Comments (6)
cwells
commented on August 16, 2024
Having the same issue. I can query a value using hiera on the puppet master, but the agent is unable to find it.
---
:backends:
- eyaml
- yaml
:yaml:
:datadir: /etc/puppetlabs/puppet/hieradata
:eyaml:
:datadir: /etc/puppetlabs/puppet/hieradata
:pkcs7_private_key: /etc/puppetlabs/puppet/secure/keys/private_key.pkcs7.pem
:pkcs7_public_key: /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem
:hierarchy:
- environments/%{::enviroment}
- hosts/%{::fqdn}
- datacenters/%{::datacenter}
- passwords
- users
- common
passwords.eyaml:
---
sanpasswd: >
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAw
DQYJKoZIhvcNAQEBBQAEggEAypgw/O4KF5fGJmFnAzcNws/FJG3fjAGxgBxE
...
bpugwTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAlMIVlHd6egfWMFWPR
LfJ2gCCpaZ0LIe8Uj+2ArmwRfOzBeegLfXi8Vl7CJLC1v/sJEQ==]
On the Puppet master:
# hiera -c /etc/puppetlabs/puppet/hiera.yaml sanpasswd
redacted_password
On the node:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item sanpasswd in any Hiera data file and no default supplied at /etc/puppetlabs/puppet/environments/production/site/mountpoint/manifests/init.pp:51 on node ...
Using Puppet Enterprise 3.0.1 (Puppet 3.2.4), CentOS 6, eyaml 2.0
from hiera-eyaml.
cwells
commented on August 16, 2024
Got it. Puppet Enterprise runs under Passenger. You have to restart pe-httpd to get the Puppet master to pick up the config changes.
from hiera-eyaml.
sihil
commented on August 16, 2024
Good to hear. Does that solve it for you too @wernerbahlke?
from hiera-eyaml.
cwells
commented on August 16, 2024
@wernerbahlke
As an aside, I've been unable to ascertain which process reads the secure/keys directory (doesn't appear to be pe-puppet or pe-httpd), so I ended up having to have insecure permissions on those directories until I can get a ticket in with Puppetlabs. You'll probably have the same issue.
from hiera-eyaml.
wernerbahlke
commented on August 16, 2024
Alas, no. Just tried to stop/start pe-httpd but no luck. In the meanwhile I discovered that I have two version of hiera. One in /usr/local/bin and one in /opt/puppet/bin. Only the one in /usr/local/bin gives me the unencrypted password with hiera -c hiera.yaml rootpwd. If I use the one in /opt/puppet/bin I get:
Cannot load backend eyaml: cannot load such file -- hiera/backend/eyaml_backend.
I had googled this before and there was a bug which should be fixed. I have upgraded hiera-eyaml to 2.0.0.
If I replace Puppet's hiera with the newer one in /usr/local/bin (hiera 1.3.0) using a symlink my hiera -c works again but still I get the data item not found.
The newer hiera was installed as a gem when I tried hiera-gpg.
Werner
from hiera-eyaml.
ltutar
commented on August 16, 2024
I also had the 400 error. eyaml commands were working but not hiera-eyaml.
default gem install uses the wrong gem environment. puppet uses a different one.
use /opt/puppet/bin/gem to install hiera-eyaml instead of default /usr/local/bin/gem
from hiera-eyaml.
Related Issues (20)
- Recrypt shouldn't default to changing encryption
- Automatically convert encrypted values to Sensitive[T] HOT 4
- Error during hiera-eyaml gem installation
- hiera-eyaml Error was PKCS7[Method: 112, Reason: 115, Data: null] when using mutiple public private keys HOT 2
- Concerns about the encrypted? method HOT 2
- Gpg recrypt emits error about missing pkcs7 key HOT 2
- Using `3.2.1` for editing an eyaml created with `3.2.0` will mess up formatting HOT 11
- Subsequent "eyaml encrypt -s test" calls return different signatures HOT 2
- Incompatability with ruby 3.1.0 HOT 7
- lookup example with default parameter if decrypt fails HOT 3
- get return values instead of fatal errors
- Unable to encrypt string that begins with two or more hyphens (dashes) HOT 1
- Ruby >= 2.5.0 silently required since hiera-eyaml v3.2.3?
- Uneeded config warnings when using keys in env vars ([pkcs7] both public_key and public_key_env_var specified, using public_key)
- Allow execution of Puppet functions from Hiera HOT 4
- Allow Hash keys as Array HOT 2
- Encrypt yaml file on my workstation and push to git HOT 1
- Remote Code Execution vulnerability in the hiera-eyaml tool HOT 2
- Release a new version HOT 2
- multi-line yaml broken in decrypt output
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hiera-eyaml.