1) Eyaml is setup with public key
2) Hiera.yaml is setup with backends consul, eyaml and yaml.
3) A string is encrypted
4) The encrypted string is mentioned in the below file:
[vagrant@localhost puppet]$ cat /etc/puppetlabs/code/environments/production/hieradata/common.eyaml
---
acl_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAO1pq6DTAY5gNm72gpm+a4N7lJ0l6nG/tam0ShdLq80cTt1hcwBvkipls7n0htlZwXkBgSHgAEjRCkm1fig0nx1Ls1BUqj16kJdld4PtDv/bJni9yOAkGKC3wcEW/pfQ/NZ77VzzHyEHwnmsPzkidxPHQCnqLPpGTQp8rzJVkVhrJhEbwHqGJKpFLpfEVFkF8vlvUC4GwDic8DpGlcTDnv63H9MMVL17Lpufmwi5D5Fjpih+iKNIBV3a8JofCVyIzmK2BeCGimN2HxqaCEyWDSseeSqBg3veB/k7JFf0qMSTk2gVfmTqDCDlv5DH0n3sE/fMaBxQTKrAx4vjY5/iLhDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBOJ4iCWMKoUHJ17LH7zmnUgDCbcnyaV7DNelioPC04kj05fuCB2YlmIkbGfmkXRG2JrmDjJn+QIe3b1cHswYcHJ/A=]
[vagrant@localhost puppet]$
In my manifest:
$token = hiera('acl_token',[])
5) When i do a notify {"token: ${token}":} i get an empty response from hiera.
[vagrant@localhost puppet]$ sudo puppet apply /home/vagrant/hiera_conf/manifests/init.pp
Notice: token : []
Notice: /Stage[main]/Main/Notify[token : []]/message: defined 'message' as 'token : []'
Notice: /Stage[main]/Hiera/File[/etc/puppetlabs/code/hiera.yaml]/ensure: defined content as '{md5}96604da0e1343bcb8fc7f8313dfb5f67'
Hiera.yaml looks like this:
---
:backends:
- eyaml
- consul
- yaml
:logger: console
:hierarchy:
- secure
- "nodes/%{::hostname}"
- common
:eyaml:
:datadir: "/etc/puppetlabs/code/environments/%{::environment}/hieradata"
:pkcs7_private_key: "/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem"
:pkcs7_public_key: "/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem"
:consul:
:host: 127.0.0.1
:port: '8500'
:paths:
- "/v1/catalog/service"
- "/v1/catalog/node"
:yaml:
:datadir: "/etc/puppetlabs/code/environments/%{::environment}/hieradata"
On a side note, if i have the contents of the "eyaml" inside a "yaml" file instead: I get this:
[vagrant@localhost puppet]$ cat /etc/puppetlabs/code/environments/production/hieradata/common.yaml
---
acl_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAO1pq6DTAY5gNm72gpm+a4N7lJ0l6nG/tam0ShdLq80cTt1hcwBvkipls7n0htlZwXkBgSHgAEjRCkm1fig0nx1Ls1BUqj16kJdld4PtDv/bJni9yOAkGKC3wcEW/pfQ/NZ77VzzHyEHwnmsPzkidxPHQCnqLPpGTQp8rzJVkVhrJhEbwHqGJKpFLpfEVFkF8vlvUC4GwDic8DpGlcTDnv63H9MMVL17Lpufmwi5D5Fjpih+iKNIBV3a8JofCVyIzmK2BeCGimN2HxqaCEyWDSseeSqBg3veB/k7JFf0qMSTk2gVfmTqDCDlv5DH0n3sE/fMaBxQTKrAx4vjY5/iLhDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBOJ4iCWMKoUHJ17LH7zmnUgDCbcnyaV7DNelioPC04kj05fuCB2YlmIkbGfmkXRG2JrmDjJn+QIe3b1cHswYcHJ/A=]
