search

voxpupuli / puppet-hiera

Hiera hierarchy module for templating `hiera.yaml`
https://forge.puppet.com/puppet/hiera
Apache License 2.0
32 stars 104 forks source link

New hiera.yaml v5 format misses eyaml options #206

Open tmannerm opened 6 years ago

tmannerm commented 6 years ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

Update to v3.1.0 with "eyaml => true" in the manifest. Only added hiera_version and hiera5_defaults params and converted hierarchy as is to the new syntax (with only name and path keys).

What are you seeing

Eyaml encryption is no longer working because options hash with private/public keys and required lookup_key are missing from the generated hiera.yaml v5 format.

What behaviour did you expect instead

Eyaml encryption still working just like in the hiera.yaml v3 format.

Any additional information you'd like to impart

I chose not to convert to environment specific hiera.yaml so I use this module to generate global hiera.yaml but just with new v5 format.

elmobp commented 6 years ago

Heya,

eyaml syntax has changed in v5 see my example below in hiera

---
classes:
  - hiera

hiera::hiera_version: '5'
hiera::hiera5_defaults::datadir: 'data'
hiera::hiera5_defaults::data_hash: 'yaml_data'
hiera::manage_package: true
hiera::hierarchy:
  - name: 'trusted'
    path: 'nodes/%{::trusted.certname}'
    lookup_key: 'eyaml_lookup_key'
    options:
      pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
      pkcs7_public_key:  /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
      extension: yaml

Note: lookup_key and options

flix444 commented 6 years ago

Hey elmobp, how i use this in a separated module? ` class { 'hiera':

hiera_version => '5',

hiera5_defaults => {"datadir" => "data", "data_hash" => "yaml_data"}, }
`

dan-wittenberg commented 6 years ago

For an "approved" module it seems a big gap to not have eyaml working after many months, any plans to fix this?

ragnarkon commented 6 years ago

@dan-wittenberg Eyaml seems to works fine.

@flix444 Example below.

class { 'hiera':
  hiera_version => '5',
  hiera5_defaults => {
    'datadir' => "${::settings::codedir}/data",
    'data_hash' => 'yaml_data'
  },
  hierarchy           => [
    # "Common" entry
    { 'name' => 'common', 'path' => 'common.yaml' },
    # "Common" entry with Eyaml
    { 'name' => 'e common',
      'path' => 'common.eyaml',
      'lookup_key' => 'eyaml_lookup_key',
      'options' => {
        'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem",
        'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}
  ],
  keysdir => $keys_dir
  # etc etc
}
dan-wittenberg commented 6 years ago

Agreed. Old issue that appears resolved now so ticket probably needs updated and closed.

Dan

On Fri, Apr 13, 2018, 16:15 Bryan Woolsey notifications@github.com wrote:

@dan-wittenberg https://github.com/dan-wittenberg Eyaml seems to works fine.

@flix444 https://github.com/flix444 Example below.

class { 'hiera': hiera_version => '5', hiera5_defaults => { 'datadir' => "${::settings::codedir}/data", 'data_hash' => 'yaml_data' }, hierarchy => [

"Common" entry

{ 'name' => 'common', 'path' => 'common.yaml' },
# "Common" entry with Eyaml
{ 'name' => 'e common',
  'path' => 'common.eyaml',
  'lookup_key' => 'eyaml_lookup_key',
  'options' => {
    'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem",
    'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}

], keysdir => $keys_dir

etc etc

}

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/voxpupuli/puppet-hiera/issues/206#issuecomment-381262466, or mute the thread https://github.com/notifications/unsubscribe-auth/ANCBg1Op5VvU0A6RgS8Wq5WUKOKP5PNlks5toRVwgaJpZM4PaBng .

jflorian commented 5 years ago

I do think this issue is somewhat relevant and should remain open. At the very minimum, the README.md could really benefit from a Hiera 5 with eyaml example. I was only able to get mine working because of the examples shown here. The docs made my old Hiera (3?) setup easy but the transition to 5 had me stumped until I got here.

Also, if I'm using the same keys for each of my hierarchy paths, is there any way to to provide the lookup_key and/or options in the hiera5_defaults (or elsewhere) so as to not have to repeat that for every single hierarchy path? Flexible: yes; concise no.

cabrinha commented 5 years ago

yeah, i agree that the README should be updated to make the differences between hiera v3 and v5 more clear.

I'll see if I can open a PR to get the docs into a better state.