql::server::root_password: ENC[PKCS7,MxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] (just incase wordwrap kicks in, that's all on one line). Are your yaml files named *.eyaml? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
