New hiera.yaml v5 format misses eyaml options #206
Comments
|
Heya, eyaml syntax has changed in v5 see my example below in hiera ---
classes:
- hiera
hiera::hiera_version: '5'
hiera::hiera5_defaults::datadir: 'data'
hiera::hiera5_defaults::data_hash: 'yaml_data'
hiera::manage_package: true
hiera::hierarchy:
- name: 'trusted'
path: 'nodes/%{::trusted.certname}'
lookup_key: 'eyaml_lookup_key'
options:
pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
extension: yamlNote: lookup_key and options |
|
Hey elmobp, hiera_version => '5', hiera5_defaults => {"datadir" => "data", "data_hash" => "yaml_data"}, |
|
For an "approved" module it seems a big gap to not have eyaml working after many months, any plans to fix this? |
|
@dan-wittenberg Eyaml seems to works fine. @flix444 Example below. class { 'hiera':
hiera_version => '5',
hiera5_defaults => {
'datadir' => "${::settings::codedir}/data",
'data_hash' => 'yaml_data'
},
hierarchy => [
# "Common" entry
{ 'name' => 'common', 'path' => 'common.yaml' },
# "Common" entry with Eyaml
{ 'name' => 'e common',
'path' => 'common.eyaml',
'lookup_key' => 'eyaml_lookup_key',
'options' => {
'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem",
'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}
],
keysdir => $keys_dir
# etc etc
} |
|
Agreed. Old issue that appears resolved now so ticket probably needs
updated and closed.
Dan
…On Fri, Apr 13, 2018, 16:15 Bryan Woolsey ***@***.***> wrote:
@dan-wittenberg <https://github.com/dan-wittenberg> Eyaml seems to works
fine.
@flix444 <https://github.com/flix444> Example below.
class { 'hiera':
hiera_version => '5',
hiera5_defaults => {
'datadir' => "${::settings::codedir}/data",
'data_hash' => 'yaml_data'
},
hierarchy => [
# "Common" entry
{ 'name' => 'common', 'path' => 'common.yaml' },
# "Common" entry with Eyaml
{ 'name' => 'e common',
'path' => 'common.eyaml',
'lookup_key' => 'eyaml_lookup_key',
'options' => {
'pkcs7_private_key' => "${keys_dir}/private_key.pkcs7.pem",
'pkcs7_public_key' => "${keys_dir}/public_key.pkcs7.pem"}}
],
keysdir => $keys_dir
# etc etc
}
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#206 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ANCBg1Op5VvU0A6RgS8Wq5WUKOKP5PNlks5toRVwgaJpZM4PaBng>
.
|
|
I do think this issue is somewhat relevant and should remain open. At the very minimum, the README.md could really benefit from a Hiera 5 with eyaml example. I was only able to get mine working because of the examples shown here. The docs made my old Hiera (3?) setup easy but the transition to 5 had me stumped until I got here. Also, if I'm using the same keys for each of my hierarchy paths, is there any way to to provide the |
|
yeah, i agree that the README should be updated to make the differences between hiera v3 and v5 more clear. I'll see if I can open a PR to get the docs into a better state. |
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Update to v3.1.0 with "eyaml => true" in the manifest. Only added hiera_version and hiera5_defaults params and converted hierarchy as is to the new syntax (with only name and path keys).
What are you seeing
Eyaml encryption is no longer working because options hash with private/public keys and required lookup_key are missing from the generated hiera.yaml v5 format.
What behaviour did you expect instead
Eyaml encryption still working just like in the hiera.yaml v3 format.
Any additional information you'd like to impart
I chose not to convert to environment specific hiera.yaml so I use this module to generate global hiera.yaml but just with new v5 format.
The text was updated successfully, but these errors were encountered: