Re: [Puppet Users] basic hiera question

Wed, 19 Nov 2014 10:56:52 -0800 

On 11/19/14 10:42 AM, Craig White wrote:

getting very frustrated and have covered the 7 or so pages on puppet's
documentation on hiera several times.

# cat hiera.yaml
---
:backends:
   - yaml
:hierarchy:
   - defaults
   - "%{clientcert}"
   - "%{environment}"
   - global
   - common
   - ldap
:yaml:
   :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
   rootdn: cn=admin,dc=wl,dc=com
   rootpw: mySuperSecretPassword
   dn: dc=wl,dc=com
   directory: /var/lib/ldap

# hiera ldap
{"rootdn"=>"cn=admin,dc=wl,dc=com",
  "rootpw"=>"mySuperSecretPassword",
  "dn"=>"dc=wl,dc=com",
  "directory"=>"/var/lib/ldap"}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

   $rootpw     = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find data item ldap::rootpw in any Hiera data file and
no default supplied at
/etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?
1. Your hierarchy isn't. You can call it common, global, default, or whatever else but you only get one and it goes at the bottom. If it's not at the bottom, it's not common, default or global. Clientcert goes at the top because it's the most specific. 

:hierarchy:
  - "%{clientcert}"
  - "%{environment}"
  - common

https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/
2. You're using a hash as your data. If you want to query for key ldap::rootpw, it'll look like the following. 

ldap::rootdn:    'cn=admin,dc=wl,dc=com'
ldap::rootpw:    'mySuperSecretPassword'
ldap::dn:        'dc=wl,dc=com'
ldap::directory: '/var/lib/ldap'
Note this has nothing to do with hiera_hash or hiera_array. http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/
3. You're not using hiera-eyaml. Don't put clear txt passwords in your yaml files, use hiera-eyaml instead. It's really nice. 

https://github.com/TomPoulton/hiera-eyaml

Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CE7AF.7030201%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to