Open mmarseglia opened 6 years ago
@mmarseglia I believe you need to put it in double quotes:
options:
pkcs7_private_key: "%{confdir}/keys/private_key.pkcs7.pem"
pkcs7_public_key: "%{confdir}/keys/public_key.pkcs7.pem"
I tried that and I get this error on the puppet agent.
[root@agent2 vagrant]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, No such file or directory - /keys/private_key.pkcs7.pem at /vagrant/site/roles/manifests/manifest.pp:11:3 on node agent2.vagrant.vm
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
hieral.yaml
[root@master production]# cat hiera.yaml
---
version: 5
defaults:
datadir: hieradata
hierarchy:
- name: "Encrypted YAML"
lookup_key: eyaml_lookup_key
paths:
- "secrets/nodes/%{clientcert}.eyaml"
- "secrets/global.eyaml"
options:
pkcs7_private_key: "%{confdir}/keys/private_key.pkcs7.pem"
pkcs7_public_key: "%{confdir}/keys/public_key.pkcs7.pem"
- name: "Plaintext YAML"
data_hash: yaml_data
paths:
- "nodes/%{clientcert}.yaml"
- "global.yaml"
${confdir} should be /etc/puppetlabs/puppet
, right?
Here's where I'm storing the keys:
[root@master puppetlabs]# ls -lAF /etc/puppetlabs/puppet/keys/
total 8
-rw-r--r-- 1 root root 1679 Dec 6 13:50 private_key.pkcs7.pem
-rw-r--r-- 1 root root 1050 Dec 20 15:10 public_key.pkcs7.pem
You can check confdir with puppet config print confdir
(or maybe puppetserver puppet config print confdir
?), but it could also be that confdir isn't a fact and that is why it is not available. The sample at https://puppet.com/docs/puppet/4.10/hiera_config_yaml_5.html does not show use of anything other than facts in interpolation.
I don't think this issue is with eyaml, but with hiera itself.
Discussion on slack indicates that confdir
is not available to the master. However %{settings::confdir}
should be, per https://puppet.com/docs/puppet/5.3/lang_facts_and_builtin_vars.html.
I'm using hiera-eyaml and wanted to dynamically set the path for the public and private key. I tried using:
But %{confdir} isn't interpolated and the resulting path is
/keys/public_key.pkcs7.pem
. Am I doing something wrong or is this not supported?