How to setup hiera-eyaml for puppet masterless windows servers?

[goutham27]

Hi,

I am trying to setup hiera-eyaml for our puppet -masterless windows servers. Could you pls let me know how to set it up?

So far I have installed the gem using puppet packaged ruby, created keys added them to hiera.yaml file But it is not working when i ran puppet-apply..it just copies the encrypted value it doesn't decrypt it.

    ---
:backends:
  - eyaml
  - yaml
:hierarchy:
  - "%{::clientcert}"
  - "%{::osfamily}"
:logger: console
:yaml:
  :datadir: data
:eyaml:
  :datadir: data
  :pkcs7_private_key: keys/private_key.pkcs7.pem
  :pkcs7_public_key: keys/public_key.pkcs7.pem
  :extension: 'yaml'

[ncjones]

I got stuck for nearly a day with the same symptoms for masterless Puppet on Linux. Here are some of the things to look out for:

• make sure the --hiera_config param for puppet apply is pointing at your hiera.yaml.
• make sure hiera.yaml uses Ruby symbols, not strings, for config keys (eg: should be ":backends:" not "backends:").
• make sure hiera-eyaml gem is installed with Puppet's bundled Ruby (eg: /opt/puppetlabs/puppet/bin/gem install hiera-eyaml:2.1.0).

If this is still not working then it helps to use puppet apply with the --debug flag. If still no insights then it's time to get out the debugger. Install pry and pry-byebug gems:

/opt/puppetlabs/puppet/bin/gem install pry pry-byebug

Then set your breakpoint by adding the following to line the "hiera_config" function (line 59 of "/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/hiera_puppet.rb"):

require 'pry'
binding.pry

Next time you run puppet apply you'll hit the breakpoint in the pry repl. You can use the pry-byebug commands to control the debugger (eg, "step", "next", "continue", "up", "down") and use pry as normal to inspect variable state.

[petemounce]

For future googlers, I was able to install hiera-eyaml on Windows into puppet's vendored ruby by

Invoke-WebRequest 'https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem' -UseBasicParsing -OutFile 'GlobalSignRootCA.pem'
$ruby_gems_location = & 'C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin\gem.bat' which rubygems | split-path
mv "GlobalSignRootCA.pem" "$ruby_gems_location/rubygems/ssl_certs"

& 'C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin\gem.bat' install --no-ri --no-rdoc hiera-eyaml

I install puppet-agent 4.10.2 for Windows, which comes with a version of rubygems that doesn't have the GlobalSignRootCA cert, and the manual instructions at http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages are basically what the first few lines of script do.

If you're not using puppet, dear future reader, your ruby will be in a different place than puppet's vendored one.

[manheraz]

Thank you, @petemounce!

My setup:

• Windows 10 Pro 1709 x64
• Puppet Agent (64-bit) 5.3.3
• Puppet Development Kit 1.4.1
• NOT masterless

In my case, the last line was the only one required to install hiera-eyaml:

& 'C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin\gem.bat' install --no-ri --no-rdoc hiera-eyaml

It should be executed from an elevated (with administrator privileges) PowerShell shell.