Open tmannerm opened 6 years ago
Heya,
eyaml syntax has changed in v5 see my example below in hiera
---
classes:
- hiera
hiera::hiera_version: '5'
hiera::hiera5_defaults::datadir: 'data'
hiera::hiera5_defaults::data_hash: 'yaml_data'
hiera::manage_package: true
hiera::hierarchy:
- name: 'trusted'
path: 'nodes/%{::trusted.certname}'
lookup_key: 'eyaml_lookup_key'
options:
pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
extension: yaml
Note: lookup_key and options
Hey elmobp, how i use this in a separated module? ` class { 'hiera':
hiera_version => '5',
hiera5_defaults => {"datadir" => "data", "data_hash" => "yaml_data"},
}
`
For an "approved" module it seems a big gap to not have eyaml working after many months, any plans to fix this?
@dan-wittenberg Eyaml seems to works fine.
@flix444 Example below.
class { 'hiera':
hiera_version => '5',
hiera5_defaults => {
'datadir' => "${::settings::codedir}/data",
'data_hash' => 'yaml_data'
},
hierarchy => [
# "Common" entry
{ 'name' => 'common', 'path' => 'common.yaml' },
# "Common" entry with Eyaml
{ 'name' => 'e common',
'path' => 'common.eyaml',
'lookup_key' => 'eyaml_lookup_key',
'options' => {
'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem",
'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}
],
keysdir => $keys_dir
# etc etc
}
Agreed. Old issue that appears resolved now so ticket probably needs updated and closed.
Dan
On Fri, Apr 13, 2018, 16:15 Bryan Woolsey notifications@github.com wrote:
@dan-wittenberg https://github.com/dan-wittenberg Eyaml seems to works fine.
@flix444 https://github.com/flix444 Example below.
class { 'hiera': hiera_version => '5', hiera5_defaults => { 'datadir' => "${::settings::codedir}/data", 'data_hash' => 'yaml_data' }, hierarchy => [
"Common" entry
{ 'name' => 'common', 'path' => 'common.yaml' }, # "Common" entry with Eyaml { 'name' => 'e common', 'path' => 'common.eyaml', 'lookup_key' => 'eyaml_lookup_key', 'options' => { 'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem", 'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}
], keysdir => $keys_dir
etc etc
}
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/voxpupuli/puppet-hiera/issues/206#issuecomment-381262466, or mute the thread https://github.com/notifications/unsubscribe-auth/ANCBg1Op5VvU0A6RgS8Wq5WUKOKP5PNlks5toRVwgaJpZM4PaBng .
I do think this issue is somewhat relevant and should remain open. At the very minimum, the README.md could really benefit from a Hiera 5 with eyaml example. I was only able to get mine working because of the examples shown here. The docs made my old Hiera (3?) setup easy but the transition to 5 had me stumped until I got here.
Also, if I'm using the same keys for each of my hierarchy paths, is there any way to to provide the lookup_key
and/or options
in the hiera5_defaults
(or elsewhere) so as to not have to repeat that for every single hierarchy path? Flexible: yes; concise no.
yeah, i agree that the README should be updated to make the differences between hiera v3 and v5 more clear.
I'll see if I can open a PR to get the docs into a better state.
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Update to v3.1.0 with "eyaml => true" in the manifest. Only added hiera_version and hiera5_defaults params and converted hierarchy as is to the new syntax (with only name and path keys).
What are you seeing
Eyaml encryption is no longer working because options hash with private/public keys and required lookup_key are missing from the generated hiera.yaml v5 format.
What behaviour did you expect instead
Eyaml encryption still working just like in the hiera.yaml v3 format.
Any additional information you'd like to impart
I chose not to convert to environment specific hiera.yaml so I use this module to generate global hiera.yaml but just with new v5 format.