I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...

Notice if I attempt to decrypt vi the command line and do not indicate
"env=live",  it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass


________________________________________________________________________________
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
           - gpg

:logger: console

:hierarchy: - %{env}/%{location}/%{calling_module}
            - %{env}/%{calling_module}
            - common


:yaml:
   :datadir: /etc/puppet/hieradata

:gpg:
   :datadir: /etc/puppet/hieradata

_________________________________________________
my encrypted files are in /etc/puppet/hieradata/live



Thanks in advance for any help!
Bee


On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee <beeworke...@gmail.com> wrote:

> Hi Guys;
>
> I really appreciate your help and apologize for the continued questions...
> however, apaprently, I am missing something here.  I cannot get this
> working.
>
> I have set hiera-gpg up as per the docs I can find but, I still cannot
> seem to get my manifests correct.  If someone would kindly provide a smaple
> manifest, I would be grateful!
>
> Also, per Craig Dunn's blog, he is placing hieradata files in
> /etc/puppet/hieradata/live.  Is the "live" subdir required?  Is there some
> sort of environment limitation that requires the files live in this subdir?
>
> Thank you very much!
> Bee
>
> On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs <r...@richburroughs.com>wrote:
>
>>  Your manifests look the same. You do a hiera lookup just as you would
>> if you weren't using the GPG integration. It's just another data store for
>> hiera.
>>
>> You do need to set that up, as other people have mentioned. But it's no
>> different in the manifests.
>>
>>
>> On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee <beeworke...@gmail.com>wrote:
>>
>>> I am looking for some manifest examples, if anyone has any to share!
>>>
>>>
>>> On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark <rich...@fohnet.co.uk>wrote:
>>>
>>>>  On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
>>>> > I am having a bit of difficulty implementing hiera-gpg; particularly
>>>> with
>>>> > accomplishing the deencryption in my manifests.  Can anyone either
>>>> provide
>>>> > a simple example or point me to a good resource?  I have searched
>>>> alot and
>>>> > am still struggling.
>>>> >
>>>> > Any help would be very appreciated!
>>>> >
>>>> > Thanks!
>>>> > Bee
>>>>
>>>> You just need to have the hiera-gpg gem installed, make sure that gpg is
>>>> listed in the backends array in hiera.yaml, then the puppet user needs
>>>> to have the private key configured within it's $HOME/.gnupg -where $HOME
>>>> is usually /var/lib/puppet.
>>>>
>>>> By default pgp keys are encrypted with a passphrase, which would need to
>>>> be supplied and held in a running keyring for that user, so was
>>>> previously working around this by using a non-passphrase protected
>>>> subkey.
>>>>
>>>> I've now however moved away from hiera-gpg due to performance overhead
>>>> on large catalogs and moved to a git post-commit hook that decrypts any
>>>> .gpg files to .yaml within a dedicated hierarchy for decrypted files,
>>>> using that same insecure private subkey.
>>>>
>>>>
>>>> Cheers,
>>>> --
>>>> Richard Clark
>>>> rich...@fohnet.co.uk
>>>>
>>>
>>>   --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/puppet-users.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to