Output:
ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAO1pq6DTAY5gNm72gpm+a4N7lJ0l6nG/tam0ShdLq80cTt1hcwBvkipls7n0htlZwXkBgSHgAEjRCkm1fig0nx1Ls1BUqj16kJdld4PtDv/bJni9yOAkGKC3wcEW/pfQ/NZ77VzzHyEHwnmsPzkidxPHQCnqLPpGTQp8rzJVkVhrJhEbwHqGJKpFLpfEVFkF8vlvUC4GwDic8DpGlcTDnv63H9MMVL17Lpufmwi5D5Fjpih+iKNIBV3a8JofCVyIzmK2BeCGimN2HxqaCEyWDSseeSqBg3veB/k7JFf0qMSTk2gVfmTqDCDlv5DH0n3sE/fMaBxQTKrAx4vjY5/iLhDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBOJ4iCWMKoUHJ17LH7zmnUgDCbcnyaV7DNelioPC04kj05fuCB2YlmIkbGfmkXRG2JrmDjJn+QIe3b1cHswYcHJ/A=][vagrant@localhost puppet]$
Update: This is the output of the debug:
[vagrant@localhost ~]$ hiera -d 'acl_token' environment=production
DEBUG: 2016-12-09 22:35:54 +0000: Hiera YAML backend starting
DEBUG: 2016-12-09 22:35:54 +0000: Looking up acl_token in YAML backend
DEBUG: 2016-12-09 22:35:54 +0000: Ignoring bad definition in :hierarchy: 'nodes/'
DEBUG: 2016-12-09 22:35:54 +0000: Looking for data source common
DEBUG: 2016-12-09 22:35:54 +0000: Found acl_token in common
ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAO1pq6DTAY5gNm72gpm+a4N7lJ0l6nG/tam0ShdLq80cTt1hcwBvkipls7n0htlZwXkBgSHgAEjRCkm1fig0nx1Ls1BUqj16kJdld4PtDv/bJni9yOAkGKC3wcEW/pfQ/NZ77VzzHyEHwnmsPzkidxPHQCnqLPpGTQp8rzJVkVhrJhEbwHqGJKpFLpfEVFkF8vlvUC4GwDic8DpGlcTDnv63H9MMVL17Lpufmwi5D5Fjpih+iKNIBV3a8JofCVyIzmK2BeCGimN2HxqaCEyWDSseeSqBg3veB/k7JFf0qMSTk2gVfmTqDCDlv5DH0n3sE/fMaBxQTKrAx4vjY5/iLhDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBOJ4iCWMKoUHJ17LH7zmnUgDCbcnyaV7DNelioPC04kj05fuCB2YlmIkbGfmkXRG2JrmDjJn+QIe3b1cHswYcHJ/A=]
[vagrant@localhost ~]$
[vagrant@localhost ~]$ sudo rm /etc/puppetlabs/code/environments/production/hieradata/common.yaml
[vagrant@localhost ~]$ hiera -d 'acl_token' environment=production
DEBUG: 2016-12-09 22:41:09 +0000: Hiera YAML backend starting
DEBUG: 2016-12-09 22:41:09 +0000: Looking up acl_token in YAML backend
DEBUG: 2016-12-09 22:41:09 +0000: Ignoring bad definition in :hierarchy: 'nodes/'
DEBUG: 2016-12-09 22:41:09 +0000: Looking for data source common
DEBUG: 2016-12-09 22:41:09 +0000: Cannot find datafile /etc/puppetlabs/code/environments/production/hieradata/common.yaml, skipping
nil
[vagrant@localhost ~]$
Permissions on keys are as follows:
[vagrant@localhost ~]$ ls -la /etc/puppetlabs/puppet/keys/
total 8
drwxr-xr-x. 2 puppet puppet 61 Dec 8 22:05 .
drwxr-xr-x. 4 root root 78 Dec 8 21:36 ..
-rw-------. 1 puppet puppet 1675 Dec 8 22:05 private_key.pkcs7.pem
-rw-r--r--. 1 puppet puppet 1050 Dec 8 22:05 public_key.pkcs7.pem
↧